Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: eXo PLF:: Commons - Comet Ext Service (test only)

org.exoplatform.commons:commons-comet-ext-service:6.0.x-SNAPSHOT

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE Coordinates Highest Severity CVE Count CPE Confidence Evidence Count
jsr311-api-1.1.1.jar javax.ws.rs:jsr311-api:1.1.1    0 28
commons-lang-2.6.jar org.netbeans.external:org-apache-commons-lang:RELEASE90    0 34
jtidy-r938.jar cpe:/a:html-tidy:tidy:- net.sf.jtidy:jtidy:r938    0 Low 25
exo.core.component.xml-processing-6.0.x-SNAPSHOT.jar cpe:/a:processing:processing:6.0.20191006 org.exoplatform.core:exo.core.component.xml-processing:6.0.x-SNAPSHOT   0 Low 24
exo.core.component.script.groovy-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.script.groovy:6.0.x-SNAPSHOT   0 22
exo.jcr.component.ext-6.0.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.ext:6.0.x-SNAPSHOT   0 24
log4j-1.2.17.jar cpe:/a:apache:log4j:2.0:alpha1 log4j:log4j:1.2.17  High 1 High 33
stax-api-1.0-2.jar javax.xml.stream:stax-api:1.0-2    0 20
jaxb-api-2.1.jar javax.xml.bind:jaxb-api:2.1    0 15
jaxb-impl-2.1.8.jar com.sun.xml.bind:jaxb-impl:2.1.8    0 20
picketlink-idm-core-1.4.6.Final.jar cpe:/a:picketlink:picketlink:1.4.6 org.picketlink.idm:picketlink-idm-core:1.4.6.Final  Medium 3 Low 37
jackson-core-2.9.8.jar cpe:/a:fasterxml:jackson:2.9.8 com.fasterxml.jackson.core:jackson-core:2.9.8    0 Low 41
jackson-databind-2.9.8.jar cpe:/a:fasterxml:jackson:2.9.8
cpe:/a:fasterxml:jackson-databind:2.9.8 		com.fasterxml.jackson.core:jackson-databind:2.9.8  High 10 Highest 41
snakeyaml-1.23.jar org.yaml:snakeyaml:1.23    0 25
jackson-dataformat-yaml-2.9.8.jar cpe:/a:fasterxml:jackson:2.9.8
cpe:/a:fasterxml:jackson-dataformat-xml:2.9.8 		com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.9.8    0 Low 41
swagger-annotations-1.5.22.jar io.swagger:swagger-annotations:1.5.22    0 24
swagger-models-1.5.22.jar io.swagger:swagger-models:1.5.22    0 24
validation-api-1.1.0.Final.jar javax.validation:validation-api:1.1.0.Final    0 22
swagger-core-1.5.22.jar io.swagger:swagger-core:1.5.22    0 24
reflections-0.9.11.jar org.reflections:reflections:0.9.11    0 25
swagger-jaxrs-1.5.22.jar io.swagger:swagger-jaxrs:1.5.22    0 24
mop-api-1.3.2.Final.jar org.gatein.mop:mop-api:1.3.2.Final   0 30
mop-spi-1.3.2.Final.jar org.gatein.mop:mop-spi:1.3.2.Final   0 30
chromattic.common-1.3.0.jar org.chromattic:chromattic.common:1.3.0    0 25
mop-core-1.3.2.Final.jar org.gatein.mop:mop-core:1.3.2.Final   0 30
gatein-management-api-2.1.0.Final.jar org.gatein.management:gatein-management-api:2.1.0.Final   0 28
gatein-management-spi-2.1.0.Final.jar org.gatein.management:gatein-management-spi:2.1.0.Final   0 28
commons-lang3-3.3.2.jar org.apache.commons:commons-lang3:3.3.2    0 37
json-20070829.jar org.json:json:20070829    0 23
exo.portal.webui.core-6.0.x-SNAPSHOT.jar cpe:/a:in-portal:in-portal:6.0.20191006 org.exoplatform.gatein.portal:exo.portal.webui.core:6.0.x-SNAPSHOT   0 Low 29
portlet-api-2.0.jar javax.portlet:portlet-api:2.0    0 22
chromattic.api-1.3.0.jar org.chromattic:chromattic.api:1.3.0    0 23
chromattic.spi-1.3.0.jar org.chromattic:chromattic.spi:1.3.0    0 25
javassist-3.20.0-GA.jar org.javassist:javassist:3.20.0-GA    0 27
hibernate-entitymanager-4.2.21.Final.jar org.hibernate:hibernate-entitymanager:4.2.21.Final    0 32
liquibase-core-3.4.2.jar org.liquibase:liquibase-core:3.4.2    0 19
staxnav.core-0.9.8.jar org.staxnav:staxnav.core:0.9.8    0 19
closure-compiler-externs-v20170910.jar com.google.javascript:closure-compiler-externs:v20170910    0 19
args4j-2.33.jar args4j:args4j:2.33    0 24
error_prone_annotations-2.0.18.jar com.google.errorprone:error_prone_annotations:2.0.18    0 23
guava-20.0.jar cpe:/a:google:guava:20.0 com.google.guava:guava:20.0  Medium 1 Highest 29
gson-2.7.jar com.google.code.gson:gson:2.7    0 34
jsinterop-annotations-1.0.0.jar com.google.jsinterop:jsinterop-annotations:1.0.0    0 19
closure-compiler-v20170910.jar com.google.javascript:closure-compiler:v20170910    0 13
groovy-all-2.4.12.jar cpe:/a:apache:groovy:2.4.12 org.codehaus.groovy:groovy-all:2.4.12    0 Low 36
reflext.jlr-1.1.0.jar org.reflext:reflext.jlr:1.1.0    0 23
chromattic.metamodel-1.3.0.jar org.chromattic:chromattic.metamodel:1.3.0    0 23
reflext.api-1.1.0.jar org.reflext:reflext.api:1.1.0    0 23
reflext.core-1.1.0.jar org.reflext:reflext.core:1.1.0    0 23
reflext.spi-1.1.0.jar org.reflext:reflext.spi:1.1.0    0 25
reflext.apt-1.1.0.jar cpe:/a:processing:processing:1.1.0 org.reflext:reflext.apt:1.1.0  Medium 1 Low 23
chromattic.apt-1.3.0.jar org.chromattic:chromattic.apt:1.3.0    0 23
twitter4j-core-3.0.5.jar cpe:/a:twitter_project:twitter:3.0.5
cpe:/a:twitter:twitter:3.0.5 		org.twitter4j:twitter4j-core:3.0.5    0 Low 22
scribe-1.3.5.jar cpe:/a:scribe:scribe:1.3.5 org.scribe:scribe:1.3.5    0 Low 23
httpcore-4.3.3.jar org.apache.httpcomponents:httpcore:4.3.3    0 32
commons-logging-1.1.3.jar commons-logging:commons-logging:1.1.3    0 36
httpclient-4.3.6.jar cpe:/a:apache:httpclient:4.3.6 org.apache.httpcomponents:httpclient:4.3.6    0 Low 32
google-http-client-1.14.1-beta.jar cpe:/a:google_forms_project:google_forms:1.14.1.beta com.google.http-client:google-http-client:1.14.1-beta    0 Low 24
jsr305-1.3.9.jar com.google.code.findbugs:jsr305:1.3.9    0 21
google-api-client-1.14.1-beta.jar com.google.api-client:google-api-client:1.14.1-beta    0 22
jackson-core-asl-1.9.11.jar cpe:/a:fasterxml:jackson:1.9.11 org.codehaus.jackson:jackson-core-asl:1.9.11    0 Low 32
google-http-client-jackson-1.14.1-beta.jar com.google.http-client:google-http-client-jackson:1.14.1-beta    0 22
google-api-services-plus-v1-rev69-1.14.2-beta.jar com.google.apis:google-api-services-plus:v1-rev69-1.14.2-beta    0 26
google-api-services-oauth2-v2-rev36-1.14.2-beta.jar com.google.apis:google-api-services-oauth2:v2-rev36-1.14.2-beta    0 26
chromattic.ext-1.3.0.jar org.chromattic:chromattic.ext:1.3.0    0 25
pc-api-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-api:6.0.x-SNAPSHOT   0 27
pc-portlet-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-portlet:6.0.x-SNAPSHOT   0 29
pc-federation-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-federation:6.0.x-SNAPSHOT   0 29
pc-bridge-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-bridge:6.0.x-SNAPSHOT   0 27
filters-2.0.235.jar cpe:/a:image_processing_software:image_processing_software:2.0.235 com.jhlabs:filters:2.0.235  Low 1 Low 22
simplecaptcha-1.1.1.Final-gatein-4.jar org.gatein.captcha:simplecaptcha:1.1.1.Final-gatein-4   0 27
gatein-api-1.0.1.Final.jar org.gatein.api:gatein-api:1.0.1.Final    0 29
icu4j-56.1.jar cpe:/a:icu-project:international_components_for_unicode:56.1::~~~c%2fc%2b%2b~~ com.ibm.icu:icu4j:56.1  High 8 Highest 33
exo.portal.webui.portal-6.0.x-SNAPSHOT.jar cpe:/a:in-portal:in-portal:6.0 org.exoplatform.gatein.portal:exo.portal.webui.portal:6.0.x-SNAPSHOT   0 Low 27
commons-webui-component-6.0.x-SNAPSHOT.jar org.exoplatform.commons:commons-webui-component:6.0.x-SNAPSHOT   0 25
quartz-2.2.2.jar org.quartz-scheduler:quartz:2.2.2    0 43
commons-dbcp-1.4.jar commons-dbcp:commons-dbcp:1.4    0 34
commons-pool-1.6.jar commons-pool:commons-pool:1.6    0 36
exo.kernel.component.common-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.common:6.0.x-SNAPSHOT   0 22
commons-api-6.0.x-SNAPSHOT.jar org.exoplatform.commons:commons-api:6.0.x-SNAPSHOT   0 25
mime-util-2.1.3.jar cpe:/a:mime_project:mime:2.1.3 eu.medsea.mimeutil:mime-util:2.1.3    0 Low 30
jakarta-regexp-1.4.jar jakarta-regexp:jakarta-regexp:1.4    0 14
xpp3-1.1.6.jar org.ogce:xpp3:1.1.6    0 24
jcl-over-slf4j-1.7.18.jar org.slf4j:jcl-over-slf4j:1.7.18    0 31
exo.kernel.commons-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.commons:6.0.x-SNAPSHOT   0 24
jcr-1.0.1.jar cpe:/a:content_project:content:1.0.1 javax.jcr:jcr:1.0.1 Medium 1 Low 25
commons-chain-1.2.jar commons-chain:commons-chain:1.2    0 34
commons-digester-2.1.jar commons-digester:commons-digester:2.1    0 34
exo.kernel.component.command-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.command:6.0.x-SNAPSHOT   0 24
exo.kernel.component.cache-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.cache:6.0.x-SNAPSHOT   0 24
exo.core.component.security.core-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.security.core:6.0.x-SNAPSHOT   0 22
antlr-2.7.7.jar antlr:antlr:2.7.7    0 18
dom4j-1.6.1.jar cpe:/a:dom4j_project:dom4j:1.6.1 dom4j:dom4j:1.6.1  Medium 1 Highest 28
hibernate-jpa-2.0-api-1.0.1.Final.jar org.hibernate.javax.persistence:hibernate-jpa-2.0-api:1.0.1.Final    0 26
jboss-logging-annotations-1.2.0.Beta1.jar org.jboss.logging:jboss-logging-annotations:1.2.0.Beta1    0 30
hibernate-commons-annotations-4.0.5.Final.jar org.hibernate.common:hibernate-commons-annotations:4.0.5.Final    0 30
hibernate-core-4.2.21.Final.jar org.hibernate:hibernate-core:4.2.21.Final    0 32
exo.core.component.organization.api-6.0.x-SNAPSHOT.jar cpe:/a:api-platform:core:6.0 org.exoplatform.core:exo.core.component.organization.api:6.0.x-SNAPSHOT   0 Low 22
fontbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:fontbox:1.8.14  Medium 2 Highest 37
jempbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:jempbox:1.8.14  Medium 2 Highest 35
pdfbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:pdfbox:1.8.14  Medium 2 Highest 35
htmllexer-2.1.jar org.htmlparser:htmllexer:2.1    0 23
htmlparser-2.1.jar org.htmlparser:htmlparser:2.1    0 23
commons-codec-1.10.jar commons-codec:commons-codec:1.10    0 38
poi-3.13.jar cpe:/a:apache:poi:3.13 org.apache.poi:poi:3.13  High 2 Highest 28
tika-core-1.5.jar cpe:/a:apache:tika:1.5 org.apache.tika:tika-core:1.5  High 8 Highest 33
vorbis-java-core-0.1-tests.jar org.gagravarr:vorbis-java-core:0.1    0 23
vorbis-java-tika-0.1.jar cpe:/a:apache:tika:0.1 org.gagravarr:vorbis-java-tika:0.1  High 6 Highest 23
netcdf-4.2-min.jar edu.ucar:netcdf:4.2-min    0 21
apache-mime4j-core-0.7.2.jar cpe:/a:apache:james:0.7.2 org.apache.james:apache-mime4j-core:0.7.2    0 Low 33
xz-1.2.jar cpe:/a:tukaani:xz:1.2 org.tukaani:xz:1.2  Medium 1 Low 27
commons-compress-1.5.jar cpe:/a:apache:commons_compress:1.5
cpe:/a:apache:commons-compress:1.5 		org.apache.commons:commons-compress:1.5    0 Low 39
bcmail-jdk15-1.45.jar cpe:/a:no-cms_project:no-cms:1.45
cpe:/a:mime_project:mime:1.45 		org.bouncycastle:bcmail-jdk15:1.45    0 Low 24
bcprov-jdk15-1.45.jar cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.45
cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.45 		org.bouncycastle:bcprov-jdk15:1.45  Medium 1 Low 24
tagsoup-1.2.1.jar org.ccil.cowan.tagsoup:tagsoup:1.2.1    0 18
asm-debug-all-4.1.jar cpe:/a:debug_project:debug:4.1 org.ow2.asm:asm-debug-all:4.1    0 Low 28
aspectjrt-1.8.8.jar org.aspectj:aspectjrt:1.8.8    0 21
isoparser-1.0-RC-1.jar cpe:/a:boxes_project:boxes:7.x-1.0 com.googlecode.mp4parser:isoparser:1.0-RC-1  Low 1 Highest 24
xmpcore-5.1.2.jar com.adobe.xmp:xmpcore:5.1.2    0 30
xercesImpl-2.9.1.jar cpe:/a:apache:xerces2_java:2.9.1 xerces:xercesImpl:2.9.1  High 1 Low 50
metadata-extractor-2.6.2.jar com.drewnoakes:metadata-extractor:2.6.2    0 21
rome-1.0.jar rome:rome:1.0    0 32
vorbis-java-core-0.1.jar org.gagravarr:vorbis-java-core:0.1    0 21
juniversalchardet-1.0.3.jar org.zenframework.z8.dependencies.commons:juniversalchardet-1.0.3:2.0    0 26
jhighlight-1.0.jar com.uwyn:jhighlight:1.0    0 25
xmlbeans-2.6.0.jar org.apache.xmlbeans:xmlbeans:2.6.0    0 24
exo.core.component.document-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.document:6.0.x-SNAPSHOT   0 24
exo.core.component.database-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.database:6.0.x-SNAPSHOT   0 24
lucene-core-3.6.2.jar org.apache.lucene:lucene-core:3.6.2    0 26
lucene-analyzers-3.6.2.jar org.apache.lucene:lucene-analyzers:3.6.2    0 26
lucene-spellchecker-3.6.2.jar org.apache.lucene:lucene-spellchecker:3.6.2    0 26
jta-1.1.jar javax.transaction:transaction-api:1.1    0 22
concurrent-1.3.4.jar concurrent:concurrent:1.3.4    0 23
commons-collections-3.2.2.jar cpe:/a:apache:commons_collections:3.2.2 commons-collections:commons-collections:3.2.2    0 Low 40
jgroups-3.6.13.Final.jar org.jgroups:jgroups:3.6.13.Final    0 32
jbossjta-4.16.6.Final.jar org.jboss.jbossts:jbossjta:4.16.6.Final    0 22
ws-commons-util-1.0.1.jar cpe:/a:ws_project:ws:1.0.1 ws-commons-util:ws-commons-util:1.0.1  Medium 1 Low 30
jboss-common-core-2.2.22.GA.jar org.jboss:jboss-common-core:2.2.22.GA    0 30
stringtemplate-3.2.1.jar cpe:/a:string_project:string:3.2.1::~~~node.js~~ org.antlr:stringtemplate:3.2.1  Medium 1 Highest 23
antlr-runtime-3.5.jar org.antlr:antlr-runtime:3.5    0 26
jboss-logging-3.3.0.Final.jar org.jboss.logging:jboss-logging:3.3.0.Final    0 44
exo.kernel.component.ext.cache.impl.infinispan.v8-6.0.x-SNAPSHOT.jar cpe:/a:infinispan:infinispan:6.0.0 org.exoplatform.kernel:exo.kernel.component.ext.cache.impl.infinispan.v8:6.0.x-SNAPSHOT Medium 3 Highest 24
jboss-marshalling-osgi-2.0.0.Beta3.jar org.jboss.marshalling:jboss-marshalling-osgi:2.0.0.Beta3    0 29
infinispan-core-8.2.6.Final.jar cpe:/a:infinispan:infinispan:8.2.6 org.infinispan:infinispan-core:8.2.6.Final  Medium 3 Highest 35
exo.jcr.component.core-6.0.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.core:6.0.x-SNAPSHOT   0 24
xpp3-1.1.4c.jar xpp3:xpp3:1.1.4c    0 26
picocontainer-1.1.jar picocontainer:picocontainer:1.1    0 28
bayeux-api-3.0.8.jar org.cometd.java:bayeux-api:3.0.8    0 29
cometd-java-common-3.0.8.jar org.cometd.java:cometd-java-common:3.0.8    0 29
cometd-java-websocket-javax-server-3.0.8.jar org.cometd.java:cometd-java-websocket-javax-server:3.0.8    0 29
cometd-java-websocket-common-server-3.0.8.jar org.cometd.java:cometd-java-websocket-common-server:3.0.8    0 29
jsr250-api-1.0.jar javax.annotation:jsr250-api:1.0    0 20
cometd-java-annotations-3.0.8.jar org.cometd.java:cometd-java-annotations:3.0.8    0 29
jetty-io-9.2.14.v20151106.jar org.eclipse.jetty:jetty-io:9.2.14.v20151106    0 35
cometd-java-client-3.0.8.jar org.cometd.java:cometd-java-client:3.0.8    0 29
cometd-java-websocket-common-client-3.0.8.jar org.cometd.java:cometd-java-websocket-common-client:3.0.8    0 29
cometd-java-websocket-javax-client-3.0.8.jar org.cometd.java:cometd-java-websocket-javax-client:3.0.8    0 29
cometd-java-oort-3.0.8.jar org.cometd.java:cometd-java-oort:3.0.8    0 29
jetty-jmx-9.2.14.v20151106.jar cpe:/a:jetty:jetty:9.2.14.v20151106
cpe:/a:eclipse:jetty:9.2.14.v20151106 		org.eclipse.jetty:jetty-jmx:9.2.14.v20151106  High 4 Low 37
cometd-java-server-3.0.8.jar org.cometd.java:cometd-java-server:3.0.8    0 29
commons-comet-service-6.0.x-SNAPSHOT.jar org.exoplatform.commons:commons-comet-service:6.0.x-SNAPSHOT   0 25
javax.servlet-api-3.0.1.jar javax.servlet:javax.servlet-api:3.0.1    0 38
commons-beanutils-1.8.3.jar cpe:/a:apache:commons_beanutils:1.8.3 commons-beanutils:commons-beanutils:1.8.3  High 2 Low 34
common-logging-2.2.2.Final.jar org.gatein.common:common-logging:2.2.2.Final    0 31
common-common-2.2.2.Final.jar org.gatein.common:common-common:2.2.2.Final    0 31
wci-wci-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.wci:wci-wci:6.0.x-SNAPSHOT   0 29
jibx-run-1.2.6.jar org.jibx:jibx-run:1.2.6    0 29
javax.inject-1.jar javax.inject:javax.inject:1    0 20
cdi-api-1.0-SP4.jar javax.enterprise:cdi-api:1.0-SP4    0 31
exo.kernel.container-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.container:6.0.x-SNAPSHOT   0 24
activation-1.1.1.jar javax.activation:activation:1.1.1    0 24
mail-1.4.7.jar cpe:/a:sun:javamail:1.4.7 javax.mail:mail:1.4.7    0 Low 38
commons-io-2.4.jar commons-io:commons-io:2.4    0 36
commons-fileupload-1.3.3.jar cpe:/a:apache:commons_fileupload:1.3.3 commons-fileupload:commons-fileupload:1.3.3    0 Low 40
exo.ws.rest.core-6.0.x-SNAPSHOT.jar cpe:/a:ws_project:ws:6.0.20191006 org.exoplatform.ws:exo.ws.rest.core:6.0.x-SNAPSHOT   0 Low 24
xmlpull-1.1.3.1.jar xmlpull:xmlpull:1.1.3.1    0 18
xpp3_min-1.1.4c.jar xpp3:xpp3_min:1.1.4c    0 24
xstream-1.4.10.jar cpe:/a:xstream_project:xstream:1.4.10 com.thoughtworks.xstream:xstream:1.4.10  High 2 Highest 53
closure-compiler-v20170910.jar/META-INF/maven/com.google.javascript/closure-compiler/pom.xml cpe:/a:google:gmail:- com.google.javascript:closure-compiler:v20170910 Medium 1 Low 15
closure-compiler-v20170910.jar/META-INF/maven/com.google.protobuf/protobuf-java/pom.xml cpe:/a:google:protobuf:3.0.2 com.google.protobuf:protobuf-java:3.0.2 Medium 1 Highest 13
closure-compiler-v20170910.jar/META-INF/maven/com.google.code.findbugs/jsr305/pom.xml com.google.code.findbugs:jsr305:3.0.1   0 11
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling/pom.xml org.jboss.marshalling:jboss-marshalling:2.0.0.Beta3   0 13
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-river/pom.xml org.jboss.marshalling:jboss-marshalling-river:2.0.0.Beta3   0 13
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-serial/pom.xml org.jboss.marshalling:jboss-marshalling-serial:2.0.0.Beta3   0 13

Dependencies

jsr311-api-1.1.1.jar

License:

                CDDL License
            : http://www.opensource.org/licenses/cddl1.php
File Path: /home/ciagent/.m2/repository/javax/ws/rs/jsr311-api/1.1.1/jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

commons-lang-2.6.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

jtidy-r938.jar

Description:  JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML.

License:

Java HTML Tidy License: http://jtidy.svn.sourceforge.net/viewvc/jtidy/trunk/jtidy/LICENSE.txt?revision=95
File Path: /home/ciagent/.m2/repository/net/sf/jtidy/jtidy/r938/jtidy-r938.jar
MD5: 6a9121561b8f98c0a8fb9b6e57f50e6b
SHA1: ab08d87a225a715a69107732b67f21e1da930349
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

  • maven: net.sf.jtidy:jtidy:r938    Confidence:Highest
  • cpe: cpe:/a:html-tidy:tidy:-   Confidence:Low   

exo.core.component.xml-processing-6.0.x-SNAPSHOT.jar

Description: Implementation of XML Processing Service of Exoplatform SAS 'eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.xml-processing/6.0.x-SNAPSHOT/exo.core.component.xml-processing-6.0.x-SNAPSHOT.jar
MD5: b3b006595fbe303c9d739a79121f189e
SHA1: 1e6d90393499b0d884fe8c93a63074633f351f27
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

  • maven: org.exoplatform.core:exo.core.component.xml-processing:6.0.x-SNAPSHOT   Confidence:High
  • cpe: cpe:/a:processing:processing:6.0.20191006   Confidence:Low   

exo.core.component.script.groovy-6.0.x-SNAPSHOT.jar

Description: Groovy Scripts Instantiator of Exoplatform SAS 'eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.script.groovy/6.0.x-SNAPSHOT/exo.core.component.script.groovy-6.0.x-SNAPSHOT.jar
MD5: 5c6d0169bbc28be47a74ccee4b9ddb74
SHA1: 0385aa69f19847a08969929d085c48850a498ff9
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

  • maven: org.exoplatform.core:exo.core.component.script.groovy:6.0.x-SNAPSHOT   Confidence:High

exo.jcr.component.ext-6.0.x-SNAPSHOT.jar

Description: Implementation of Extension Service of Exoplatform SAS 'eXo JCR' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/jcr/exo.jcr.component.ext/6.0.x-SNAPSHOT/exo.jcr.component.ext-6.0.x-SNAPSHOT.jar
MD5: d7555e7a04b45fcef490c3658f111ec9
SHA1: 2d17b07d4fc4f5f655b07a2103fdb18796674ebb
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

  • maven: org.exoplatform.jcr:exo.jcr.component.ext:6.0.x-SNAPSHOT   Confidence:High

log4j-1.2.17.jar

Description: Apache Log4j 1.2

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/log4j/log4j/1.2.17/log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

CVE-2017-5645  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Vulnerable Software & Versions: (show all)

stax-api-1.0-2.jar

Description:  StAX is a standard XML processing API that allows you to stream XML data from and to your application.

License:

GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html
File Path: /home/ciagent/.m2/repository/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar
MD5: 7d18b63063580284c3f5734081fdc99f
SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

jaxb-api-2.1.jar

File Path: /home/ciagent/.m2/repository/javax/xml/bind/jaxb-api/2.1/jaxb-api-2.1.jar
MD5: 9534ce6506dc96bac3944423d804be30
SHA1: d68570e722cffe2000358ce9c661a0b0bf1ebe11
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

jaxb-impl-2.1.8.jar

File Path: /home/ciagent/.m2/repository/com/sun/xml/bind/jaxb-impl/2.1.8/jaxb-impl-2.1.8.jar
MD5: 1340264c75ea00b3d4d83e1ba57b606a
SHA1: 41b915446cb6962f9b403d1a5da3817a95ee579e
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

picketlink-idm-core-1.4.6.Final.jar

Description: PicketLink IDM IMPL contains the implementation of the API and the Identity Model.

License:

lgpl: http://repository.jboss.com/licenses/lgpl.txt
File Path: /home/ciagent/.m2/repository/org/picketlink/idm/picketlink-idm-core/1.4.6.Final/picketlink-idm-core-1.4.6.Final.jar
MD5: a5c21c2186c186bc296d9909bcb11616
SHA1: 30d4385012393e4c50a82f8b84153eb6ee301a7d
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

CVE-2015-0277  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control

The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion.

Vulnerable Software & Versions:

CVE-2015-3158  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.

Vulnerable Software & Versions:

CVE-2015-6254  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-17 Code

The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types.

Vulnerable Software & Versions:

jackson-core-2.9.8.jar

Description: Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.9.8/jackson-core-2.9.8.jar
MD5: 65831e4f46f29db904708e4b9cc72843
SHA1: 0f5a654e4675769c716e5b387830d19b501ca191
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

jackson-databind-2.9.8.jar

Description: General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.8/jackson-databind-2.9.8.jar
MD5: 39271d9bb1cb7ec563925953b1fa9ff7
SHA1: 11283f21cc480aa86c4df7a0a3243ec508372ed2
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

CVE-2019-12086  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.

Vulnerable Software & Versions: (show all)

CVE-2019-12384  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.

Vulnerable Software & Versions: (show all)

CVE-2019-12814  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.

Vulnerable Software & Versions: (show all)

CVE-2019-14379  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

Vulnerable Software & Versions: (show all)

CVE-2019-14439  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.

Vulnerable Software & Versions: (show all)

CVE-2019-14540  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

Vulnerable Software & Versions: (show all)

CVE-2019-16335  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

Vulnerable Software & Versions: (show all)

CVE-2019-16942  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.

Vulnerable Software & Versions: (show all)

CVE-2019-16943  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

Vulnerable Software & Versions: (show all)

CVE-2019-17267  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.

Vulnerable Software & Versions: (show all)

snakeyaml-1.23.jar

Description: YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/yaml/snakeyaml/1.23/snakeyaml-1.23.jar
MD5: 64ec8bd26b6d5034a87ecb1c8ce0efdc
SHA1: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

jackson-dataformat-yaml-2.9.8.jar

Description: Support for reading and writing YAML-encoded data via Jackson abstractions.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.9.8/jackson-dataformat-yaml-2.9.8.jar
MD5: faebfe3cc70ef2a947214274dc8e1579
SHA1: a1c807329eb0c75976aeb5961a506b3516ffeae3
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

swagger-annotations-1.5.22.jar

Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/io/swagger/swagger-annotations/1.5.22/swagger-annotations-1.5.22.jar
MD5: 96beab010e2b2fb1d4950990377becc5
SHA1: df523e9a80cf653af6d37c777c4b1306e56b5ae7
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

swagger-models-1.5.22.jar

Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/io/swagger/swagger-models/1.5.22/swagger-models-1.5.22.jar
MD5: 9fdf1034b4bf5761a2c4240a63d31dca
SHA1: b5c0217a9056995faaadc89fe970de7e9154f3db
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

validation-api-1.1.0.Final.jar

Description:  Bean Validation API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile

Identifiers

swagger-core-1.5.22.jar

Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/io/swagger/swagger-core/1.5.22/swagger-core-1.5.22.jar
MD5: 9516f1c7020f33614275e68774b5053b
SHA1: b4d972553208dc594dcf5022553c0726cb02e231
Referenced In Project/Scope: eXo PLF:: Commons - Comet Ext Service (test only):compile