Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 3.1.2
Report Generated On: Jul 7, 2019 at 08:32:49 +00:00
Dependencies Scanned: 6 (6 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD CVE 2002: 15/06/2019 08:45:46
NVD CVE 2003: 15/06/2019 08:45:46
NVD CVE 2004: 15/06/2019 08:45:46
NVD CVE 2005: 16/06/2019 08:15:40
NVD CVE 2006: 15/06/2019 08:45:47
NVD CVE 2007: 15/06/2019 08:45:47
NVD CVE 2008: 16/06/2019 08:15:40
NVD CVE 2009: 15/06/2019 08:15:45
NVD CVE 2010: 16/06/2019 08:15:40
NVD CVE 2011: 15/06/2019 08:15:45
NVD CVE 2012: 21/06/2019 07:45:34
NVD CVE 2013: 16/06/2019 08:15:40
NVD CVE 2014: 25/06/2019 08:15:27
NVD CVE 2015: 06/07/2019 08:15:30
NVD CVE 2016: 02/07/2019 07:45:43
NVD CVE 2017: 06/07/2019 08:15:30
NVD CVE 2018: 06/07/2019 07:45:38
NVD CVE 2019: 06/07/2019 07:15:26
NVD CVE Checked: 07/07/2019 07:34:25
NVD CVE Modified: 07/07/2019 05:15:28
VersionCheckOn: 1561880108290

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	CPE	Coordinates	CPE Confidence	Evidence Count
javax.inject-1.jar		javax.inject:javax.inject:1 ✓		20
groovy-all-2.4.12.jar	cpe:/a:apache:groovy:2.4.12	org.codehaus.groovy:groovy-all:2.4.12 ✓	Low	36
juzu-core-1.2.x-SNAPSHOT.jar		org.juzu:juzu-core:1.2.x-SNAPSHOT		22
commons-juzu-5.3.x-SNAPSHOT.jar		org.exoplatform.commons:commons-juzu:5.3.x-SNAPSHOT		27
juzu-plugins-portlet-1.2.x-SNAPSHOT.jar		org.juzu:juzu-plugins-portlet:1.2.x-SNAPSHOT		25
portlet-api-2.0.jar		javax.portlet:portlet-api:2.0 ✓		22

Dependencies

javax.inject-1.jar

Description: The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/ciagent/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
Referenced In Project/Scope: eXo PLF:: Commons - Juzu Ajax Sample Application:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	url	http://code.google.com/p/atinject/	Highest
Vendor	file	name	javax.inject-1	High
Vendor	pom	description	The javax.inject API	Medium
Vendor	pom	groupid	javax.inject	Highest
Vendor	central	groupid	javax.inject	Highest
Vendor	pom	name	javax.inject	High
Vendor	jar	package name	inject	Low
Vendor	pom	artifactid	javax.inject	Low
Vendor	jar	package name	javax	Low
Product	pom	artifactid	javax.inject	Highest
Product	pom	url	http://code.google.com/p/atinject/	Medium
Product	central	artifactid	javax.inject	Highest
Product	file	name	javax.inject-1	High
Product	pom	groupid	javax.inject	Low
Product	pom	description	The javax.inject API	Medium
Product	pom	name	javax.inject	High
Product	jar	package name	inject	Low
Version	file	version	1	Medium
Version	pom	version	1	Highest
Version	central	version	1	Highest

Identifiers

maven: javax.inject:javax.inject:1 ✓ Confidence:Highest

groovy-all-2.4.12.jar

Description: Groovy: A powerful, dynamic language for the JVM

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/ciagent/.m2/repository/org/codehaus/groovy/groovy-all/2.4.12/groovy-all-2.4.12.jar
MD5: dddb0b3d3619875fa1c538c743ae8f99
SHA1: 760afc568cbd94c09d78f801ce51aed1326710af
Referenced In Project/Scope: eXo PLF:: Commons - Juzu Ajax Sample Application:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	extension-name	groovy	Medium
Vendor	pom	groupid	org.codehaus.groovy	Highest
Vendor	pom	artifactid	groovy-all	Low
Vendor	Manifest	bundle-symbolicname	groovy-all	Medium
Vendor	pom	description	Groovy: A powerful, dynamic language for the JVM	Medium
Vendor	pom	name	Apache Groovy	High
Vendor	manifest	Bundle-Description	Groovy Runtime	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	organization name	Apache Software Foundation	High
Vendor	file	name	groovy-all	High
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	pom	organization url	http://groovy-lang.org	Medium
Vendor	central	groupid	org.codehaus.groovy	Highest
Vendor	Manifest	originally-created-by	1.8.0_131-b11 (Oracle Corporation)	Low
Vendor	pom	groupid	codehaus.groovy	Highest
Vendor	pom	url	http://groovy-lang.org	Highest
Product	central	artifactid	groovy-all	Highest
Product	Manifest	extension-name	groovy	Medium
Product	pom	groupid	codehaus.groovy	Low
Product	pom	artifactid	groovy-all	Highest
Product	Manifest	bundle-symbolicname	groovy-all	Medium
Product	Manifest	Implementation-Title	Groovy: a powerful, dynamic language for the JVM	High
Product	Manifest	specification-title	Groovy: a powerful, dynamic language for the JVM	Medium
Product	pom	description	Groovy: A powerful, dynamic language for the JVM	Medium
Product	pom	name	Apache Groovy	High
Product	manifest	Bundle-Description	Groovy Runtime	Medium
Product	pom	organization url	http://groovy-lang.org	Low
Product	file	name	groovy-all	High
Product	Manifest	Bundle-Name	Groovy Runtime	Medium
Product	pom	organization name	Apache Software Foundation	Low
Product	pom	url	http://groovy-lang.org	Medium
Product	Manifest	originally-created-by	1.8.0_131-b11 (Oracle Corporation)	Low
Version	file	version	2.4.12	Highest
Version	pom	version	2.4.12	Highest
Version	Manifest	Implementation-Version	2.4.12	High
Version	central	version	2.4.12	Highest

Identifiers

maven: org.codehaus.groovy:groovy-all:2.4.12 ✓ Confidence:Highest
cpe: cpe:/a:apache:groovy:2.4.12 Confidence:Low

juzu-core-1.2.x-SNAPSHOT.jar

Description: Where all the magic happens

File Path: /home/ciagent/.m2/repository/org/juzu/juzu-core/1.2.x-SNAPSHOT/juzu-core-1.2.x-SNAPSHOT.jar
MD5: be3776ce49a15376a2741674120041b0
SHA1: 134841b6bf3f69ab2014f59a6ba1e3100daf27d2
Referenced In Project/Scope: eXo PLF:: Commons - Juzu Ajax Sample Application:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.juzu	Highest
Vendor	jar	package name	impl	Low
Vendor	pom	groupid	juzu	Highest
Vendor	pom	description	Where all the magic happens	Medium
Vendor	pom	parent-groupid	org.juzu	Medium
Vendor	jar	package name	juzu	Low
Vendor	pom	name	Juzu Core	High
Vendor	pom	artifactid	juzu-core	Low
Vendor	file	name	juzu-core	High
Vendor	pom	parent-artifactid	juzu-parent	Low
Product	pom	groupid	juzu	Low
Product	pom	parent-artifactid	juzu-parent	Medium
Product	jar	package name	impl	Low
Product	pom	artifactid	juzu-core	Highest
Product	pom	description	Where all the magic happens	Medium
Product	pom	name	Juzu Core	High
Product	file	name	juzu-core	High
Product	pom	parent-groupid	org.juzu	Low
Version	pom	version	1.2.x-SNAPSHOT	Highest
Version	pom	version	1.2.x-20190630.072738-7	Highest
Version	file	version	1.2	Highest
Version	file	name	juzu-core	Medium

Identifiers

maven: org.juzu:juzu-core:1.2.x-SNAPSHOT Confidence:High

commons-juzu-5.3.x-SNAPSHOT.jar

Description: This module contains : - assemblies for Juzu application packaging inside eXoPlatform - eXo Kernel Provider Factory

File Path: /srv/ciagent/workspace/PLF/commons-develop-site/sources/commons-juzu/target/commons-juzu-5.3.x-SNAPSHOT.jar
MD5: 73c8bd8988e2f93a9c41ae0543ffe9ff
SHA1: c0371ae1e6c0a15fc83dabc5d1b5824c12c2744b
Referenced In Project/Scope: eXo PLF:: Commons - Juzu Ajax Sample Application:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-juzu	High
Vendor	pom	name	eXo PLF:: Commons - Juzu Bridge for Platform	High
Vendor	Manifest	Implementation-Vendor-Id	org.exoplatform.commons	Medium
Vendor	Manifest	specification-vendor	eXo Platform SAS	Low
Vendor	Manifest	Implementation-Vendor	eXo Platform SAS	High
Vendor	pom	parent-groupid	org.exoplatform.commons	Medium
Vendor	pom	artifactid	commons-juzu	Low
Vendor	Manifest	date	2019-07-07T07:15:19Z	Low
Vendor	pom	description	This module contains : - assemblies for Juzu application packaging inside eXoPlatform - eXo Kernel Provider Factory	Low
Vendor	pom	groupid	exoplatform.commons	Highest
Vendor	pom	groupid	org.exoplatform.commons	Highest
Vendor	pom	parent-artifactid	commons	Low
Vendor	Manifest	implementation-url	https://projects.exoplatform.org/commons/commons-juzu	Low
Product	pom	artifactid	commons-juzu	Highest
Product	file	name	commons-juzu	High
Product	Manifest	date	2019-07-07T07:15:19Z	Low
Product	pom	groupid	exoplatform.commons	Low
Product	pom	parent-artifactid	commons	Medium
Product	Manifest	Implementation-Title	eXo PLF:: Commons - Juzu Bridge for Platform	High
Product	pom	description	This module contains : - assemblies for Juzu application packaging inside eXoPlatform - eXo Kernel Provider Factory	Low
Product	pom	name	eXo PLF:: Commons - Juzu Bridge for Platform	High
Product	Manifest	implementation-url	https://projects.exoplatform.org/commons/commons-juzu	Low
Product	Manifest	specification-title	eXo PLF:: Commons - Juzu Bridge for Platform	Medium
Product	pom	parent-groupid	org.exoplatform.commons	Low
Version	pom	version	5.3.x-SNAPSHOT	Highest
Version	Manifest	Implementation-Version	5.3.x-SNAPSHOT	High
Version	file	version	5.3	Highest

Identifiers

maven: org.exoplatform.commons:commons-juzu:5.3.x-SNAPSHOT Confidence:High

juzu-plugins-portlet-1.2.x-SNAPSHOT.jar

Description: The Portlet plugin

File Path: /home/ciagent/.m2/repository/org/juzu/juzu-plugins-portlet/1.2.x-SNAPSHOT/juzu-plugins-portlet-1.2.x-SNAPSHOT.jar
MD5: 0afcbf4def06875454b4c1c6b032e7d8
SHA1: 1e484f55143fc5c4d79b3ed8d314e5478c3a75ed
Referenced In Project/Scope: eXo PLF:: Commons - Juzu Ajax Sample Application:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	juzu-plugins-portlet	Low
Vendor	pom	name	Juzu Portlet Plugin	High
Vendor	pom	groupid	org.juzu	Highest
Vendor	file	name	juzu-plugins-portlet	High
Vendor	pom	groupid	juzu	Highest
Vendor	jar	package name	portlet	Low
Vendor	jar	package name	plugin	Low
Vendor	pom	parent-groupid	org.juzu	Medium
Vendor	jar	package name	juzu	Low
Vendor	pom	description	The Portlet plugin	Medium
Vendor	pom	parent-artifactid	juzu-plugins-parent	Low
Product	pom	groupid	juzu	Low
Product	pom	name	Juzu Portlet Plugin	High
Product	file	name	juzu-plugins-portlet	High
Product	pom	artifactid	juzu-plugins-portlet	Highest
Product	jar	package name	impl	Low
Product	jar	package name	portlet	Low
Product	jar	package name	plugin	Low
Product	pom	description	The Portlet plugin	Medium
Product	pom	parent-artifactid	juzu-plugins-parent	Medium
Product	pom	parent-groupid	org.juzu	Low
Version	pom	version	1.2.x-SNAPSHOT	Highest
Version	pom	version	1.2.x-20190630.072744-7	Highest
Version	file	version	1.2	Highest
Version	file	name	juzu-plugins-portlet	Medium

Identifiers

maven: org.juzu:juzu-plugins-portlet:1.2.x-SNAPSHOT Confidence:High

portlet-api-2.0.jar

Description: The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group.

File Path: /home/ciagent/.m2/repository/javax/portlet/portlet-api/2.0/portlet-api-2.0.jar
MD5: 0ec08593cda1df33985391919996c740
SHA1: 1cd72f2a37fcf8ab9893a9468d7ba71c85fe2653
Referenced In Project/Scope: eXo PLF:: Commons - Juzu Ajax Sample Application:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	javax.portlet	Highest
Vendor	pom	name	Java Portlet Specification V2.0	High
Vendor	Manifest	bundle-docurl	http://www.jcp.org/en/jsr/detail?id=286	Low
Vendor	pom	url	http://www.jcp.org/en/jsr/detail?id=286	Highest
Vendor	Manifest	bundle-symbolicname	javax.portlet	Medium
Vendor	pom	description	The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group.	Medium
Vendor	central	groupid	javax.portlet	Highest
Vendor	file	name	portlet-api	High
Vendor	pom	artifactid	portlet-api	Low
Product	pom	groupid	javax.portlet	Low
Product	pom	name	Java Portlet Specification V2.0	High
Product	Manifest	bundle-docurl	http://www.jcp.org/en/jsr/detail?id=286	Low
Product	Manifest	bundle-symbolicname	javax.portlet	Medium
Product	pom	description	The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group.	Medium
Product	pom	artifactid	portlet-api	Highest
Product	file	name	portlet-api	High
Product	Manifest	Bundle-Name	JSR 286	Medium
Product	pom	url	http://www.jcp.org/en/jsr/detail?id=286	Medium
Product	central	artifactid	portlet-api	Highest
Version	central	version	2.0	Highest
Version	file	version	2.0	Highest
Version	pom	version	2.0	Highest

Identifiers

maven: javax.portlet:portlet-api:2.0 ✓ Confidence:Highest

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: eXo PLF:: Commons - Juzu Ajax Sample Application

org.exoplatform.commons:commons-juzu-ajax-sample:5.3.x-SNAPSHOT

Dependencies

javax.inject-1.jar

Evidence

Identifiers

groovy-all-2.4.12.jar

Evidence

Identifiers

juzu-core-1.2.x-SNAPSHOT.jar

Evidence

Identifiers

commons-juzu-5.3.x-SNAPSHOT.jar

Evidence

Identifiers

juzu-plugins-portlet-1.2.x-SNAPSHOT.jar

Evidence

Identifiers

portlet-api-2.0.jar

Evidence

Identifiers