Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: eXo PLF:: Platform

org.exoplatform.platform:platform:5.3.x-SNAPSHOT

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE Coordinates Highest Severity CVE Count CPE Confidence Evidence Count
portlet-api-2.0.jar javax.portlet:portlet-api:2.0    0 22
commons-httpclient-3.1.jar cpe:/a:apache:httpclient:3.1
cpe:/a:apache:commons-httpclient:3.1 		commons-httpclient:commons-httpclient:3.1    0 Low 24
ical4j-1.0-beta5.jar ical4j:ical4j:1.0-beta5   0 21
jackrabbit-webdav-1.6.5.jar cpe:/a:apache:jackrabbit:1.6.5 org.apache.jackrabbit:jackrabbit-webdav:1.6.5  Medium 1 Low 26
rome-1.0.jar rome:rome:1.0    0 32
calendar-service-5.3.x-SNAPSHOT.jar org.exoplatform.calendar:calendar-service:5.3.x-SNAPSHOT   0 28
commons-webui-ext-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-webui-ext:5.3.x-SNAPSHOT   0 24
calendar-component-create-5.3.x-SNAPSHOT.jar org.exoplatform.calendar:calendar-component-create:5.3.x-SNAPSHOT   0 24
commons-lang-2.6.jar org.netbeans.external:org-apache-commons-lang:RELEASE90    0 34
jsr250-api-1.0.jar javax.annotation:jsr250-api:1.0    0 20
jcr-1.0.1.jar cpe:/a:content_project:content:1.0.1 javax.jcr:jcr:1.0.1 Medium 1 Low 25
jsr311-api-1.1.1.jar javax.ws.rs:jsr311-api:1.1.1    0 28
reflext.api-1.1.0.jar org.reflext:reflext.api:1.1.0    0 23
reflext.core-1.1.0.jar org.reflext:reflext.core:1.1.0    0 23
reflext.spi-1.1.0.jar org.reflext:reflext.spi:1.1.0    0 25
reflext.apt-1.1.0.jar cpe:/a:processing:processing:1.1.0 org.reflext:reflext.apt:1.1.0  Medium 1 Low 23
chromattic.apt-1.3.0.jar org.chromattic:chromattic.apt:1.3.0    0 23
reflext.jlr-1.1.0.jar org.reflext:reflext.jlr:1.1.0    0 23
chromattic.core-1.3.0.jar org.chromattic:chromattic.core:1.3.0    0 23
commons-api-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-api:5.3.x-SNAPSHOT   0 26
exo.ws.commons-5.3.x-SNAPSHOT.jar cpe:/a:ws_project:ws:5.3.20190523 org.exoplatform.ws:exo.ws.commons:5.3.x-SNAPSHOT   0 Low 24
bayeux-api-3.0.8.jar org.cometd.java:bayeux-api:3.0.8    0 29
cometd-java-common-3.0.8.jar org.cometd.java:cometd-java-common:3.0.8    0 29
cometd-java-websocket-javax-server-3.0.8.jar org.cometd.java:cometd-java-websocket-javax-server:3.0.8    0 29
cometd-java-websocket-common-server-3.0.8.jar org.cometd.java:cometd-java-websocket-common-server:3.0.8    0 29
cometd-java-annotations-3.0.8.jar org.cometd.java:cometd-java-annotations:3.0.8    0 29
jetty-io-9.2.14.v20151106.jar org.eclipse.jetty:jetty-io:9.2.14.v20151106    0 35
cometd-java-client-3.0.8.jar org.cometd.java:cometd-java-client:3.0.8    0 29
cometd-java-websocket-common-client-3.0.8.jar org.cometd.java:cometd-java-websocket-common-client:3.0.8    0 29
cometd-java-websocket-javax-client-3.0.8.jar org.cometd.java:cometd-java-websocket-javax-client:3.0.8    0 29
cometd-java-oort-3.0.8.jar org.cometd.java:cometd-java-oort:3.0.8    0 29
jetty-jmx-9.2.14.v20151106.jar cpe:/a:jetty:jetty:9.2.14.v20151106
cpe:/a:eclipse:jetty:9.2.14.v20151106 		org.eclipse.jetty:jetty-jmx:9.2.14.v20151106  High 4 Low 37
cometd-java-server-3.0.8.jar org.cometd.java:cometd-java-server:3.0.8    0 29
commons-comet-service-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-comet-service:5.3.x-SNAPSHOT   0 26
fontbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:fontbox:1.8.14  Medium 2 Highest 37
jempbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:jempbox:1.8.14  Medium 2 Highest 35
pdfbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:pdfbox:1.8.14  Medium 2 Highest 35
htmllexer-2.1.jar org.htmlparser:htmllexer:2.1    0 23
htmlparser-2.1.jar org.htmlparser:htmlparser:2.1    0 23
poi-3.13.jar cpe:/a:apache:poi:3.13 org.apache.poi:poi:3.13  High 2 Highest 28
tika-core-1.5.jar cpe:/a:apache:tika:1.5 org.apache.tika:tika-core:1.5  High 8 Highest 33
vorbis-java-core-0.1-tests.jar org.gagravarr:vorbis-java-core:0.1    0 23
vorbis-java-tika-0.1.jar cpe:/a:apache:tika:0.1 org.gagravarr:vorbis-java-tika:0.1  High 6 Highest 23
netcdf-4.2-min.jar edu.ucar:netcdf:4.2-min    0 21
apache-mime4j-core-0.7.2.jar cpe:/a:apache:james:0.7.2 org.apache.james:apache-mime4j-core:0.7.2    0 Low 33
xz-1.2.jar cpe:/a:tukaani:xz:1.2 org.tukaani:xz:1.2  Medium 1 Low 27
commons-compress-1.5.jar cpe:/a:apache:commons-compress:1.5 org.apache.commons:commons-compress:1.5    0 Low 39
tagsoup-1.2.1.jar org.ccil.cowan.tagsoup:tagsoup:1.2.1    0 18
asm-debug-all-4.1.jar org.ow2.asm:asm-debug-all:4.1    0 28
isoparser-1.0-RC-1.jar cpe:/a:boxes_project:boxes:7.x-1.0 com.googlecode.mp4parser:isoparser:1.0-RC-1  Low 1 Highest 24
xmpcore-5.1.2.jar com.adobe.xmp:xmpcore:5.1.2    0 30
metadata-extractor-2.6.2.jar com.drewnoakes:metadata-extractor:2.6.2    0 21
vorbis-java-core-0.1.jar org.gagravarr:vorbis-java-core:0.1    0 21
juniversalchardet-1.0.3.jar org.zenframework.z8.dependencies.commons:juniversalchardet-1.0.3:2.0    0 26
jhighlight-1.0.jar com.uwyn:jhighlight:1.0    0 25
xmlbeans-2.6.0.jar org.apache.xmlbeans:xmlbeans:2.6.0    0 24
exo.core.component.document-5.3.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.document:5.3.x-SNAPSHOT   0 22
exo.core.component.database-5.3.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.database:5.3.x-SNAPSHOT   0 22
lucene-analyzers-3.6.2.jar org.apache.lucene:lucene-analyzers:3.6.2    0 26
lucene-spellchecker-3.6.2.jar org.apache.lucene:lucene-spellchecker:3.6.2    0 26
jta-1.1.jar javax.transaction:transaction-api:1.1    0 22
concurrent-1.3.4.jar concurrent:concurrent:1.3.4    0 23
commons-collections-3.2.2.jar cpe:/a:apache:commons_collections:3.2.2 commons-collections:commons-collections:3.2.2    0 Low 40
jgroups-3.6.13.Final.jar org.jgroups:jgroups:3.6.13.Final    0 32
jbossjta-4.16.6.Final.jar org.jboss.jbossts:jbossjta:4.16.6.Final    0 22
ws-commons-util-1.0.1.jar cpe:/a:ws_project:ws:1.0.1 ws-commons-util:ws-commons-util:1.0.1  Medium 1 Low 30
jboss-common-core-2.2.22.GA.jar org.jboss:jboss-common-core:2.2.22.GA    0 30
stringtemplate-3.2.1.jar org.antlr:stringtemplate:3.2.1    0 23
antlr-runtime-3.5.jar org.antlr:antlr-runtime:3.5    0 26
exo.kernel.component.ext.cache.impl.infinispan.v8-5.3.x-SNAPSHOT.jar cpe:/a:infinispan:infinispan:5.3.0 org.exoplatform.kernel:exo.kernel.component.ext.cache.impl.infinispan.v8:5.3.x-SNAPSHOT Medium 3 Highest 22
jboss-marshalling-osgi-2.0.0.Beta3.jar org.jboss.marshalling:jboss-marshalling-osgi:2.0.0.Beta3    0 29
infinispan-core-8.2.6.Final.jar cpe:/a:infinispan:infinispan:8.2.6 org.infinispan:infinispan-core:8.2.6.Final  Medium 3 Highest 35
exo.jcr.component.core-5.3.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.core:5.3.x-SNAPSHOT   0 22
jtidy-r938.jar cpe:/a:html-tidy:tidy:- net.sf.jtidy:jtidy:r938    0 Low 25
exo.core.component.xml-processing-5.3.x-SNAPSHOT.jar cpe:/a:processing:processing:5.3 org.exoplatform.core:exo.core.component.xml-processing:5.3.x-SNAPSHOT   0 Low 22
exo.core.component.script.groovy-5.3.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.script.groovy:5.3.x-SNAPSHOT   0 22
exo.jcr.component.ext-5.3.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.ext:5.3.x-SNAPSHOT   0 22
commons-dbcp-1.4.jar commons-dbcp:commons-dbcp:1.4    0 34
commons-pool-1.6.jar commons-pool:commons-pool:1.6    0 36
exo.kernel.component.common-5.3.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.common:5.3.x-SNAPSHOT   0 24
exo.ws.rest.core-5.3.x-SNAPSHOT.jar cpe:/a:ws_project:ws:5.3 org.exoplatform.ws:exo.ws.rest.core:5.3.x-SNAPSHOT   0 Low 24
aspectjrt-1.8.8.jar org.aspectj:aspectjrt:1.8.8    0 21
c3p0-0.9.1.1.jar cpe:/a:mchange:c3p0:0.9.1.1 c3p0:c3p0:0.9.1.1  Medium 1 Highest 23
quartz-2.2.2.jar org.quartz-scheduler:quartz:2.2.2    0 43
hamcrest-core-1.3.jar org.hamcrest:hamcrest-core:1.3    0 25
junit-4.12.jar junit:junit:4.12    0 25
jmock-1.0.1.jar jmock:jmock:1.0.1    0 14
picocontainer-1.1.jar picocontainer:picocontainer:1.1    0 28
xmlpull-1.1.3.1.jar xmlpull:xmlpull:1.1.3.1    0 18
xstream-1.4.10.jar cpe:/a:xstream_project:xstream:1.4.10 com.thoughtworks.xstream:xstream:1.4.10  High 1 Highest 53
owasp-java-html-sanitizer-20160413.1.jar cpe:/a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:20160413.1 com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20160413.1    0 Low 21
jrcs.diff-0.4.2.jar org.jvnet.hudson:org.suigeneris.jrcs.diff:0.4.2    0 17
ecs-1.4.2.jar ecs:ecs:1.4.2    0 14
liquibase-core-3.4.2.jar org.liquibase:liquibase-core:3.4.2    0 19
jboss-logging-3.3.0.Final.jar org.jboss.logging:jboss-logging:3.3.0.Final    0 44
dom4j-1.6.1.jar cpe:/a:dom4j_project:dom4j:1.6.1 dom4j:dom4j:1.6.1  Medium 1 Highest 31
javassist-3.20.0-GA.jar org.javassist:javassist:3.20.0-GA    0 27
hibernate-jpa-2.0-api-1.0.1.Final.jar org.hibernate.javax.persistence:hibernate-jpa-2.0-api:1.0.1.Final    0 26
hibernate-entitymanager-4.2.21.Final.jar org.hibernate:hibernate-entitymanager:4.2.21.Final    0 32
jackson-core-2.4.2.jar cpe:/a:fasterxml:jackson:2.4.2 com.fasterxml.jackson.core:jackson-core:2.4.2    0 Low 37
jackson-annotations-2.4.0.jar cpe:/a:fasterxml:jackson:2.4.0 com.fasterxml.jackson.core:jackson-annotations:2.4.0    0 Low 37
stax2-api-3.1.4.jar org.codehaus.woodstox:stax2-api:3.1.4    0 29
jackson-dataformat-xml-2.4.2.jar cpe:/a:fasterxml:jackson-databind:2.4.2
cpe:/a:fasterxml:jackson:2.4.2 		com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.4.2  High 13 Highest 37
swagger-annotations-1.5.0.jar io.swagger:swagger-annotations:1.5.0    0 24
swagger-models-1.5.0.jar io.swagger:swagger-models:1.5.0    0 24
swagger-core-1.5.0.jar io.swagger:swagger-core:1.5.0    0 17
annotations-2.0.1.jar com.google.code.findbugs:annotations:2.0.1    0 23
reflections-0.9.9.jar org.reflections:reflections:0.9.9    0 19
swagger-jaxrs-1.5.0.jar io.swagger:swagger-jaxrs:1.5.0    0 17
commons-component-common-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-component-common:5.3.x-SNAPSHOT   0 26
closure-compiler-externs-v20170910.jar com.google.javascript:closure-compiler-externs:v20170910    0 19
args4j-2.33.jar args4j:args4j:2.33    0 24
error_prone_annotations-2.0.18.jar com.google.errorprone:error_prone_annotations:2.0.18    0 23
gson-2.7.jar com.google.code.gson:gson:2.7    0 35
jsinterop-annotations-1.0.0.jar com.google.jsinterop:jsinterop-annotations:1.0.0    0 19
closure-compiler-v20170910.jar com.google.javascript:closure-compiler:v20170910    0 13
commons-webui-component-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-webui-component:5.3.x-SNAPSHOT   0 24
exo.kernel.component.cache-5.3.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.cache:5.3.x-SNAPSHOT   0 22
exo.core.component.security.core-5.3.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.security.core:5.3.x-SNAPSHOT   0 22
antlr-2.7.7.jar antlr:antlr:2.7.7    0 18
hibernate-core-4.2.21.Final.jar org.hibernate:hibernate-core:4.2.21.Final    0 32
jakarta-regexp-1.4.jar jakarta-regexp:jakarta-regexp:1.4    0 14
xpp3-1.1.6.jar org.ogce:xpp3:1.1.6    0 24
exo.core.component.organization.api-5.3.x-SNAPSHOT.jar cpe:/a:api-platform:core:5.3 org.exoplatform.core:exo.core.component.organization.api:5.3.x-SNAPSHOT   0 Low 22
icu4j-56.1.jar cpe:/a:icu-project:international_components_for_unicode:56.1::~~~c%2fc%2b%2b~~ com.ibm.icu:icu4j:56.1  High 8 Highest 33
exo-jcr-services-5.3.x-SNAPSHOT.jar org.exoplatform:exo-jcr-services:5.3.x-SNAPSHOT   0 24
ecms-core-publication-5.3.x-SNAPSHOT.jar org.exoplatform.ecms:ecms-core-publication:5.3.x-SNAPSHOT   0 26
commons-search-5.3.x-SNAPSHOT.jar cpe:/a:pro_search:pro_search:5.3 org.exoplatform.commons:commons-search:5.3.x-SNAPSHOT   0 Low 24
ecms-core-search-5.3.x-SNAPSHOT.jar cpe:/a:pro_search:pro_search:5.3 org.exoplatform.ecms:ecms-core-search:5.3.x-SNAPSHOT   0 Low 24
jdom-1.0.jar jdom:jdom:1.0    0 33
itunes-com-podcast-0.2.jar cpe:/a:apple:itunes:0.2 com.totsp.feedpod:itunes-com-podcast:0.2  High 584 Low 29
jurt-3.2.1.jar cpe:/a:openoffice:openoffice.org:3.2.1
cpe:/a:openoffice:openoffice:3.2.1 		org.openoffice:jurt:3.2.1  High 8 Highest 18
juh-3.2.1.jar cpe:/a:openoffice:openoffice.org:3.2.1
cpe:/a:openoffice:openoffice:3.2.1 		org.openoffice:juh:3.2.1  High 8 Highest 20
ridl-3.2.1.jar cpe:/a:openoffice:openoffice.org:3.2.1
cpe:/a:openoffice:openoffice:3.2.1 		org.openoffice:ridl:3.2.1  High 8 Highest 18
unoil-3.2.1.jar cpe:/a:openoffice:openoffice.org:3.2.1
cpe:/a:openoffice:openoffice:3.2.1 		org.openoffice:unoil:3.2.1  High 8 Highest 18
jodconverter-core-3.0-eXo03.jar org.artofsolving.jodconverter:jodconverter-core:3.0-eXo03   0 21
groovy-all-2.4.12.jar cpe:/a:apache:groovy:2.4.12 org.codehaus.groovy:groovy-all:2.4.12    0 Low 36
jai-core-1.1.3.jar javax.media:jai-core:1.1.3   0 21
jai-codec-1.1.3.jar com.sun.media:jai-codec:1.1.3   0 22
icepdf-core-5.1.1.jar org.icepdf.os:icepdf-core:5.1.1   0 17
imgscalr-lib-4.2.jar org.imgscalr:imgscalr-lib:4.2    0 23
jdom-1.1.3.jar org.jdom:jdom:1.1.3    0 44
ecms-core-services-5.3.x-SNAPSHOT.jar cpe:/a:no-cms_project:no-cms:5.3 org.exoplatform.ecms:ecms-core-services:5.3.x-SNAPSHOT   0 Low 28
json-simple-1.1.1.jar com.googlecode.json-simple:json-simple:1.1.1    0 23
ecms-core-connector-5.3.x-SNAPSHOT.jar org.exoplatform.ecms:ecms-core-connector:5.3.x-SNAPSHOT   0 26
twitter4j-core-3.0.5.jar cpe:/a:twitter_project:twitter:3.0.5
cpe:/a:twitter:twitter:3.0.5 		org.twitter4j:twitter4j-core:3.0.5    0 Low 22
scribe-1.3.5.jar cpe:/a:scribe:scribe:1.3.5 org.scribe:scribe:1.3.5    0 Low 23
google-http-client-1.14.1-beta.jar com.google.http-client:google-http-client:1.14.1-beta    0 24
jsr305-1.3.9.jar com.google.code.findbugs:jsr305:1.3.9    0 21
google-oauth-client-1.14.1-beta.jar com.google.oauth-client:google-oauth-client:1.14.1-beta    0 24
google-api-client-1.14.1-beta.jar com.google.api-client:google-api-client:1.14.1-beta    0 22
jackson-core-asl-1.9.11.jar cpe:/a:fasterxml:jackson:1.9.11 org.codehaus.jackson:jackson-core-asl:1.9.11    0 Low 32
google-http-client-jackson-1.14.1-beta.jar com.google.http-client:google-http-client-jackson:1.14.1-beta    0 22
google-api-services-plus-v1-rev69-1.14.2-beta.jar com.google.apis:google-api-services-plus:v1-rev69-1.14.2-beta    0 26
google-api-services-oauth2-v2-rev36-1.14.2-beta.jar com.google.apis:google-api-services-oauth2:v2-rev36-1.14.2-beta    0 26
ecms-core-webui-5.3.x-SNAPSHOT.jar org.exoplatform.ecms:ecms-core-webui:5.3.x-SNAPSHOT   0 26
ecms-core-webui-seo-5.3.x-SNAPSHOT.jar cpe:/a:content_project:content:5.3.20190524 org.exoplatform.ecms:ecms-core-webui-seo:5.3.x-SNAPSHOT   0 Low 28
forum-component-common-5.3.x-SNAPSHOT.jar org.exoplatform.forum:forum-component-common:5.3.x-SNAPSHOT   0 24
forum-component-rendering-5.3.x-SNAPSHOT.jar org.exoplatform.forum:forum-component-rendering:5.3.x-SNAPSHOT   0 26
forum-application-common-5.3.x-SNAPSHOT.jar org.exoplatform.forum:forum-application-common:5.3.x-SNAPSHOT   0 24
forum-forum-service-5.3.x-SNAPSHOT.jar org.exoplatform.forum:forum-forum-service:5.3.x-SNAPSHOT   0 26
forum-application-create-5.3.x-SNAPSHOT.jar org.exoplatform.forum:forum-application-create:5.3.x-SNAPSHOT   0 26
mime-util-2.1.3.jar eu.medsea.mimeutil:mime-util:2.1.3    0 30
jcl-over-slf4j-1.7.18.jar org.slf4j:jcl-over-slf4j:1.7.18    0 31
slf4j-api-1.7.18.jar org.slf4j:slf4j-api:1.7.18    0 31
exo.kernel.commons-5.3.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.commons:5.3.x-SNAPSHOT   0 22
commons-beanutils-1.8.3.jar cpe:/a:apache:commons_beanutils:1.8.3 commons-beanutils:commons-beanutils:1.8.3  High 1 Low 34
wci-wci-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.wci:wci-wci:5.3.x-SNAPSHOT   0 29
jibx-run-1.2.6.jar org.jibx:jibx-run:1.2.6    0 29
javax.inject-1.jar javax.inject:javax.inject:1    0 20
cdi-api-1.0-SP4.jar javax.enterprise:cdi-api:1.0-SP4    0 31
exo.kernel.container-5.3.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.container:5.3.x-SNAPSHOT   0 24
chromattic.api-1.3.0.jar org.chromattic:chromattic.api:1.3.0    0 23
chromattic.ext-1.3.0.jar org.chromattic:chromattic.ext:1.3.0    0 25
chromattic.spi-1.3.0.jar org.chromattic:chromattic.spi:1.3.0    0 25
commons-component-product-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-component-product:5.3.x-SNAPSHOT   0 26
social-component-common-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-common:5.3.x-SNAPSHOT   0 26
pc-api-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-api:5.3.x-SNAPSHOT   0 27
social-component-notification-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-notification:5.3.x-SNAPSHOT   0 28
calendar-webservice-5.3.x-SNAPSHOT.jar org.exoplatform.calendar:calendar-webservice:5.3.x-SNAPSHOT   0 26
platform-component-common-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-component-common:5.3.x-SNAPSHOT   0 26
platform-component-uxpnavigation-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-component-uxpnavigation:5.3.x-SNAPSHOT   0 24
ecms-core-webui-administration-5.3.x-SNAPSHOT.jar org.exoplatform.ecms:ecms-core-webui-administration:5.3.x-SNAPSHOT   0 26
ecms-core-publication-plugins-5.3.x-SNAPSHOT.jar org.exoplatform.ecms:ecms-core-publication-plugins:5.3.x-SNAPSHOT   0 26
ecms-core-viewer-5.3.x-SNAPSHOT.jar org.exoplatform.ecms:ecms-core-viewer:5.3.x-SNAPSHOT   0 28
ecms-ext-authoring-services-5.3.x-SNAPSHOT.jar org.exoplatform.ecms:ecms-ext-authoring-services:5.3.x-SNAPSHOT   0 26
ecms-core-webui-explorer-5.3.x-SNAPSHOT.jar cpe:/a:content_project:content:5.3 org.exoplatform.ecms:ecms-core-webui-explorer:5.3.x-SNAPSHOT   0 Low 28
platform-component-webui-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-component-webui:5.3.x-SNAPSHOT   0 24
exo.portal.webui.core-5.3.x-SNAPSHOT.jar cpe:/a:in-portal:in-portal:5.3 org.exoplatform.gatein.portal:exo.portal.webui.core:5.3.x-SNAPSHOT   0 Low 27
commons-component-upgrade-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-component-upgrade:5.3.x-SNAPSHOT   0 26
common-logging-2.2.2.Final.jar org.gatein.common:common-logging:2.2.2.Final    0 31
caja-r5054.jar com.google.caja:caja:r5054   0 23
htmlparser-r4209.jar caja:htmlparser:r4209   0 24
oauth-20100527.jar net.oauth.core:oauth:20100527    0 18
nekohtml-1.9.22.jar net.sourceforge.nekohtml:nekohtml:1.9.22    0 20
xercesImpl-2.9.1.jar cpe:/a:apache:xerces2_java:2.9.1 xerces:xercesImpl:2.9.1  High 1 Low 50
sanselan-0.97-incubator.jar org.apache.sanselan:sanselan:0.97-incubator    0 35
social-component-core-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-core:5.3.x-SNAPSHOT   0 26
social-component-webui-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-webui:5.3.x-SNAPSHOT   0 28
gwt-servlet-2.6.1.jar cpe:/a:google:protobuf:2.5.0
cpe:/a:google:protobuf:2.6.1 		com.google.gwt:gwt-servlet:2.6.1  Medium 1 Highest 27
commons-chain-1.2.jar commons-chain:commons-chain:1.2    0 34
commons-fileupload-1.3.3.jar cpe:/a:apache:commons_fileupload:1.3.3 commons-fileupload:commons-fileupload:1.3.3    0 Low 40
commons-io-2.4.jar commons-io:commons-io:2.4    0 36
activation-1.1.1.jar javax.activation:activation:1.1.1    0 24
mail-1.4.7.jar cpe:/a:sun:javamail:1.4.7 javax.mail:mail:1.4.7    0 Low 41
lucene-core-3.6.2.jar org.apache.lucene:lucene-core:3.6.2    0 26
chromattic.common-1.3.0.jar org.chromattic:chromattic.common:1.3.0    0 25
chromattic.metamodel-1.3.0.jar org.chromattic:chromattic.metamodel:1.3.0    0 23
exo.jcr.component.webdav-5.3.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.webdav:5.3.x-SNAPSHOT   0 22
commons-digester-2.1.jar commons-digester:commons-digester:2.1    0 34
exo.kernel.component.command-5.3.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.command:5.3.x-SNAPSHOT   0 24
htmlcleaner-2.7.jar cpe:/a:htmlcleaner_project:htmlcleaner:2.7 net.sourceforge.htmlcleaner:htmlcleaner:2.7    0 Low 20
stax-utils-20070216.jar net.java.dev.stax-utils:stax-utils:20070216    0 20
xwiki-commons-xml-5.4.7.jar cpe:/a:xwiki:xwiki:5.4.7 org.xwiki.commons:xwiki-commons-xml:5.4.7 Low 1 Low 26
jcommon-1.0.17.jar org.jfree:jcommon:1.0.17    0 23
jfreechart-1.0.14.jar org.jfree:jfreechart:1.0.14    0 25
velocity-1.7.jar org.apache.velocity:velocity:1.7    0 33
velocity-tools-1.4.jar cpe:/a:apache:struts:1.4 velocity-tools:velocity-tools:1.4    0 Low 19
ezmorph-1.0.6.jar net.sf.ezmorph:ezmorph:1.0.6    0 22
json-lib-2.4-jdk15.jar com.hynnet:json-lib:2.4    0 15
commons-configuration-1.10.jar commons-configuration:commons-configuration:1.10    0 36
snuggletex-core-1.1.0.jar uk.ac.ed.ph.snuggletex:snuggletex-core:1.1.0   0 18
batik-css-1.7.jar cpe:/a:apache:batik:1.7 org.apache.xmlgraphics:batik-css:1.7  High 3 Highest 22
xmlgraphics-commons-1.3.1.jar org.apache.xmlgraphics:xmlgraphics-commons:1.3.1    0 25
jeuclid-core-3.1.5.jar net.sourceforge.jeuclid:jeuclid-core:3.1.5    0 22
snuggletex-jeuclid-1.1.0.jar uk.ac.ed.ph.snuggletex:snuggletex-jeuclid:1.1.0   0 18
serializer-2.7.1.jar cpe:/a:apache:xalan-java:2.7.1 xalan:serializer:2.7.1  High 1 Highest 26
xalan-2.7.1.jar cpe:/a:apache:xalan-java:2.7.1 xalan:xalan:2.7.1  High 1 Highest 40
wiki-renderer-5.3.x-SNAPSHOT.jar org.exoplatform.wiki:wiki-renderer:5.3.x-SNAPSHOT   0 24
jboss-logging-annotations-1.2.0.Beta1.jar org.jboss.logging:jboss-logging-annotations:1.2.0.Beta1    0 30
hibernate-commons-annotations-4.0.5.Final.jar org.hibernate.common:hibernate-commons-annotations:4.0.5.Final    0 30
log4j-1.2.17.jar cpe:/a:apache:log4j:2.0:alpha1 log4j:log4j:1.2.17  High 1 High 33
stax-api-1.0-2.jar javax.xml.stream:stax-api:1.0-2    0 20
jaxb-api-2.1.jar javax.xml.bind:jaxb-api:2.1    0 15
jaxb-impl-2.1.8.jar com.sun.xml.bind:jaxb-impl:2.1.8    0 20
picketlink-idm-core-1.4.6.Final.jar cpe:/a:picketlink:picketlink:1.4.6 org.picketlink.idm:picketlink-idm-core:1.4.6.Final  Medium 3 Low 37
jackson-databind-2.3.1.jar cpe:/a:fasterxml:jackson:2.3.1
cpe:/a:fasterxml:jackson-databind:2.3.1 		com.fasterxml.jackson.core:jackson-databind:2.3.1  High 13 Highest 37
social-component-service-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-service:5.3.x-SNAPSHOT   0 26
itext-2.1.7.jar com.lowagie:itext:2.1.7    0 23
validation-api-1.1.0.Final.jar javax.validation:validation-api:1.1.0.Final    0 22
sac-1.3.jar org.w3c.css:sac:1.3    0 27
cssparser-0.9.18.jar net.sourceforge.cssparser:cssparser:0.9.18    0 27
bcmail-jdk15-1.45.jar cpe:/a:no-cms_project:no-cms:1.45 org.bouncycastle:bcmail-jdk15:1.45    0 Low 24
bcprov-jdk15-1.45.jar cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.45
cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.45 		org.bouncycastle:bcprov-jdk15:1.45  Medium 1 Low 24
bctsp-jdk15-1.45.jar org.bouncycastle:bctsp-jdk15:1.45    0 24
mchange-commons-java-0.2.3.4.jar com.mchange:mchange-commons-java:0.2.3.4    0 19
c3p0-0.9.2.1.jar cpe:/a:mchange:c3p0:0.9.2.1 com.mchange:c3p0:0.9.2.1  Medium 1 Highest 24
hibernate-c3p0-4.2.21.Final.jar org.hibernate:hibernate-c3p0:4.2.21.Final    0 32
exo.core.component.organization.jdbc-5.3.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.organization.jdbc:5.3.x-SNAPSHOT   0 22
jrcs.rcs-0.4.2.jar org.jvnet.hudson:org.suigeneris.jrcs.rcs:0.4.2    0 17
flying-saucer-core-9.0.8.jar org.xhtmlrenderer:flying-saucer-core:9.0.8    0 21
flying-saucer-pdf-9.0.8.jar org.xhtmlrenderer:flying-saucer-pdf:9.0.8    0 23
xpp3-1.1.4c.jar xpp3:xpp3:1.1.4c    0 26
wiki-service-5.3.x-SNAPSHOT.jar org.exoplatform.wiki:wiki-service:5.3.x-SNAPSHOT   0 26
wiki-macros-iframe-5.3.x-SNAPSHOT.jar org.exoplatform.wiki:wiki-macros-iframe:5.3.x-SNAPSHOT   0 26
jython-standalone-2.5.4-rc1.jar cpe:/a:jython_project:jython:2.5.4.rc1 org.python:jython-standalone:2.5.4-rc1    0 Low 10
pygments-1.6.jar cpe:/a:pygments:pygments:1.6 org.pygments:pygments:1.6  High 1 Highest 18
jdom2-2.0.5.jar org.jdom:jdom2:2.0.5    0 43
wiki-webui-5.3.x-SNAPSHOT.jar org.exoplatform.wiki:wiki-webui:5.3.x-SNAPSHOT   0 26
common-common-2.2.2.Final.jar org.gatein.common:common-common:2.2.2.Final    0 31
pc-portlet-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-portlet:5.3.x-SNAPSHOT   0 27
pc-federation-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-federation:5.3.x-SNAPSHOT   0 29
pc-bridge-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-bridge:5.3.x-SNAPSHOT   0 27
mop-api-1.3.2.Final.jar org.gatein.mop:mop-api:1.3.2.Final   0 30
mop-spi-1.3.2.Final.jar org.gatein.mop:mop-spi:1.3.2.Final   0 30
mop-core-1.3.2.Final.jar org.gatein.mop:mop-core:1.3.2.Final   0 30
gatein-management-api-2.1.0.Final.jar org.gatein.management:gatein-management-api:2.1.0.Final   0 28
gatein-management-spi-2.1.0.Final.jar org.gatein.management:gatein-management-spi:2.1.0.Final   0 28
commons-lang3-3.3.2.jar org.apache.commons:commons-lang3:3.3.2    0 37
json-20070829.jar org.json:json:20070829    0 23
staxnav.core-0.9.8.jar org.staxnav:staxnav.core:0.9.8    0 19
joda-time-2.4.jar joda-time:joda-time:2.4    0 34
ehcache-core-2.6.9.jar net.sf.ehcache:ehcache-core:2.6.9    0 19
juel-impl-2.2.7.jar de.odysseus.juel:juel-impl:2.2.7    0 26
el-api-6.0.41.jar cpe:/a:apache_tomcat:apache_tomcat:6.0.41
cpe:/a:apache:tomcat:6.0.41
cpe:/a:apache_software_foundation:tomcat:6.0.41 		org.apache.tomcat:el-api:6.0.41  High 22 Highest 19
jasper-el-6.0.41.jar cpe:/a:apache_tomcat:apache_tomcat:6.0.41
cpe:/a:apache:tomcat:6.0.41
cpe:/a:apache_software_foundation:tomcat:6.0.41
cpe:/a:jasper_project:jasper:6.0.41 		org.apache.tomcat:jasper-el:6.0.41  High 22 Highest 21
shindig-common-2.5.2.jar cpe:/a:apache:shindig:2.5.2 org.apache.shindig:shindig-common:2.5.2    0 Low 26
filters-2.0.235.jar cpe:/a:image_processing_software:image_processing_software:2.0.235
cpe:/a:processing:processing:2.0.235 		com.jhlabs:filters:2.0.235  Medium 2 Low 22
simplecaptcha-1.1.1.Final-gatein-4.jar org.gatein.captcha:simplecaptcha:1.1.1.Final-gatein-4   0 27
gatein-api-1.0.1.Final.jar org.gatein.api:gatein-api:1.0.1.Final    0 29
aopalliance-1.0.jar aopalliance:aopalliance:1.0    0 20
guice-3.0.jar com.google.inject:guice:3.0    0 29
guice-multibindings-3.0.jar com.google.inject.extensions:guice-multibindings:3.0    0 29
commons-codec-1.10.jar commons-codec:commons-codec:1.10    0 38
guava-20.0.jar cpe:/a:google:guava:20.0 com.google.guava:guava:20.0  Medium 1 Highest 29
oauth-provider-20100527.jar net.oauth.core:oauth-provider:20100527    0 18
oauth-consumer-20090617.jar net.oauth.core:oauth-consumer:20090617   0 17
oauth-httpclient4-20090913.jar net.oauth.core:oauth-httpclient4:20090913   0 20
geronimo-stax-api_1.0_spec-1.0.1.jar org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:1.0.1    0 26
xpp3_min-1.1.4c.jar xpp3:xpp3_min:1.1.4c    0 24
httpcore-4.3.3.jar org.apache.httpcomponents:httpcore:4.3.3    0 32
commons-logging-1.1.3.jar commons-logging:commons-logging:1.1.3    0 36
httpclient-4.3.6.jar cpe:/a:apache:httpclient:4.3.6 org.apache.httpcomponents:httpclient:4.3.6    0 Low 32
xml-apis-1.4.01.jar xml-apis:xml-apis:1.4.01    0 49
javax.servlet-api-3.0.1.jar javax.servlet:javax.servlet-api:3.0.1    0 38
platform-ui-skin-5.3.x-SNAPSHOT.war org.exoplatform.platform-ui:platform-ui-skin:5.3.x-SNAPSHOT   0 26
javaparser-1.0.8.jar com.google.code.javaparser:javaparser:1.0.8   0 20
chromattic.testgenerator-1.3.0.jar org.chromattic:chromattic.testgenerator:1.3.0    0 23
modules-0.3.2.jar rome:modules:0.3.2    0 24
jackson-databind-2.4.2.jar cpe:/a:fasterxml:jackson-databind:2.4.2
cpe:/a:fasterxml:jackson:2.4.2 		com.fasterxml.jackson.core:jackson-databind:2.4.2  High 13 Highest 37
protobuf-java-3.0.2.jar cpe:/a:google:protobuf:3.0.2 com.google.protobuf:protobuf-java:3.0.2  Medium 1 Highest 29
jsr305-3.0.1.jar com.google.code.findbugs:jsr305:3.0.1    0 23
platform-exo-gadget-pack-gadget-pack-services-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-exo-gadget-pack-gadget-pack-services:5.3.x-SNAPSHOT   0 28
juzu-core-1.2.x-SNAPSHOT.jar org.juzu:juzu-core:1.2.x-SNAPSHOT   0 21
commons-juzu-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-juzu:5.3.x-SNAPSHOT   0 28
rhino-1.7R3.jar org.mozilla:rhino:1.7R3    0 26
juzu-plugins-less-1.2.x-SNAPSHOT.jar org.juzu:juzu-plugins-less:1.2.x-SNAPSHOT   0 24
juzu-plugins-portlet-1.2.x-SNAPSHOT.jar org.juzu:juzu-plugins-portlet:1.2.x-SNAPSHOT   0 24
juzu-plugins-upload-1.2.x-SNAPSHOT.jar org.juzu:juzu-plugins-upload:1.2.x-SNAPSHOT   0 24
platform-welcome-screens-component-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-welcome-screens-component:5.3.x-SNAPSHOT   0 24
joda-time-2.2.jar joda-time:joda-time:2.2    0 34
xml-apis-1.0.b2.jar xml-apis:xml-apis:1.0.b2    0 43
platform-sample-gadgets-sample-service-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-sample-gadgets-sample-service:5.3.x-SNAPSHOT   0 24
jackson-annotations-2.3.0.jar cpe:/a:fasterxml:jackson:2.3.0 com.fasterxml.jackson.core:jackson-annotations:2.3.0    0 Low 37
jackson-core-2.3.1.jar cpe:/a:fasterxml:jackson:2.3.1 com.fasterxml.jackson.core:jackson-core:2.3.1    0 Low 37
jboss-transaction-api_1.1_spec-1.0.1.Final.jar org.jboss.spec.javax.transaction:jboss-transaction-api_1.1_spec:1.0.1.Final    0 38
juzu-plugins-validation-1.2.x-SNAPSHOT.jar org.juzu:juzu-plugins-validation:1.2.x-SNAPSHOT   0 24
protobuf-java-2.5.0.jar cpe:/a:google:protobuf:2.5.0 com.google.protobuf:protobuf-java:2.5.0  Medium 1 Highest 29
less4j-1.4.0.jar com.github.sommeri:less4j:1.4.0    0 24
juzu-plugins-less4j-1.2.x-SNAPSHOT.jar org.juzu:juzu-plugins-less4j:1.2.x-SNAPSHOT   0 25
webjars-locator-0.4.jar org.webjars:webjars-locator:0.4    0 19
juzu-plugins-webjars-1.2.x-SNAPSHOT.jar org.juzu:juzu-plugins-webjars:1.2.x-SNAPSHOT   0 23
sso-integration-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.sso:sso-integration:5.3.x-SNAPSHOT   0 31
sso-agent-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.sso:sso-agent:5.3.x-SNAPSHOT   0 29
ccpp-1.0.jar javax.ccpp:ccpp:1.0    0 20
portals-bridges-common-1.0.4.jar org.apache.portals.bridges:portals-bridges-common:1.0.4    0 25
asm-3.1.jar asm:asm:3.1    0 18
cglib-2.2.jar cglib:cglib:2.2    0 20
chromattic.cglib-1.3.0.jar org.chromattic:chromattic.cglib:1.3.0    0 23
chromattic.groovy-1.3.0.jar org.chromattic:chromattic.groovy:1.3.0    0 23
chromattic.dataobject-1.3.0.jar org.chromattic:chromattic.dataobject:1.3.0    0 23
commons-file-storage-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-file-storage:5.3.x-SNAPSHOT   0 26
integ-calendar-social-5.3.x-SNAPSHOT.jar org.exoplatform.integration:integ-calendar-social:5.3.x-SNAPSHOT   0 26
social-component-core-jpa-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-core-jpa:5.3.x-SNAPSHOT   0 26
integ-ecms-social-5.3.x-SNAPSHOT.jar org.exoplatform.integration:integ-ecms-social:5.3.x-SNAPSHOT   0 26
forum-component-bbcode-5.3.x-SNAPSHOT.jar org.exoplatform.forum:forum-component-bbcode:5.3.x-SNAPSHOT   0 26
integ-forum-social-5.3.x-SNAPSHOT.jar org.exoplatform.integration:integ-forum-social:5.3.x-SNAPSHOT   0 28
integ-social-ecms-5.3.x-SNAPSHOT.jar org.exoplatform.integration:integ-social-ecms:5.3.x-SNAPSHOT   0 26
integ-wiki-social-5.3.x-SNAPSHOT.jar org.exoplatform.integration:integ-wiki-social:5.3.x-SNAPSHOT   0 26
antlr-runtime-3.4.jar org.antlr:antlr-runtime:3.4    0 25
platform-component-edition-community-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-component-edition-community:5.3.x-SNAPSHOT   0 26
platform-component-gadgets-5.3.x-SNAPSHOT.jar cpe:/a:user_dashboard_project:user_dashboard:5.3 org.exoplatform.platform:platform-component-gadgets:5.3.x-SNAPSHOT   0 Low 28
platform-component-organization-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-component-organization:5.3.x-SNAPSHOT   0 24
platform-component-upgrade-plugins-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-component-upgrade-plugins:5.3.x-SNAPSHOT   0 24
platform-extension-config-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-extension-config:5.3.x-SNAPSHOT   0 24
redirect-5.3.x-SNAPSHOT.jar cpe:/a:in-portal:in-portal:5.3 org.gatein.web:redirect:5.3.x-SNAPSHOT   0 Low 27
hibernate-validator-4.2.0.Final.jar cpe:/a:bean_project:bean:4.2.0 org.hibernate:hibernate-validator:4.2.0.Final    0 Low 27
ehcache-core-2.6.9.jar: sizeof-agent.jar net.sf.ehcache:sizeof-agent:1.0.1   0 26
jython-standalone-2.5.4-rc1.jar: jline64.dll   0 4
jython-standalone-2.5.4-rc1.jar: jline32.dll   0 4
jython-standalone-2.5.4-rc1.jar: wininst-7.1.exe   0 4
jython-standalone-2.5.4-rc1.jar: wininst-6.exe   0 4
jython-standalone-2.5.4-rc1.jar: jffi-1.0.dll   0 4
jython-standalone-2.5.4-rc1.jar: jffi-1.0.dll   0 4
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling/pom.xml org.jboss.marshalling:jboss-marshalling:2.0.0.Beta3   0 13
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-river/pom.xml org.jboss.marshalling:jboss-marshalling-river:2.0.0.Beta3   0 13
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-serial/pom.xml org.jboss.marshalling:jboss-marshalling-serial:2.0.0.Beta3   0 13
jackson-dataformat-yaml-2.4.2.jar/META-INF/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/pom.xml cpe:/a:fasterxml:jackson:2.4.2 com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.4.2   0 Low 16
jackson-dataformat-yaml-2.4.2.jar/META-INF/maven/org.yaml/snakeyaml/pom.xml org.yaml:snakeyaml:1.12   0 11
closure-compiler-v20170910.jar/META-INF/maven/com.google.javascript/closure-compiler/pom.xml cpe:/a:google:gmail:- com.google.javascript:closure-compiler:v20170910 Medium 1 Low 15
jython-standalone-2.5.4-rc1.jar/META-INF/maven/jline/jline/pom.xml jline:jline:0.9.95-SNAPSHOT   0 11
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.antlr/antlr-runtime/pom.xml org.antlr:antlr-runtime:3.1.3   0 15
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.ext.posix/jnr-posix/pom.xml cpe:/a:jruby:jruby:1.1.4 org.jruby.ext.posix:jnr-posix:1.1.4 High 3 Highest 9
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/constantine/pom.xml cpe:/a:values_project:values:0.7 org.jruby.extras:constantine:0.7   0 Low 11
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jaffl/pom.xml org.jruby.extras:jaffl:0.5.1   0 11
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jffi/pom.xml cpe:/a:jruby:jruby:1.0.1 org.jruby.extras:jffi:1.0.1 High 3 Highest 11
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jnr-netdb/pom.xml org.jruby.extras:jnr-netdb:0.4   0 11
hibernate-validator-4.2.0.Final.jar/META-INF/maven/com.googlecode.jtype/jtype/pom.xml com.googlecode.jtype:jtype:0.1.1   0 12

Dependencies

portlet-api-2.0.jar

Description: The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group.

File Path: /home/ciagent/.m2/repository/javax/portlet/portlet-api/2.0/portlet-api-2.0.jar
MD5: 0ec08593cda1df33985391919996c740
SHA1: 1cd72f2a37fcf8ab9893a9468d7ba71c85fe2653
Referenced In Projects/Scopes:

  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Platform - Component Gadgets:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Platform - Extension Webapp:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

commons-httpclient-3.1.jar

Description: The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.

License:

Apache License: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/ciagent/.m2/repository/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
Referenced In Projects/Scopes:
  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Extension Webapp:runtime
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

  • cpe: cpe:/a:apache:httpclient:3.1   Confidence:Low   
  • cpe: cpe:/a:apache:commons-httpclient:3.1   Confidence:Low   
  • maven: commons-httpclient:commons-httpclient:3.1    Confidence:Highest

ical4j-1.0-beta5.jar

Description:  A Java library for reading and writing iCalendar (*.ics) files

License:

iCal4j - License: LICENSE
File Path: /home/ciagent/.m2/repository/ical4j/ical4j/1.0-beta5/ical4j-1.0-beta5.jar
MD5: 6da73e184e456aebd7bd81923c8cccce
SHA1: 6c19c4eec102ae28871c8765fc8d60dc60df93ec
Referenced In Projects/Scopes:
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Extension Webapp:runtime
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

  • maven: ical4j:ical4j:1.0-beta5   Confidence:High

jackrabbit-webdav-1.6.5.jar

Description: WebDAV library used by the Jackrabbit WebDAV support

File Path: /home/ciagent/.m2/repository/org/apache/jackrabbit/jackrabbit-webdav/1.6.5/jackrabbit-webdav-1.6.5.jar
MD5: 1d573cf67bcff173d91dd1d194334b66
SHA1: 5afbee7ce7bcf1c47d7e54e24afcd533cb6776ae
Referenced In Projects/Scopes:

  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Extension Webapp:runtime
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

CVE-2015-1833  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

Vulnerable Software & Versions: (show all)

rome-1.0.jar

Description: All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it easy to work in Java with most syndication formats. Today it accepts all flavors of RSS (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes a set of parsers and generators for the various flavors of feeds, as well as converters to convert from one format to another. The parsers can give you back Java objects that are either specific for the format you want to work with, or a generic normalized SyndFeed object that lets you work on with the data without bothering about the underlying format.

File Path: /home/ciagent/.m2/repository/rome/rome/1.0/rome-1.0.jar
MD5: 53d38c030287b939f4e6d745ba1269a7
SHA1: 022b33347f315833e9348cec2751af1a5d5656e4
Referenced In Projects/Scopes:

  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Platform - Component Gadgets:compile
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Platform - Extension Webapp:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

calendar-service-5.3.x-SNAPSHOT.jar

Description: eXo Calendar Service

File Path: /home/ciagent/.m2/repository/org/exoplatform/calendar/calendar-service/5.3.x-SNAPSHOT/calendar-service-5.3.x-SNAPSHOT.jar
MD5: 3a1223ff975f2a40aff762333f37b012
SHA1: 2b289427304740efaa20dd853a646966ad711060
Referenced In Projects/Scopes:

  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Extension Webapp:runtime
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

  • maven: org.exoplatform.calendar:calendar-service:5.3.x-SNAPSHOT   Confidence:High

commons-webui-ext-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-webui-ext/5.3.x-SNAPSHOT/commons-webui-ext-5.3.x-SNAPSHOT.jar
MD5: 21e85e2bf15d4ab08eaa0374f2b2b4f7
SHA1: 3ef63b11d132511df342085a73b563a8e98f72dc
Referenced In Projects/Scopes:

  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Extension Webapp:runtime
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

  • maven: org.exoplatform.commons:commons-webui-ext:5.3.x-SNAPSHOT   Confidence:High

calendar-component-create-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/calendar/calendar-component-create/5.3.x-SNAPSHOT/calendar-component-create-5.3.x-SNAPSHOT.jar
MD5: dcef293c3d5c28a7d014fc6f69c9b5fc
SHA1: a0b6b594ac8fbff97d2b0a7ee8c90dd18778041c
Referenced In Projects/Scopes:

  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Extension Webapp:runtime

Identifiers

  • maven: org.exoplatform.calendar:calendar-component-create:5.3.x-SNAPSHOT   Confidence:High

commons-lang-2.6.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Projects/Scopes:
  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Platform - Component Gadgets:compile
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Platform - Extension Webapp:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

jsr250-api-1.0.jar

Description: JSR-250 Reference Implementation by Glassfish

License:

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/ciagent/.m2/repository/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar
MD5: 4cd56b2e4977e541186de69f5126b4a6
SHA1: 5025422767732a1ab45d93abfea846513d742dcf
Referenced In Projects/Scopes:
  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Platform - Component Gadgets:compile
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Platform - Extension Webapp:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

jcr-1.0.1.jar

Description: Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation.

License:

Day License: http://www.day.com/maven/jsr170/licenses/day-spec-license.htm
File Path: /home/ciagent/.m2/repository/javax/jcr/jcr/1.0.1/jcr-1.0.1.jar
MD5: 4639c7b994528948dab1a4feb1f68d6f
SHA1: 567ee103cf7592e3cf036e1bf4e2e06b9f08e1a1
Referenced In Projects/Scopes:
  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Platform - Component Gadgets:compile
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Platform - Extension Webapp:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

  • cpe: cpe:/a:content_project:content:1.0.1   Confidence:Low   
  • maven: javax.jcr:jcr:1.0.1   Confidence:High

CVE-2017-16111  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.

Vulnerable Software & Versions:

jsr311-api-1.1.1.jar

License:

                CDDL License
            : http://www.opensource.org/licenses/cddl1.php
File Path: /home/ciagent/.m2/repository/javax/ws/rs/jsr311-api/1.1.1/jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
Referenced In Projects/Scopes:
  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Platform - Component Gadgets:compile
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Platform - Extension Webapp:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

reflext.api-1.1.0.jar

Description: The Reflext Framework API

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.api/1.1.0/reflext.api-1.1.0.jar
MD5: fe732172fa2fb5ae4b63866ef15da41f
SHA1: 28374c509099736aeedc52fef3d7b8e78238c2a0
Referenced In Projects/Scopes:

  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Platform - Component Gadgets:compile
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Platform - Extension Webapp:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

reflext.core-1.1.0.jar

Description: The Reflect Framework Core

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.core/1.1.0/reflext.core-1.1.0.jar
MD5: cc65231f60a70dec43a57ccba5adce81
SHA1: 56316a714b99d7ac85d23d0f1a4680149c3273d6
Referenced In Projects/Scopes:

  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Platform - Component Gadgets:compile
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Platform - Extension Webapp:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

reflext.spi-1.1.0.jar

Description: The Reflext Framework SPI

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.spi/1.1.0/reflext.spi-1.1.0.jar
MD5: 2c967ae0c3078d23b615f8825377f304
SHA1: 4df0428c39922079c53955602bce66735f9d20a8
Referenced In Projects/Scopes:

  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Platform - Component Gadgets:compile
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Platform - Extension Webapp:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

reflext.apt-1.1.0.jar

Description: The Reflext Framework Annotation Processing Tool Plugin

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.apt/1.1.0/reflext.apt-1.1.0.jar
MD5: e6bb0195d6cdd15b618939c78999ea4e
SHA1: 093ab21e03197c1c7a2d2d20da4d3dd34a60ac24
Referenced In Projects/Scopes:

  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Platform - Component Gadgets:compile
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Platform - Extension Webapp:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

CVE-2018-1000840  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.

Vulnerable Software & Versions:

chromattic.apt-1.3.0.jar

Description: Chromattic Framework APT Plugin

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.apt/1.3.0/chromattic.apt-1.3.0.jar
MD5: 5f51682435a2e2014a9bd9c5936a5cc5
SHA1: f2e219c2b8e13983a26b4c3f4e8eb54d71730b4d
Referenced In Projects/Scopes:

  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Platform - Component Gadgets:compile
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Platform - Extension Webapp:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

reflext.jlr-1.1.0.jar

Description: The Reflext Framework Java Lang Reflect Plugin

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.jlr/1.1.0/reflext.jlr-1.1.0.jar
MD5: 1103f3b1ed3762e0bd100cbee6e7f345
SHA1: 79ad1a5053213cbb350d37ff12d5f767243c8c46
Referenced In Projects/Scopes:

  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Platform - Component Gadgets:compile
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Platform - Extension Webapp:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

chromattic.core-1.3.0.jar

Description: Chromattic Framework Core

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.core/1.3.0/chromattic.core-1.3.0.jar
MD5: 9ece56be0e1e1b3289bbe177e8e1b4ab
SHA1: 1bc4ebc89d7b47af394b920f44a0b51409343034
Referenced In Projects/Scopes:

  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: Platform - Extension Webapp:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

commons-api-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-api/5.3.x-SNAPSHOT/commons-api-5.3.x-SNAPSHOT.jar
MD5: 2c3b7dfa120a9e5572d3b2c600e4ca02
SHA1: 3405ca34dc1ae7aa88efe1c0c1f2eb4168dd3c60
Referenced In Projects/Scopes:

  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Extension Webapp:runtime
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

  • maven: org.exoplatform.commons:commons-api:5.3.x-SNAPSHOT   Confidence:High

exo.ws.commons-5.3.x-SNAPSHOT.jar

Description: Implementation of Commons Utils for Exoplatform SAS 'Web Services' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/ws/exo.ws.commons/5.3.x-SNAPSHOT/exo.ws.commons-5.3.x-SNAPSHOT.jar
MD5: 916508b41039c72e9c729da2a0093689
SHA1: e3f538d0cc5bcf6360c9e00a0a4a4faabaf4ec6f
Referenced In Projects/Scopes:

  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Platform - Component Gadgets:compile
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Extension Webapp:runtime
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

  • cpe: cpe:/a:ws_project:ws:5.3.20190523   Confidence:Low   
  • maven: org.exoplatform.ws:exo.ws.commons:5.3.x-SNAPSHOT   Confidence:High

bayeux-api-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/bayeux-api/3.0.8/bayeux-api-3.0.8.jar
MD5: a09842b7f274cefffa408299b5fc8dd0
SHA1: d5aceb0e7fef4a140f7e95be48338b97723d3163
Referenced In Projects/Scopes:
  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Extension Webapp:runtime
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

cometd-java-common-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-common/3.0.8/cometd-java-common-3.0.8.jar
MD5: 70c7cc13ecc20634a6b357e33134d551
SHA1: 5e2134a1b3bc6e03b7e1666a74e9993d0bb52a7d
Referenced In Projects/Scopes:
  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Extension Webapp:runtime
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

cometd-java-websocket-javax-server-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-javax-server/3.0.8/cometd-java-websocket-javax-server-3.0.8.jar
MD5: afa5e80138d48292a6f93b708257d2fc
SHA1: 353860f809886a58c181dd9e273ee7b79e133277
Referenced In Projects/Scopes:
  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Extension Webapp:runtime
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

cometd-java-websocket-common-server-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-common-server/3.0.8/cometd-java-websocket-common-server-3.0.8.jar
MD5: 5772b2360cec4ff610e62151fb4deb62
SHA1: 61538a1231b700bf045fa197514f63509960985e
Referenced In Projects/Scopes:
  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Extension Webapp:runtime
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

cometd-java-annotations-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-annotations/3.0.8/cometd-java-annotations-3.0.8.jar
MD5: 98b60697675562cf957655c3239a1ad3
SHA1: 5b56875b2ac024b5666633596abb90702ec35e81
Referenced In Projects/Scopes:
  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile
  • eXo PLF:: Platform - Extension Webapp:runtime
  • eXo PLF:: Platform - Register your Software to Tribe:compile
  • eXo PLF:: Platform - Common:compile

Identifiers

jetty-io-9.2.14.v20151106.jar

Description: Administrative parent pom for Jetty modules

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-io/9.2.14.v20151106/jetty-io-9.2.14.v20151106.jar
MD5: 94d0e857144c7615b6fd65019cd32b59
SHA1: dfa4137371a3f08769820138ca1a2184dacda267
Referenced In Projects/Scopes:
  • eXo PLF:: Platform - Branding Portlet:compile
  • eXo PLF:: Platform - Acme Intranet Webapp:runtime
  • eXo PLF:: Platform - Upgrade Sample:compile
  • eXo PLF:: Welcome Screens Webapp:compile
  • eXo PLF:: Platform - Gadgets:runtime
  • eXo PLF:: Gadget Pack - Services:compile
  • eXo PLF:: welcome-screens Services:compile
  • eXo PLF:: UXP Navigation:compile
  • eXo PLF:: Platform - Organization Model Integration:compile
  • eXo PLF:: Notification Administration Portlet:compile
  • eXo PLF:: Platform component WebUI:compile
  • eXo PLF:: Gadget Pack - Gadgets:runtime
  • eXo PLF:: Platform Oauth authentication and authorization:compile
  • eXo PLF:: Platform - Upgrade plugins:compile
  • eXo PLF:: Platform - Service Gadgets:compile
  • eXo PLF:: Platform - HomePage Portlets:compile
  • eXo PLF:: WAI Template WAR:runtime
  • eXo PLF:: Platform - Navigation Portlet:compile