Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: eXo PLF:: Platform - Extension Webapp

org.exoplatform.platform:platform-extension-webapp:5.3.x-SNAPSHOT

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE Coordinates Highest Severity CVE Count CPE Confidence Evidence Count
commons-lang-2.6.jar org.netbeans.external:org-apache-commons-lang:RELEASE90    0 34
jcr-1.0.1.jar cpe:/a:content_project:content:1.0.1 javax.jcr:jcr:1.0.1 Medium 1 Low 25
portlet-api-2.0.jar javax.portlet:portlet-api:2.0    0 22
groovy-all-2.4.12.jar cpe:/a:apache:groovy:2.4.12 org.codehaus.groovy:groovy-all:2.4.12    0 Low 36
juzu-core-1.2.x-SNAPSHOT.jar org.juzu:juzu-core:1.2.x-SNAPSHOT   0 21
juzu-plugins-validation-1.2.x-SNAPSHOT.jar org.juzu:juzu-plugins-validation:1.2.x-SNAPSHOT   0 24
protobuf-java-2.5.0.jar cpe:/a:google:protobuf:2.5.0 com.google.protobuf:protobuf-java:2.5.0  Medium 1 Highest 29
less4j-1.4.0.jar com.github.sommeri:less4j:1.4.0    0 24
juzu-plugins-less4j-1.2.x-SNAPSHOT.jar org.juzu:juzu-plugins-less4j:1.2.x-SNAPSHOT   0 25
webjars-locator-0.4.jar org.webjars:webjars-locator:0.4    0 19
juzu-plugins-webjars-1.2.x-SNAPSHOT.jar org.juzu:juzu-plugins-webjars:1.2.x-SNAPSHOT   0 23
juzu-plugins-portlet-1.2.x-SNAPSHOT.jar org.juzu:juzu-plugins-portlet:1.2.x-SNAPSHOT   0 24
jsr311-api-1.1.1.jar javax.ws.rs:jsr311-api:1.1.1    0 28
chromattic.api-1.3.0.jar org.chromattic:chromattic.api:1.3.0    0 23
chromattic.testgenerator-1.3.0.jar org.chromattic:chromattic.testgenerator:1.3.0    0 23
chromattic.metamodel-1.3.0.jar org.chromattic:chromattic.metamodel:1.3.0    0 23
reflext.api-1.1.0.jar org.reflext:reflext.api:1.1.0    0 23
reflext.core-1.1.0.jar org.reflext:reflext.core:1.1.0    0 23
reflext.spi-1.1.0.jar org.reflext:reflext.spi:1.1.0    0 25
reflext.apt-1.1.0.jar cpe:/a:processing:processing:1.1.0 org.reflext:reflext.apt:1.1.0  Medium 1 Low 23
chromattic.apt-1.3.0.jar org.chromattic:chromattic.apt:1.3.0    0 23
chromattic.common-1.3.0.jar org.chromattic:chromattic.common:1.3.0    0 25
chromattic.ext-1.3.0.jar org.chromattic:chromattic.ext:1.3.0    0 25
chromattic.spi-1.3.0.jar org.chromattic:chromattic.spi:1.3.0    0 25
commons-component-product-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-component-product:5.3.x-SNAPSHOT   0 26
exo.core.component.security.core-5.3.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.security.core:5.3.x-SNAPSHOT   0 22
mime-util-2.1.3.jar eu.medsea.mimeutil:mime-util:2.1.3    0 30
jakarta-regexp-1.4.jar jakarta-regexp:jakarta-regexp:1.4    0 14
xpp3-1.1.6.jar org.ogce:xpp3:1.1.6    0 24
jcl-over-slf4j-1.7.18.jar org.slf4j:jcl-over-slf4j:1.7.18    0 31
slf4j-api-1.7.18.jar org.slf4j:slf4j-api:1.7.18    0 31
exo.kernel.commons-5.3.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.commons:5.3.x-SNAPSHOT   0 22
commons-beanutils-1.8.3.jar cpe:/a:apache:commons_beanutils:1.8.3 commons-beanutils:commons-beanutils:1.8.3  High 1 Low 34
wci-wci-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.wci:wci-wci:5.3.x-SNAPSHOT   0 29
jibx-run-1.2.6.jar org.jibx:jibx-run:1.2.6    0 29
javax.inject-1.jar javax.inject:javax.inject:1    0 20
cdi-api-1.0-SP4.jar javax.enterprise:cdi-api:1.0-SP4    0 31
exo.kernel.container-5.3.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.container:5.3.x-SNAPSHOT   0 24
icu4j-56.1.jar cpe:/a:icu-project:international_components_for_unicode:56.1::~~~c%2fc%2b%2b~~ com.ibm.icu:icu4j:56.1  High 8 Highest 33
chromattic.core-1.3.0.jar org.chromattic:chromattic.core:1.3.0    0 23
social-component-common-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-common:5.3.x-SNAPSHOT   0 26
common-logging-2.2.2.Final.jar org.gatein.common:common-logging:2.2.2.Final    0 31
joda-time-2.4.jar joda-time:joda-time:2.4    0 34
ehcache-core-2.6.9.jar net.sf.ehcache:ehcache-core:2.6.9    0 19
juel-impl-2.2.7.jar de.odysseus.juel:juel-impl:2.2.7    0 26
shindig-common-2.5.2.jar cpe:/a:apache:shindig:2.5.2 org.apache.shindig:shindig-common:2.5.2    0 Low 26
filters-2.0.235.jar cpe:/a:image_processing_software:image_processing_software:2.0.235
cpe:/a:processing:processing:2.0.235
com.jhlabs:filters:2.0.235  Medium 2 Low 22
simplecaptcha-1.1.1.Final-gatein-4.jar org.gatein.captcha:simplecaptcha:1.1.1.Final-gatein-4   0 27
gatein-api-1.0.1.Final.jar org.gatein.api:gatein-api:1.0.1.Final    0 29
caja-r5054.jar com.google.caja:caja:r5054   0 23
htmlparser-r4209.jar caja:htmlparser:r4209   0 24
oauth-20100527.jar net.oauth.core:oauth:20100527    0 18
oauth-consumer-20090617.jar net.oauth.core:oauth-consumer:20090617   0 17
oauth-httpclient4-20090913.jar net.oauth.core:oauth-httpclient4:20090913   0 20
oauth-provider-20100527.jar net.oauth.core:oauth-provider:20100527    0 18
guava-20.0.jar cpe:/a:google:guava:20.0 com.google.guava:guava:20.0  Medium 1 Highest 29
aopalliance-1.0.jar aopalliance:aopalliance:1.0    0 20
guice-3.0.jar com.google.inject:guice:3.0    0 29
guice-multibindings-3.0.jar com.google.inject.extensions:guice-multibindings:3.0    0 29
nekohtml-1.9.22.jar net.sourceforge.nekohtml:nekohtml:1.9.22    0 20
xercesImpl-2.9.1.jar cpe:/a:apache:xerces2_java:2.9.1 xerces:xercesImpl:2.9.1  High 1 Low 50
sanselan-0.97-incubator.jar org.apache.sanselan:sanselan:0.97-incubator    0 35
commons-codec-1.10.jar commons-codec:commons-codec:1.10    0 38
closure-compiler-externs-v20170910.jar com.google.javascript:closure-compiler-externs:v20170910    0 19
args4j-2.33.jar args4j:args4j:2.33    0 24
error_prone_annotations-2.0.18.jar com.google.errorprone:error_prone_annotations:2.0.18    0 23
gson-2.7.jar com.google.code.gson:gson:2.7    0 35
jsr305-3.0.1.jar com.google.code.findbugs:jsr305:3.0.1    0 23
jsinterop-annotations-1.0.0.jar com.google.jsinterop:jsinterop-annotations:1.0.0    0 19
closure-compiler-v20170910.jar com.google.javascript:closure-compiler:v20170910    0 13
social-component-core-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-core:5.3.x-SNAPSHOT   0 26
common-common-2.2.2.Final.jar org.gatein.common:common-common:2.2.2.Final    0 31
pc-api-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-api:5.3.x-SNAPSHOT   0 27
exo.kernel.component.ext.cache.impl.infinispan.v8-5.3.x-SNAPSHOT.jar cpe:/a:infinispan:infinispan:5.3.0 org.exoplatform.kernel:exo.kernel.component.ext.cache.impl.infinispan.v8:5.3.x-SNAPSHOT Medium 3 Highest 22
staxnav.core-0.9.8.jar org.staxnav:staxnav.core:0.9.8    0 19
commons-lang3-3.3.2.jar org.apache.commons:commons-lang3:3.3.2    0 37
xpp3-1.1.4c.jar xpp3:xpp3:1.1.4c    0 26
picocontainer-1.1.jar picocontainer:picocontainer:1.1    0 28
javax.servlet-api-3.0.1.jar javax.servlet:javax.servlet-api:3.0.1    0 38
sso-integration-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.sso:sso-integration:5.3.x-SNAPSHOT   0 31
httpcore-4.3.3.jar org.apache.httpcomponents:httpcore:4.3.3    0 32
commons-logging-1.1.3.jar commons-logging:commons-logging:1.1.3    0 36
httpclient-4.3.6.jar cpe:/a:apache:httpclient:4.3.6 org.apache.httpcomponents:httpclient:4.3.6    0 Low 32
sso-agent-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.sso:sso-agent:5.3.x-SNAPSHOT   0 29
xmlpull-1.1.3.1.jar xmlpull:xmlpull:1.1.3.1    0 18
xpp3_min-1.1.4c.jar xpp3:xpp3_min:1.1.4c    0 24
xstream-1.4.10.jar cpe:/a:xstream_project:xstream:1.4.10 com.thoughtworks.xstream:xstream:1.4.10  High 1 Highest 53
ccpp-1.0.jar javax.ccpp:ccpp:1.0    0 20
portals-bridges-common-1.0.4.jar org.apache.portals.bridges:portals-bridges-common:1.0.4    0 25
asm-3.1.jar asm:asm:3.1    0 18
cglib-2.2.jar cglib:cglib:2.2    0 20
chromattic.cglib-1.3.0.jar org.chromattic:chromattic.cglib:1.3.0    0 23
javaparser-1.0.8.jar com.google.code.javaparser:javaparser:1.0.8   0 20
chromattic.groovy-1.3.0.jar org.chromattic:chromattic.groovy:1.3.0    0 23
reflext.jlr-1.1.0.jar org.reflext:reflext.jlr:1.1.0    0 23
jtidy-r938.jar cpe:/a:html-tidy:tidy:- net.sf.jtidy:jtidy:r938    0 Low 25
exo.core.component.xml-processing-5.3.x-SNAPSHOT.jar cpe:/a:processing:processing:5.3 org.exoplatform.core:exo.core.component.xml-processing:5.3.x-SNAPSHOT   0 Low 22
exo.core.component.script.groovy-5.3.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.script.groovy:5.3.x-SNAPSHOT   0 22
chromattic.dataobject-1.3.0.jar org.chromattic:chromattic.dataobject:1.3.0    0 23
commons-webui-component-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-webui-component:5.3.x-SNAPSHOT   0 24
commons-api-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-api:5.3.x-SNAPSHOT   0 26
jsr250-api-1.0.jar javax.annotation:jsr250-api:1.0    0 20
bayeux-api-3.0.8.jar org.cometd.java:bayeux-api:3.0.8    0 29
cometd-java-common-3.0.8.jar org.cometd.java:cometd-java-common:3.0.8    0 29
cometd-java-websocket-javax-server-3.0.8.jar org.cometd.java:cometd-java-websocket-javax-server:3.0.8    0 29
cometd-java-websocket-common-server-3.0.8.jar org.cometd.java:cometd-java-websocket-common-server:3.0.8    0 29
cometd-java-annotations-3.0.8.jar org.cometd.java:cometd-java-annotations:3.0.8    0 29
jetty-io-9.2.14.v20151106.jar org.eclipse.jetty:jetty-io:9.2.14.v20151106    0 35
cometd-java-client-3.0.8.jar org.cometd.java:cometd-java-client:3.0.8    0 29
cometd-java-websocket-common-client-3.0.8.jar org.cometd.java:cometd-java-websocket-common-client:3.0.8    0 29
cometd-java-websocket-javax-client-3.0.8.jar org.cometd.java:cometd-java-websocket-javax-client:3.0.8    0 29
cometd-java-oort-3.0.8.jar org.cometd.java:cometd-java-oort:3.0.8    0 29
jetty-jmx-9.2.14.v20151106.jar cpe:/a:jetty:jetty:9.2.14.v20151106
cpe:/a:eclipse:jetty:9.2.14.v20151106
org.eclipse.jetty:jetty-jmx:9.2.14.v20151106  High 4 Low 37
cometd-java-server-3.0.8.jar org.cometd.java:cometd-java-server:3.0.8    0 29
commons-comet-service-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-comet-service:5.3.x-SNAPSHOT   0 26
aspectjrt-1.8.8.jar org.aspectj:aspectjrt:1.8.8    0 21
c3p0-0.9.1.1.jar cpe:/a:mchange:c3p0:0.9.1.1 c3p0:c3p0:0.9.1.1  Medium 1 Highest 23
quartz-2.2.2.jar org.quartz-scheduler:quartz:2.2.2    0 43
owasp-java-html-sanitizer-20160413.1.jar cpe:/a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:20160413.1 com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20160413.1    0 Low 21
jrcs.diff-0.4.2.jar org.jvnet.hudson:org.suigeneris.jrcs.diff:0.4.2    0 17
ecs-1.4.2.jar ecs:ecs:1.4.2    0 14
liquibase-core-3.4.2.jar org.liquibase:liquibase-core:3.4.2    0 19
dom4j-1.6.1.jar cpe:/a:dom4j_project:dom4j:1.6.1 dom4j:dom4j:1.6.1  Medium 1 Highest 31
javassist-3.20.0-GA.jar org.javassist:javassist:3.20.0-GA    0 27
hibernate-jpa-2.0-api-1.0.1.Final.jar org.hibernate.javax.persistence:hibernate-jpa-2.0-api:1.0.1.Final    0 26
hibernate-entitymanager-4.2.21.Final.jar org.hibernate:hibernate-entitymanager:4.2.21.Final    0 32
jackson-core-2.4.2.jar cpe:/a:fasterxml:jackson:2.4.2 com.fasterxml.jackson.core:jackson-core:2.4.2    0 Low 37
jackson-annotations-2.4.0.jar cpe:/a:fasterxml:jackson:2.4.0 com.fasterxml.jackson.core:jackson-annotations:2.4.0    0 Low 37
stax2-api-3.1.4.jar org.codehaus.woodstox:stax2-api:3.1.4    0 29
jackson-dataformat-xml-2.4.2.jar cpe:/a:fasterxml:jackson-databind:2.4.2
cpe:/a:fasterxml:jackson:2.4.2
com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.4.2  High 13 Highest 37
swagger-annotations-1.5.0.jar io.swagger:swagger-annotations:1.5.0    0 24
swagger-models-1.5.0.jar io.swagger:swagger-models:1.5.0    0 24
swagger-core-1.5.0.jar io.swagger:swagger-core:1.5.0    0 17
annotations-2.0.1.jar com.google.code.findbugs:annotations:2.0.1    0 23
reflections-0.9.9.jar org.reflections:reflections:0.9.9    0 19
swagger-jaxrs-1.5.0.jar io.swagger:swagger-jaxrs:1.5.0    0 17
commons-component-common-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-component-common:5.3.x-SNAPSHOT   0 26
commons-component-upgrade-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-component-upgrade:5.3.x-SNAPSHOT   0 26
json-simple-1.1.1.jar com.googlecode.json-simple:json-simple:1.1.1    0 23
commons-httpclient-3.1.jar cpe:/a:apache:httpclient:3.1
cpe:/a:apache:commons-httpclient:3.1
commons-httpclient:commons-httpclient:3.1    0 Low 24
commons-search-5.3.x-SNAPSHOT.jar cpe:/a:pro_search:pro_search:5.3 org.exoplatform.commons:commons-search:5.3.x-SNAPSHOT   0 Low 24
commons-io-2.4.jar commons-io:commons-io:2.4    0 36
commons-file-storage-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-file-storage:5.3.x-SNAPSHOT   0 26
jboss-logging-3.3.0.Final.jar org.jboss.logging:jboss-logging:3.3.0.Final    0 44
antlr-2.7.7.jar antlr:antlr:2.7.7    0 18
hibernate-core-4.2.21.Final.jar org.hibernate:hibernate-core:4.2.21.Final    0 32
commons-dbcp-1.4.jar commons-dbcp:commons-dbcp:1.4    0 34
commons-pool-1.6.jar commons-pool:commons-pool:1.6    0 36
exo.core.component.database-5.3.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.database:5.3.x-SNAPSHOT   0 22
exo.core.component.organization.api-5.3.x-SNAPSHOT.jar cpe:/a:api-platform:core:5.3 org.exoplatform.core:exo.core.component.organization.api:5.3.x-SNAPSHOT   0 Low 22
jdom-1.0.jar jdom:jdom:1.0    0 33
itunes-com-podcast-0.2.jar cpe:/a:apple:itunes:0.2 com.totsp.feedpod:itunes-com-podcast:0.2  High 584 Low 29
commons-chain-1.2.jar commons-chain:commons-chain:1.2    0 34
lucene-core-3.6.2.jar org.apache.lucene:lucene-core:3.6.2    0 26
jurt-3.2.1.jar cpe:/a:openoffice:openoffice.org:3.2.1
cpe:/a:openoffice:openoffice:3.2.1
org.openoffice:jurt:3.2.1  High 8 Highest 18
juh-3.2.1.jar cpe:/a:openoffice:openoffice.org:3.2.1
cpe:/a:openoffice:openoffice:3.2.1
org.openoffice:juh:3.2.1  High 8 Highest 20
ridl-3.2.1.jar cpe:/a:openoffice:openoffice.org:3.2.1
cpe:/a:openoffice:openoffice:3.2.1
org.openoffice:ridl:3.2.1  High 8 Highest 18
unoil-3.2.1.jar cpe:/a:openoffice:openoffice.org:3.2.1
cpe:/a:openoffice:openoffice:3.2.1
org.openoffice:unoil:3.2.1  High 8 Highest 18
jodconverter-core-3.0-eXo03.jar org.artofsolving.jodconverter:jodconverter-core:3.0-eXo03   0 21
exo-jcr-services-5.3.x-SNAPSHOT.jar org.exoplatform:exo-jcr-services:5.3.x-SNAPSHOT   0 24
commons-webui-ext-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-webui-ext:5.3.x-SNAPSHOT   0 24
exo.jcr.component.webdav-5.3.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.webdav:5.3.x-SNAPSHOT   0 22
commons-digester-2.1.jar commons-digester:commons-digester:2.1    0 34
exo.kernel.component.command-5.3.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.command:5.3.x-SNAPSHOT   0 24
exo.ws.commons-5.3.x-SNAPSHOT.jar cpe:/a:ws_project:ws:5.3.20190523 org.exoplatform.ws:exo.ws.commons:5.3.x-SNAPSHOT   0 Low 24
jai-core-1.1.3.jar javax.media:jai-core:1.1.3   0 21
jai-codec-1.1.3.jar com.sun.media:jai-codec:1.1.3   0 22
icepdf-core-5.1.1.jar org.icepdf.os:icepdf-core:5.1.1   0 17
imgscalr-lib-4.2.jar org.imgscalr:imgscalr-lib:4.2    0 23
jdom-1.1.3.jar org.jdom:jdom:1.1.3    0 44
rome-1.0.jar rome:rome:1.0    0 32
jta-1.1.jar javax.transaction:transaction-api:1.1    0 22
ecms-core-services-5.3.x-SNAPSHOT.jar cpe:/a:no-cms_project:no-cms:5.3 org.exoplatform.ecms:ecms-core-services:5.3.x-SNAPSHOT   0 Low 28
ical4j-1.0-beta5.jar ical4j:ical4j:1.0-beta5   0 21
jackrabbit-webdav-1.6.5.jar cpe:/a:apache:jackrabbit:1.6.5 org.apache.jackrabbit:jackrabbit-webdav:1.6.5  Medium 1 Low 26
calendar-service-5.3.x-SNAPSHOT.jar org.exoplatform.calendar:calendar-service:5.3.x-SNAPSHOT   0 28
exo.portal.webui.core-5.3.x-SNAPSHOT.jar cpe:/a:in-portal:in-portal:5.3 org.exoplatform.gatein.portal:exo.portal.webui.core:5.3.x-SNAPSHOT   0 Low 27
integ-calendar-social-5.3.x-SNAPSHOT.jar org.exoplatform.integration:integ-calendar-social:5.3.x-SNAPSHOT   0 26
ecms-core-publication-5.3.x-SNAPSHOT.jar org.exoplatform.ecms:ecms-core-publication:5.3.x-SNAPSHOT   0 26
ecms-core-search-5.3.x-SNAPSHOT.jar cpe:/a:pro_search:pro_search:5.3 org.exoplatform.ecms:ecms-core-search:5.3.x-SNAPSHOT   0 Low 24
ecms-core-connector-5.3.x-SNAPSHOT.jar org.exoplatform.ecms:ecms-core-connector:5.3.x-SNAPSHOT   0 26
ecms-core-webui-5.3.x-SNAPSHOT.jar org.exoplatform.ecms:ecms-core-webui:5.3.x-SNAPSHOT   0 26
ecms-core-publication-plugins-5.3.x-SNAPSHOT.jar org.exoplatform.ecms:ecms-core-publication-plugins:5.3.x-SNAPSHOT   0 26
ecms-core-viewer-5.3.x-SNAPSHOT.jar org.exoplatform.ecms:ecms-core-viewer:5.3.x-SNAPSHOT   0 28
geronimo-stax-api_1.0_spec-1.0.1.jar org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:1.0.1    0 26
ecms-ext-authoring-services-5.3.x-SNAPSHOT.jar org.exoplatform.ecms:ecms-ext-authoring-services:5.3.x-SNAPSHOT   0 26
ecms-core-webui-explorer-5.3.x-SNAPSHOT.jar cpe:/a:content_project:content:5.3 org.exoplatform.ecms:ecms-core-webui-explorer:5.3.x-SNAPSHOT   0 Low 28
social-component-core-jpa-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-core-jpa:5.3.x-SNAPSHOT   0 26
social-component-notification-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-notification:5.3.x-SNAPSHOT   0 28
integ-ecms-social-5.3.x-SNAPSHOT.jar org.exoplatform.integration:integ-ecms-social:5.3.x-SNAPSHOT   0 26
forum-component-rendering-5.3.x-SNAPSHOT.jar org.exoplatform.forum:forum-component-rendering:5.3.x-SNAPSHOT   0 26
forum-application-common-5.3.x-SNAPSHOT.jar org.exoplatform.forum:forum-application-common:5.3.x-SNAPSHOT   0 24
forum-component-bbcode-5.3.x-SNAPSHOT.jar org.exoplatform.forum:forum-component-bbcode:5.3.x-SNAPSHOT   0 26
forum-component-common-5.3.x-SNAPSHOT.jar org.exoplatform.forum:forum-component-common:5.3.x-SNAPSHOT   0 24
forum-forum-service-5.3.x-SNAPSHOT.jar org.exoplatform.forum:forum-forum-service:5.3.x-SNAPSHOT   0 26
integ-forum-social-5.3.x-SNAPSHOT.jar org.exoplatform.integration:integ-forum-social:5.3.x-SNAPSHOT   0 28
jackson-databind-2.3.1.jar cpe:/a:fasterxml:jackson:2.3.1
cpe:/a:fasterxml:jackson-databind:2.3.1
com.fasterxml.jackson.core:jackson-databind:2.3.1  High 13 Highest 37
social-component-service-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-service:5.3.x-SNAPSHOT   0 26
json-20070829.jar org.json:json:20070829    0 23
integ-social-ecms-5.3.x-SNAPSHOT.jar org.exoplatform.integration:integ-social-ecms:5.3.x-SNAPSHOT   0 26
htmlcleaner-2.7.jar cpe:/a:htmlcleaner_project:htmlcleaner:2.7 net.sourceforge.htmlcleaner:htmlcleaner:2.7    0 Low 20
stax-utils-20070216.jar net.java.dev.stax-utils:stax-utils:20070216    0 20
xwiki-commons-xml-5.4.7.jar cpe:/a:xwiki:xwiki:5.4.7 org.xwiki.commons:xwiki-commons-xml:5.4.7 Low 1 Low 26
jcommon-1.0.17.jar org.jfree:jcommon:1.0.17    0 23
jfreechart-1.0.14.jar org.jfree:jfreechart:1.0.14    0 25
velocity-1.7.jar org.apache.velocity:velocity:1.7    0 33
velocity-tools-1.4.jar cpe:/a:apache:struts:1.4 velocity-tools:velocity-tools:1.4    0 Low 19
ezmorph-1.0.6.jar net.sf.ezmorph:ezmorph:1.0.6    0 22
json-lib-2.4-jdk15.jar com.hynnet:json-lib:2.4    0 15
commons-configuration-1.10.jar commons-configuration:commons-configuration:1.10    0 36
snuggletex-core-1.1.0.jar uk.ac.ed.ph.snuggletex:snuggletex-core:1.1.0   0 18
batik-css-1.7.jar cpe:/a:apache:batik:1.7 org.apache.xmlgraphics:batik-css:1.7  High 3 Highest 22
xmlgraphics-commons-1.3.1.jar org.apache.xmlgraphics:xmlgraphics-commons:1.3.1    0 25
jeuclid-core-3.1.5.jar net.sourceforge.jeuclid:jeuclid-core:3.1.5    0 22
snuggletex-jeuclid-1.1.0.jar uk.ac.ed.ph.snuggletex:snuggletex-jeuclid:1.1.0   0 18
serializer-2.7.1.jar cpe:/a:apache:xalan-java:2.7.1 xalan:serializer:2.7.1  High 1 Highest 26
xalan-2.7.1.jar cpe:/a:apache:xalan-java:2.7.1 xalan:xalan:2.7.1  High 1 Highest 40
wiki-renderer-5.3.x-SNAPSHOT.jar org.exoplatform.wiki:wiki-renderer:5.3.x-SNAPSHOT   0 24
integ-wiki-social-5.3.x-SNAPSHOT.jar org.exoplatform.integration:integ-wiki-social:5.3.x-SNAPSHOT   0 26
fontbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:fontbox:1.8.14  Medium 2 Highest 37
jempbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:jempbox:1.8.14  Medium 2 Highest 35
pdfbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:pdfbox:1.8.14  Medium 2 Highest 35
htmllexer-2.1.jar org.htmlparser:htmllexer:2.1    0 23
htmlparser-2.1.jar org.htmlparser:htmlparser:2.1    0 23
poi-3.13.jar cpe:/a:apache:poi:3.13 org.apache.poi:poi:3.13  High 2 Highest 28
tika-core-1.5.jar cpe:/a:apache:tika:1.5 org.apache.tika:tika-core:1.5  High 8 Highest 33
vorbis-java-core-0.1-tests.jar org.gagravarr:vorbis-java-core:0.1    0 23
vorbis-java-tika-0.1.jar cpe:/a:apache:tika:0.1 org.gagravarr:vorbis-java-tika:0.1  High 6 Highest 23
netcdf-4.2-min.jar edu.ucar:netcdf:4.2-min    0 21
apache-mime4j-core-0.7.2.jar cpe:/a:apache:james:0.7.2 org.apache.james:apache-mime4j-core:0.7.2    0 Low 33
xz-1.2.jar cpe:/a:tukaani:xz:1.2 org.tukaani:xz:1.2  Medium 1 Low 27
commons-compress-1.5.jar cpe:/a:apache:commons-compress:1.5 org.apache.commons:commons-compress:1.5    0 Low 39
tagsoup-1.2.1.jar org.ccil.cowan.tagsoup:tagsoup:1.2.1    0 18
asm-debug-all-4.1.jar org.ow2.asm:asm-debug-all:4.1    0 28
isoparser-1.0-RC-1.jar cpe:/a:boxes_project:boxes:7.x-1.0 com.googlecode.mp4parser:isoparser:1.0-RC-1  Low 1 Highest 24
xmpcore-5.1.2.jar com.adobe.xmp:xmpcore:5.1.2    0 30
metadata-extractor-2.6.2.jar com.drewnoakes:metadata-extractor:2.6.2    0 21
vorbis-java-core-0.1.jar org.gagravarr:vorbis-java-core:0.1    0 21
juniversalchardet-1.0.3.jar org.zenframework.z8.dependencies.commons:juniversalchardet-1.0.3:2.0    0 26
jhighlight-1.0.jar com.uwyn:jhighlight:1.0    0 25
xmlbeans-2.6.0.jar org.apache.xmlbeans:xmlbeans:2.6.0    0 24
exo.core.component.document-5.3.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.document:5.3.x-SNAPSHOT   0 22
lucene-analyzers-3.6.2.jar org.apache.lucene:lucene-analyzers:3.6.2    0 26
lucene-spellchecker-3.6.2.jar org.apache.lucene:lucene-spellchecker:3.6.2    0 26
concurrent-1.3.4.jar concurrent:concurrent:1.3.4    0 23
commons-collections-3.2.2.jar cpe:/a:apache:commons_collections:3.2.2 commons-collections:commons-collections:3.2.2    0 Low 40
jgroups-3.6.13.Final.jar org.jgroups:jgroups:3.6.13.Final    0 32
jbossjta-4.16.6.Final.jar org.jboss.jbossts:jbossjta:4.16.6.Final    0 22
ws-commons-util-1.0.1.jar cpe:/a:ws_project:ws:1.0.1 ws-commons-util:ws-commons-util:1.0.1  Medium 1 Low 30
jboss-common-core-2.2.22.GA.jar org.jboss:jboss-common-core:2.2.22.GA    0 30
stringtemplate-3.2.1.jar org.antlr:stringtemplate:3.2.1    0 23
antlr-runtime-3.4.jar org.antlr:antlr-runtime:3.4    0 25
jboss-marshalling-osgi-2.0.0.Beta3.jar org.jboss.marshalling:jboss-marshalling-osgi:2.0.0.Beta3    0 29
infinispan-core-8.2.6.Final.jar cpe:/a:infinispan:infinispan:8.2.6 org.infinispan:infinispan-core:8.2.6.Final  Medium 3 Highest 35
exo.jcr.component.core-5.3.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.core:5.3.x-SNAPSHOT   0 22
exo.jcr.component.ext-5.3.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.ext:5.3.x-SNAPSHOT   0 22
exo.kernel.component.cache-5.3.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.cache:5.3.x-SNAPSHOT   0 22
mail-1.4.7.jar cpe:/a:sun:javamail:1.4.7 javax.mail:mail:1.4.7    0 Low 41
exo.kernel.component.common-5.3.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.common:5.3.x-SNAPSHOT   0 24
calendar-webservice-5.3.x-SNAPSHOT.jar org.exoplatform.calendar:calendar-webservice:5.3.x-SNAPSHOT   0 26
platform-component-common-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-component-common:5.3.x-SNAPSHOT   0 25
platform-component-edition-community-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-component-edition-community:5.3.x-SNAPSHOT   0 25
platform-component-gadgets-5.3.x-SNAPSHOT.jar cpe:/a:user_dashboard_project:user_dashboard:5.3 org.exoplatform.platform:platform-component-gadgets:5.3.x-SNAPSHOT   0 Low 27
stax-api-1.0-2.jar javax.xml.stream:stax-api:1.0-2    0 20
activation-1.1.1.jar javax.activation:activation:1.1.1    0 24
jaxb-api-2.1.jar javax.xml.bind:jaxb-api:2.1    0 15
jaxb-impl-2.1.8.jar com.sun.xml.bind:jaxb-impl:2.1.8    0 20
picketlink-idm-core-1.4.6.Final.jar cpe:/a:picketlink:picketlink:1.4.6 org.picketlink.idm:picketlink-idm-core:1.4.6.Final  Medium 3 Low 37
log4j-1.2.17.jar cpe:/a:apache:log4j:2.0:alpha1 log4j:log4j:1.2.17  High 1 High 33
platform-component-organization-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-component-organization:5.3.x-SNAPSHOT   0 25
platform-component-upgrade-plugins-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-component-upgrade-plugins:5.3.x-SNAPSHOT   0 25
platform-extension-config-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-extension-config:5.3.x-SNAPSHOT   0 25
calendar-component-create-5.3.x-SNAPSHOT.jar org.exoplatform.calendar:calendar-component-create:5.3.x-SNAPSHOT   0 24
ecms-core-webui-seo-5.3.x-SNAPSHOT.jar cpe:/a:content_project:content:5.3.20190524 org.exoplatform.ecms:ecms-core-webui-seo:5.3.x-SNAPSHOT   0 Low 28
forum-application-create-5.3.x-SNAPSHOT.jar org.exoplatform.forum:forum-application-create:5.3.x-SNAPSHOT   0 26
platform-component-uxpnavigation-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-component-uxpnavigation:5.3.x-SNAPSHOT   0 25
ecms-core-webui-administration-5.3.x-SNAPSHOT.jar org.exoplatform.ecms:ecms-core-webui-administration:5.3.x-SNAPSHOT   0 26
platform-component-webui-5.3.x-SNAPSHOT.jar org.exoplatform.platform:platform-component-webui:5.3.x-SNAPSHOT   0 25
wiki-macros-iframe-5.3.x-SNAPSHOT.jar org.exoplatform.wiki:wiki-macros-iframe:5.3.x-SNAPSHOT   0 26
jython-standalone-2.5.4-rc1.jar cpe:/a:jython_project:jython:2.5.4.rc1 org.python:jython-standalone:2.5.4-rc1    0 Low 10
pygments-1.6.jar cpe:/a:pygments:pygments:1.6 org.pygments:pygments:1.6  High 1 Highest 18
jdom2-2.0.5.jar org.jdom:jdom2:2.0.5    0 43
wiki-webui-5.3.x-SNAPSHOT.jar org.exoplatform.wiki:wiki-webui:5.3.x-SNAPSHOT   0 26
twitter4j-core-3.0.5.jar cpe:/a:twitter_project:twitter:3.0.5
cpe:/a:twitter:twitter:3.0.5
org.twitter4j:twitter4j-core:3.0.5    0 Low 22
scribe-1.3.5.jar cpe:/a:scribe:scribe:1.3.5 org.scribe:scribe:1.3.5    0 Low 23
google-http-client-1.14.1-beta.jar com.google.http-client:google-http-client:1.14.1-beta    0 24
google-oauth-client-1.14.1-beta.jar com.google.oauth-client:google-oauth-client:1.14.1-beta    0 24
google-api-client-1.14.1-beta.jar com.google.api-client:google-api-client:1.14.1-beta    0 22
jackson-core-asl-1.9.11.jar cpe:/a:fasterxml:jackson:1.9.11 org.codehaus.jackson:jackson-core-asl:1.9.11    0 Low 32
google-http-client-jackson-1.14.1-beta.jar com.google.http-client:google-http-client-jackson:1.14.1-beta    0 22
google-api-services-plus-v1-rev69-1.14.2-beta.jar com.google.apis:google-api-services-plus:v1-rev69-1.14.2-beta    0 26
google-api-services-oauth2-v2-rev36-1.14.2-beta.jar com.google.apis:google-api-services-oauth2:v2-rev36-1.14.2-beta    0 26
social-component-webui-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-webui:5.3.x-SNAPSHOT   0 28
gwt-servlet-2.6.1.jar cpe:/a:google:protobuf:2.5.0
cpe:/a:google:protobuf:2.6.1
com.google.gwt:gwt-servlet:2.6.1  Medium 1 Highest 27
commons-fileupload-1.3.3.jar cpe:/a:apache:commons_fileupload:1.3.3 commons-fileupload:commons-fileupload:1.3.3    0 Low 40
jboss-logging-annotations-1.2.0.Beta1.jar org.jboss.logging:jboss-logging-annotations:1.2.0.Beta1    0 30
hibernate-commons-annotations-4.0.5.Final.jar org.hibernate.common:hibernate-commons-annotations:4.0.5.Final    0 30
itext-2.1.7.jar com.lowagie:itext:2.1.7    0 23
validation-api-1.1.0.Final.jar javax.validation:validation-api:1.1.0.Final    0 22
sac-1.3.jar org.w3c.css:sac:1.3    0 27
cssparser-0.9.18.jar net.sourceforge.cssparser:cssparser:0.9.18    0 27
bcmail-jdk15-1.45.jar cpe:/a:no-cms_project:no-cms:1.45 org.bouncycastle:bcmail-jdk15:1.45    0 Low 24
bcprov-jdk15-1.45.jar cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.45
cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.45
org.bouncycastle:bcprov-jdk15:1.45  Medium 1 Low 24
bctsp-jdk15-1.45.jar org.bouncycastle:bctsp-jdk15:1.45    0 24
mchange-commons-java-0.2.3.4.jar com.mchange:mchange-commons-java:0.2.3.4    0 19
c3p0-0.9.2.1.jar cpe:/a:mchange:c3p0:0.9.2.1 com.mchange:c3p0:0.9.2.1  Medium 1 Highest 24
hibernate-c3p0-4.2.21.Final.jar org.hibernate:hibernate-c3p0:4.2.21.Final    0 32
exo.core.component.organization.jdbc-5.3.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.organization.jdbc:5.3.x-SNAPSHOT   0 22
jrcs.rcs-0.4.2.jar org.jvnet.hudson:org.suigeneris.jrcs.rcs:0.4.2    0 17
flying-saucer-core-9.0.8.jar org.xhtmlrenderer:flying-saucer-core:9.0.8    0 21
flying-saucer-pdf-9.0.8.jar org.xhtmlrenderer:flying-saucer-pdf:9.0.8    0 23
wiki-service-5.3.x-SNAPSHOT.jar org.exoplatform.wiki:wiki-service:5.3.x-SNAPSHOT   0 26
exo.ws.rest.core-5.3.x-SNAPSHOT.jar cpe:/a:ws_project:ws:5.3 org.exoplatform.ws:exo.ws.rest.core:5.3.x-SNAPSHOT   0 Low 24
pc-portlet-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-portlet:5.3.x-SNAPSHOT   0 27
pc-federation-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-federation:5.3.x-SNAPSHOT   0 29
pc-bridge-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-bridge:5.3.x-SNAPSHOT   0 27
mop-api-1.3.2.Final.jar org.gatein.mop:mop-api:1.3.2.Final   0 30
mop-spi-1.3.2.Final.jar org.gatein.mop:mop-spi:1.3.2.Final   0 30
mop-core-1.3.2.Final.jar org.gatein.mop:mop-core:1.3.2.Final   0 30
gatein-management-api-2.1.0.Final.jar org.gatein.management:gatein-management-api:2.1.0.Final   0 28
gatein-management-spi-2.1.0.Final.jar org.gatein.management:gatein-management-spi:2.1.0.Final   0 28
redirect-5.3.x-SNAPSHOT.jar cpe:/a:in-portal:in-portal:5.3 org.gatein.web:redirect:5.3.x-SNAPSHOT   0 Low 27
hibernate-validator-4.2.0.Final.jar cpe:/a:bean_project:bean:4.2.0 org.hibernate:hibernate-validator:4.2.0.Final    0 Low 27
ehcache-core-2.6.9.jar: sizeof-agent.jar net.sf.ehcache:sizeof-agent:1.0.1   0 26
jython-standalone-2.5.4-rc1.jar: jline64.dll   0 4
jython-standalone-2.5.4-rc1.jar: jline32.dll   0 4
jython-standalone-2.5.4-rc1.jar: wininst-7.1.exe   0 4
jython-standalone-2.5.4-rc1.jar: wininst-6.exe   0 4
jython-standalone-2.5.4-rc1.jar: jffi-1.0.dll   0 4
jython-standalone-2.5.4-rc1.jar: jffi-1.0.dll   0 4
closure-compiler-v20170910.jar/META-INF/maven/com.google.javascript/closure-compiler/pom.xml cpe:/a:google:gmail:- com.google.javascript:closure-compiler:v20170910 Medium 1 Low 15
closure-compiler-v20170910.jar/META-INF/maven/com.google.protobuf/protobuf-java/pom.xml cpe:/a:google:protobuf:3.0.2 com.google.protobuf:protobuf-java:3.0.2 Medium 1 Highest 13
jackson-dataformat-yaml-2.4.2.jar/META-INF/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/pom.xml cpe:/a:fasterxml:jackson:2.4.2 com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.4.2   0 Low 16
jackson-dataformat-yaml-2.4.2.jar/META-INF/maven/org.yaml/snakeyaml/pom.xml org.yaml:snakeyaml:1.12   0 11
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling/pom.xml org.jboss.marshalling:jboss-marshalling:2.0.0.Beta3   0 13
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-river/pom.xml org.jboss.marshalling:jboss-marshalling-river:2.0.0.Beta3   0 13
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-serial/pom.xml org.jboss.marshalling:jboss-marshalling-serial:2.0.0.Beta3   0 13
jython-standalone-2.5.4-rc1.jar/META-INF/maven/jline/jline/pom.xml jline:jline:0.9.95-SNAPSHOT   0 11
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.antlr/antlr-runtime/pom.xml org.antlr:antlr-runtime:3.1.3   0 15
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.ext.posix/jnr-posix/pom.xml cpe:/a:jruby:jruby:1.1.4 org.jruby.ext.posix:jnr-posix:1.1.4 High 3 Highest 9
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/constantine/pom.xml cpe:/a:values_project:values:0.7 org.jruby.extras:constantine:0.7   0 Low 11
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jaffl/pom.xml org.jruby.extras:jaffl:0.5.1   0 11
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jffi/pom.xml cpe:/a:jruby:jruby:1.0.1 org.jruby.extras:jffi:1.0.1 High 3 Highest 11
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jnr-netdb/pom.xml org.jruby.extras:jnr-netdb:0.4   0 11
hibernate-validator-4.2.0.Final.jar/META-INF/maven/com.googlecode.jtype/jtype/pom.xml com.googlecode.jtype:jtype:0.1.1   0 12

Dependencies

commons-lang-2.6.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

jcr-1.0.1.jar

Description: Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation.

License:

Day License: http://www.day.com/maven/jsr170/licenses/day-spec-license.htm
File Path: /home/ciagent/.m2/repository/javax/jcr/jcr/1.0.1/jcr-1.0.1.jar
MD5: 4639c7b994528948dab1a4feb1f68d6f
SHA1: 567ee103cf7592e3cf036e1bf4e2e06b9f08e1a1
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

  • cpe: cpe:/a:content_project:content:1.0.1   Confidence:Low   
  • maven: javax.jcr:jcr:1.0.1   Confidence:High

CVE-2017-16111  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.

Vulnerable Software & Versions:

portlet-api-2.0.jar

Description: The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group.

File Path: /home/ciagent/.m2/repository/javax/portlet/portlet-api/2.0/portlet-api-2.0.jar
MD5: 0ec08593cda1df33985391919996c740
SHA1: 1cd72f2a37fcf8ab9893a9468d7ba71c85fe2653
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

groovy-all-2.4.12.jar

Description: Groovy: A powerful, dynamic language for the JVM

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/codehaus/groovy/groovy-all/2.4.12/groovy-all-2.4.12.jar
MD5: dddb0b3d3619875fa1c538c743ae8f99
SHA1: 760afc568cbd94c09d78f801ce51aed1326710af
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

juzu-core-1.2.x-SNAPSHOT.jar

Description: Where all the magic happens

File Path: /home/ciagent/.m2/repository/org/juzu/juzu-core/1.2.x-SNAPSHOT/juzu-core-1.2.x-SNAPSHOT.jar
MD5: 42ecfca71160570f74a07cdc14111b47
SHA1: ae777cb6afe422a13fcd98906044be255e84b71d
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:provided

Identifiers

  • maven: org.juzu:juzu-core:1.2.x-SNAPSHOT   Confidence:High

juzu-plugins-validation-1.2.x-SNAPSHOT.jar

Description: The Validation plugin

File Path: /home/ciagent/.m2/repository/org/juzu/juzu-plugins-validation/1.2.x-SNAPSHOT/juzu-plugins-validation-1.2.x-SNAPSHOT.jar
MD5: 93ff9535396d689bcf418d322f90196d
SHA1: 162bdd95acfb7ab6c70df5eb0002552713b02d20
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

  • maven: org.juzu:juzu-plugins-validation:1.2.x-SNAPSHOT   Confidence:High

protobuf-java-2.5.0.jar

Description:  Protocol Buffers are a way of encoding structured data in an efficient yet extensible format.

License:

New BSD license: http://www.opensource.org/licenses/bsd-license.php
File Path: /home/ciagent/.m2/repository/com/google/protobuf/protobuf-java/2.5.0/protobuf-java-2.5.0.jar
MD5: a44473b98947e2a54c54e0db1387d137
SHA1: a10732c76bfacdbd633a7eb0f7968b1059a65dfa
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

less4j-1.4.0.jar

Description: Less language is an extension of css and less4j compiles it into regular css. It adds several dynamic features into css: variables, expressions, nested rules. Less4j is a port. The original compiler was written in JavaScript and is called less.js. The less language is mostly defined in less.js documentation/issues and by what less.js actually do. Links to less.js: * home page: http://lesscss.org/ * source code & issues: https://github.com/cloudhead/less.js

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
Eclipse Public License (EPL): http://www.eclipse.org/legal/epl-v10.html
Gnu General Public License, Version 3: http://www.gnu.org/licenses/gpl-3.0.html
File Path: /home/ciagent/.m2/repository/com/github/sommeri/less4j/1.4.0/less4j-1.4.0.jar
MD5: 599d020aa5e514142fc4acdfa0549ac8
SHA1: bce0d21fe039f12ffd2b8ac366ce7d9599ace27a
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

juzu-plugins-less4j-1.2.x-SNAPSHOT.jar

Description: The Less4j plugin

File Path: /home/ciagent/.m2/repository/org/juzu/juzu-plugins-less4j/1.2.x-SNAPSHOT/juzu-plugins-less4j-1.2.x-SNAPSHOT.jar
MD5: 665113006d9db65af777462f89297a96
SHA1: 7dbf383adb993e3ce48f6f56d4940470521ce96a
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

  • maven: org.juzu:juzu-plugins-less4j:1.2.x-SNAPSHOT   Confidence:High

webjars-locator-0.4.jar

Description: WebJar Locator

License:

None: http://webjars.org
File Path: /home/ciagent/.m2/repository/org/webjars/webjars-locator/0.4/webjars-locator-0.4.jar
MD5: 396406ea3c611d1448cf4ecf62500dc4
SHA1: 238a9af5803c4ed4321dedd281a0b1e01b8f6e7b
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

juzu-plugins-webjars-1.2.x-SNAPSHOT.jar

Description: The Webjars plugin

File Path: /home/ciagent/.m2/repository/org/juzu/juzu-plugins-webjars/1.2.x-SNAPSHOT/juzu-plugins-webjars-1.2.x-SNAPSHOT.jar
MD5: dd3b96de45b9a676395e5f1c3a9cf64b
SHA1: 63ac95192c3605cc1ca05b97ecaf50951f453bc6
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

  • maven: org.juzu:juzu-plugins-webjars:1.2.x-SNAPSHOT   Confidence:High

juzu-plugins-portlet-1.2.x-SNAPSHOT.jar

Description: The Portlet plugin

File Path: /home/ciagent/.m2/repository/org/juzu/juzu-plugins-portlet/1.2.x-SNAPSHOT/juzu-plugins-portlet-1.2.x-SNAPSHOT.jar
MD5: 8b0e860e2033b80a55b9410731d88094
SHA1: 41fea9540dc233af8ae0e7b8e4047af52730ba73
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:provided

Identifiers

  • maven: org.juzu:juzu-plugins-portlet:1.2.x-SNAPSHOT   Confidence:High

jsr311-api-1.1.1.jar

License:

                CDDL License
            : http://www.opensource.org/licenses/cddl1.php
File Path: /home/ciagent/.m2/repository/javax/ws/rs/jsr311-api/1.1.1/jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

chromattic.api-1.3.0.jar

Description: Chromattic Framework API

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.api/1.3.0/chromattic.api-1.3.0.jar
MD5: 11f2df6e3a3b4451719710c0f4c08103
SHA1: 4f60a9585bd6e68833eaaea1f1a615c682adbe27
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

chromattic.testgenerator-1.3.0.jar

Description: Chromattic Framework generator

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.testgenerator/1.3.0/chromattic.testgenerator-1.3.0.jar
MD5: 971802dfdfdc6500f1ff0e583a7659a1
SHA1: e725269db29a0fc8c982df481e5ce09b84e5d6a8
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:test-compile

Identifiers

chromattic.metamodel-1.3.0.jar

Description: Chromattic Framework Metamodel

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.metamodel/1.3.0/chromattic.metamodel-1.3.0.jar
MD5: 0d534975c688ebabbc232601c6bc13da
SHA1: fbaa10037faf34a2d4d8eeb4e6b5ce28c95a9455
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

reflext.api-1.1.0.jar

Description: The Reflext Framework API

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.api/1.1.0/reflext.api-1.1.0.jar
MD5: fe732172fa2fb5ae4b63866ef15da41f
SHA1: 28374c509099736aeedc52fef3d7b8e78238c2a0
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

reflext.core-1.1.0.jar

Description: The Reflect Framework Core

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.core/1.1.0/reflext.core-1.1.0.jar
MD5: cc65231f60a70dec43a57ccba5adce81
SHA1: 56316a714b99d7ac85d23d0f1a4680149c3273d6
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

reflext.spi-1.1.0.jar

Description: The Reflext Framework SPI

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.spi/1.1.0/reflext.spi-1.1.0.jar
MD5: 2c967ae0c3078d23b615f8825377f304
SHA1: 4df0428c39922079c53955602bce66735f9d20a8
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

reflext.apt-1.1.0.jar

Description: The Reflext Framework Annotation Processing Tool Plugin

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.apt/1.1.0/reflext.apt-1.1.0.jar
MD5: e6bb0195d6cdd15b618939c78999ea4e
SHA1: 093ab21e03197c1c7a2d2d20da4d3dd34a60ac24
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

CVE-2018-1000840  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.

Vulnerable Software & Versions:

chromattic.apt-1.3.0.jar

Description: Chromattic Framework APT Plugin

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.apt/1.3.0/chromattic.apt-1.3.0.jar
MD5: 5f51682435a2e2014a9bd9c5936a5cc5
SHA1: f2e219c2b8e13983a26b4c3f4e8eb54d71730b4d
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

chromattic.common-1.3.0.jar

Description: Chromattic Framework Common

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.common/1.3.0/chromattic.common-1.3.0.jar
MD5: 15bfb4cc0312aefffb25952cdf18b2cd
SHA1: 55470175c1ba46a917504acf97018e6ef2932659
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

chromattic.ext-1.3.0.jar

Description: Chromattic Framework Extensions

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.ext/1.3.0/chromattic.ext-1.3.0.jar
MD5: a8482bb9fe7572e77a58627251740ee1
SHA1: ea3bd25892c827d9b830aea768de69e200a93165
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

chromattic.spi-1.3.0.jar

Description: Chromattic Framework SPI

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.spi/1.3.0/chromattic.spi-1.3.0.jar
MD5: e440e3f5a8e5ad38720975546ab7f06d
SHA1: 64c36f826b832acab48fea793b7c70b019a46181
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

commons-component-product-5.3.x-SNAPSHOT.jar

Description: Product informations: version, revision and build numbers

File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-component-product/5.3.x-SNAPSHOT/commons-component-product-5.3.x-SNAPSHOT.jar
MD5: b8901f4806b4b15c95950919ab4e22cc
SHA1: 18deee3c16a7fbe462e1ffe37e4317fe89a9d24c
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

  • maven: org.exoplatform.commons:commons-component-product:5.3.x-SNAPSHOT   Confidence:High

exo.core.component.security.core-5.3.x-SNAPSHOT.jar

Description: Implementation of 'eXo Security' component of Exoplatform SAS 'eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.security.core/5.3.x-SNAPSHOT/exo.core.component.security.core-5.3.x-SNAPSHOT.jar
MD5: 488f425f279a0c228294112bce69f54a
SHA1: 851b19507264b0f4a9f19d3752df3b127276ce2a
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

  • maven: org.exoplatform.core:exo.core.component.security.core:5.3.x-SNAPSHOT   Confidence:High

mime-util-2.1.3.jar

Description: mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/eu/medsea/mimeutil/mime-util/2.1.3/mime-util-2.1.3.jar
MD5: 3d4f3e1a96eb79683197f1c8b182f4a6
SHA1: 0c9cfae15c74f62491d4f28def0dff1dabe52a47
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

jakarta-regexp-1.4.jar

File Path: /home/ciagent/.m2/repository/jakarta-regexp/jakarta-regexp/1.4/jakarta-regexp-1.4.jar
MD5: 5d8b8c601c21b37aa6142d38f45c0297
SHA1: 0ea514a179ac1dd7e81c7e6594468b9b9910d298
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

xpp3-1.1.6.jar

Description: XML Pull parser library developed by Extreme Computing Lab, Indiana University

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/ogce/xpp3/1.1.6/xpp3-1.1.6.jar
MD5: 626a429318310e92e3466151e050bdc5
SHA1: dc87e00ddb69341b46a3eb1c331c6fcebf6c8546
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

jcl-over-slf4j-1.7.18.jar

Description: JCL 1.1.1 implemented over SLF4J

File Path: /home/ciagent/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.18/jcl-over-slf4j-1.7.18.jar
MD5: 86c8f80da62e4640564effb9dff7e003
SHA1: eca71be00af2579564e9f3a23ce0b245ca79ee5d
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

slf4j-api-1.7.18.jar

Description: The slf4j API

File Path: /home/ciagent/.m2/repository/org/slf4j/slf4j-api/1.7.18/slf4j-api-1.7.18.jar
MD5: 1b1d1af21206ac5ae44cd79a6c04dd92
SHA1: b631d286463ced7cc42ee2171fe3beaed2836823
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

exo.kernel.commons-5.3.x-SNAPSHOT.jar

Description: Implementation of Commons Utils of Exoplatform SAS 'eXo Kernel' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.commons/5.3.x-SNAPSHOT/exo.kernel.commons-5.3.x-SNAPSHOT.jar
MD5: e45922985af7344ecbcca4bae3fc09ab
SHA1: c338e8e2fb4598959349acdf407306be46246113
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

  • maven: org.exoplatform.kernel:exo.kernel.commons:5.3.x-SNAPSHOT   Confidence:High

commons-beanutils-1.8.3.jar

Description: BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar
MD5: b45be74134796c89db7126083129532f
SHA1: 686ef3410bcf4ab8ce7fd0b899e832aaba5facf7
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

CVE-2014-0114  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

wci-wci-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/wci/wci-wci/5.3.x-SNAPSHOT/wci-wci-5.3.x-SNAPSHOT.jar
MD5: 2ab001252fa543ff2b30839d5d8b60ec
SHA1: 70f414374362f77fa7ec7a35797e32395bbf36ee
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

  • maven: org.exoplatform.gatein.wci:wci-wci:5.3.x-SNAPSHOT   Confidence:High

jibx-run-1.2.6.jar

Description: JiBX runtime code

License:

http://jibx.sourceforge.net/jibx-license.html
File Path: /home/ciagent/.m2/repository/org/jibx/jibx-run/1.2.6/jibx-run-1.2.6.jar
MD5: 4ef53e4279c8440aff2d16c0af024231
SHA1: 544f3ac7887d7eed20ca0420ee1963df6c7ecebb
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

javax.inject-1.jar

Description: The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

cdi-api-1.0-SP4.jar

Description: APIs for JSR-299: Contexts and Dependency Injection for Java EE

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/javax/enterprise/cdi-api/1.0-SP4/cdi-api-1.0-SP4.jar
MD5: 6c1e2b4036d64b6ba1a1136a00c7cdaa
SHA1: 6e38490033eb8b36c4cf1f7605163424a574dcf0
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

exo.kernel.container-5.3.x-SNAPSHOT.jar

Description: Implementation of Container for Exoplatform SAS 'eXo Kernel' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.container/5.3.x-SNAPSHOT/exo.kernel.container-5.3.x-SNAPSHOT.jar
MD5: e3a9fd28ca075c2222bbeed39e55297d
SHA1: 6a171b6b0e06e09151f08de470d69b3b5358489a
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile

Identifiers

  • maven: org.exoplatform.kernel:exo.kernel.container:5.3.x-SNAPSHOT   Confidence:High

icu4j-56.1.jar

Description:  International Component for Unicode for Java (ICU4J) is a mature, widely used Java library providing Unicode and Globalization support

License:

ICU License: http://source.icu-project.org/repos/icu/icu/trunk/license.html
File Path: /home/ciagent/.m2/repository/com/ibm/icu/icu4j/56.1/icu4j-56.1.jar
MD5: 7bd1a7a1295868726f991c7593dce442
SHA1: 8dd6671f52165a0419e6de5e1016400875a90fa9
Referenced In Project/Scope: eXo PLF:: Platform - Extension Webapp:compile