Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: eXo PLF:: Wiki

org.exoplatform.wiki:wiki:5.3.x-SNAPSHOT

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE Coordinates Highest Severity CVE Count CPE Confidence Evidence Count
platform-ui-skin-5.3.x-SNAPSHOT.war org.exoplatform.platform-ui:platform-ui-skin:5.3.x-SNAPSHOT   0 24
gwt-servlet-2.6.1.jar cpe:/a:google:protobuf:2.5.0
cpe:/a:google:protobuf:2.6.1 		com.google.gwt:gwt-servlet:2.6.1  Medium 1 Highest 27
smartgwt-lgpl-6.0-p20170514.jar cpe:/a:widgets_project:widgets:6.0.p20170514 com.isomorphic.smartgwt.lgpl:smartgwt-lgpl:6.0-p20170514 Medium 1 Low 14
xwiki-platform-gwt-dom-6.0.jar cpe:/a:xwiki:xwiki:6.0 org.xwiki.platform:xwiki-platform-gwt-dom:6.0 Low 1 Low 26
slf4j-api-1.7.18.jar org.slf4j:slf4j-api:1.7.18    0 31
javax.inject-1.jar javax.inject:javax.inject:1    0 20
commons-io-2.4.jar commons-io:commons-io:2.4    0 36
jcommon-1.0.17.jar org.jfree:jcommon:1.0.17    0 23
jfreechart-1.0.14.jar org.jfree:jfreechart:1.0.14    0 25
velocity-1.7.jar org.apache.velocity:velocity:1.7    0 33
velocity-tools-1.4.jar cpe:/a:apache:struts:1.4 velocity-tools:velocity-tools:1.4    0 Low 19
commons-codec-1.10.jar commons-codec:commons-codec:1.10    0 38
jackson-core-2.3.1.jar cpe:/a:fasterxml:jackson:2.3.1 com.fasterxml.jackson.core:jackson-core:2.3.1    0 Low 37
jackson-annotations-2.3.0.jar cpe:/a:fasterxml:jackson:2.3.0 com.fasterxml.jackson.core:jackson-annotations:2.3.0    0 Low 37
jackson-databind-2.3.1.jar cpe:/a:fasterxml:jackson:2.3.1
cpe:/a:fasterxml:jackson-databind:2.3.1 		com.fasterxml.jackson.core:jackson-databind:2.3.1  High 13 Highest 37
ezmorph-1.0.6.jar net.sf.ezmorph:ezmorph:1.0.6    0 22
json-lib-2.4-jdk15.jar com.hynnet:json-lib:2.4    0 15
commons-configuration-1.10.jar commons-configuration:commons-configuration:1.10    0 36
commons-collections-3.2.2.jar cpe:/a:apache:commons_collections:3.2.2 commons-collections:commons-collections:3.2.2    0 Low 40
commons-lang3-3.2.jar org.apache.commons:commons-lang3:3.2    0 37
rome-1.0.jar rome:rome:1.0    0 32
jdom-1.1.3.jar org.jdom:jdom:1.1.3    0 44
commons-httpclient-3.1.jar cpe:/a:apache:httpclient:3.1
cpe:/a:apache:commons-httpclient:3.1 		commons-httpclient:commons-httpclient:3.1    0 Low 24
snuggletex-core-1.1.0.jar uk.ac.ed.ph.snuggletex:snuggletex-core:1.1.0   0 18
batik-css-1.7.jar cpe:/a:apache:batik:1.7 org.apache.xmlgraphics:batik-css:1.7  High 3 Highest 22
xmlgraphics-commons-1.3.1.jar org.apache.xmlgraphics:xmlgraphics-commons:1.3.1    0 25
jeuclid-core-3.1.5.jar net.sourceforge.jeuclid:jeuclid-core:3.1.5    0 22
snuggletex-jeuclid-1.1.0.jar uk.ac.ed.ph.snuggletex:snuggletex-jeuclid:1.1.0   0 18
serializer-2.7.1.jar cpe:/a:apache:xalan-java:2.7.1 xalan:serializer:2.7.1  High 1 Highest 26
xalan-2.7.1.jar cpe:/a:apache:xalan-java:2.7.1 xalan:xalan:2.7.1  High 1 Highest 40
commons-lang-2.6.jar org.netbeans.external:org-apache-commons-lang:RELEASE90    0 39
portlet-api-2.0.jar javax.portlet:portlet-api:2.0    0 22
jcr-1.0.1.jar cpe:/a:content_project:content:1.0.1 javax.jcr:jcr:1.0.1 Medium 1 Low 25
fontbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:fontbox:1.8.14  Medium 2 Highest 37
jempbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:jempbox:1.8.14  Medium 2 Highest 35
pdfbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:pdfbox:1.8.14  Medium 2 Highest 35
htmllexer-2.1.jar org.htmlparser:htmllexer:2.1    0 23
htmlparser-2.1.jar org.htmlparser:htmlparser:2.1    0 23
poi-3.13.jar cpe:/a:apache:poi:3.13 org.apache.poi:poi:3.13  High 2 Highest 28
tika-core-1.5.jar cpe:/a:apache:tika:1.5 org.apache.tika:tika-core:1.5  High 8 Highest 33
vorbis-java-core-0.1-tests.jar org.gagravarr:vorbis-java-core:0.1    0 23
vorbis-java-tika-0.1.jar cpe:/a:apache:tika:0.1 org.gagravarr:vorbis-java-tika:0.1  High 6 Highest 23
netcdf-4.2-min.jar edu.ucar:netcdf:4.2-min    0 21
apache-mime4j-core-0.7.2.jar cpe:/a:apache:james:0.7.2 org.apache.james:apache-mime4j-core:0.7.2    0 Low 33
xz-1.2.jar cpe:/a:tukaani:xz:1.2 org.tukaani:xz:1.2  Medium 1 Low 27
commons-compress-1.5.jar cpe:/a:apache:commons-compress:1.5 org.apache.commons:commons-compress:1.5    0 Low 39
tagsoup-1.2.1.jar org.ccil.cowan.tagsoup:tagsoup:1.2.1    0 18
asm-debug-all-4.1.jar org.ow2.asm:asm-debug-all:4.1    0 28
isoparser-1.0-RC-1.jar cpe:/a:boxes_project:boxes:7.x-1.0 com.googlecode.mp4parser:isoparser:1.0-RC-1  Low 1 Highest 24
xmpcore-5.1.2.jar com.adobe.xmp:xmpcore:5.1.2    0 30
metadata-extractor-2.6.2.jar com.drewnoakes:metadata-extractor:2.6.2    0 21
vorbis-java-core-0.1.jar org.gagravarr:vorbis-java-core:0.1    0 21
juniversalchardet-1.0.3.jar org.zenframework.z8.dependencies.commons:juniversalchardet-1.0.3:2.0    0 27
jhighlight-1.0.jar com.uwyn:jhighlight:1.0    0 25
xmlbeans-2.6.0.jar org.apache.xmlbeans:xmlbeans:2.6.0    0 24
exo.core.component.document-5.3.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.document:5.3.x-SNAPSHOT   0 22
lucene-analyzers-3.6.2.jar org.apache.lucene:lucene-analyzers:3.6.2    0 26
lucene-spellchecker-3.6.2.jar org.apache.lucene:lucene-spellchecker:3.6.2    0 26
jta-1.1.jar javax.transaction:transaction-api:1.1    0 22
concurrent-1.3.4.jar concurrent:concurrent:1.3.4    0 23
jgroups-3.6.13.Final.jar org.jgroups:jgroups:3.6.13.Final    0 32
jbossjta-4.16.6.Final.jar org.jboss.jbossts:jbossjta:4.16.6.Final    0 22
ws-commons-util-1.0.1.jar cpe:/a:ws_project:ws:1.0.1 ws-commons-util:ws-commons-util:1.0.1  Medium 1 Low 30
jboss-common-core-2.2.22.GA.jar org.jboss:jboss-common-core:2.2.22.GA    0 30
stringtemplate-3.2.1.jar org.antlr:stringtemplate:3.2.1    0 23
antlr-runtime-3.5.jar org.antlr:antlr-runtime:3.5    0 26
jboss-marshalling-osgi-2.0.0.Beta3.jar org.jboss.marshalling:jboss-marshalling-osgi:2.0.0.Beta3    0 29
infinispan-core-8.2.6.Final.jar cpe:/a:infinispan:infinispan:8.2.6 org.infinispan:infinispan-core:8.2.6.Final  Medium 3 Highest 35
exo.jcr.component.core-5.3.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.core:5.3.x-SNAPSHOT   0 22
jtidy-r938.jar cpe:/a:html-tidy:tidy:- net.sf.jtidy:jtidy:r938    0 Low 25
exo.core.component.xml-processing-5.3.x-SNAPSHOT.jar cpe:/a:processing:processing:5.3 org.exoplatform.core:exo.core.component.xml-processing:5.3.x-SNAPSHOT   0 Low 22
exo.core.component.script.groovy-5.3.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.script.groovy:5.3.x-SNAPSHOT   0 22
exo.jcr.component.ext-5.3.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.ext:5.3.x-SNAPSHOT   0 22
xmlpull-1.1.3.1.jar xmlpull:xmlpull:1.1.3.1    0 18
xpp3_min-1.1.4c.jar xpp3:xpp3_min:1.1.4c    0 24
xstream-1.4.10.jar cpe:/a:xstream_project:xstream:1.4.10 com.thoughtworks.xstream:xstream:1.4.10  High 1 Highest 53
commons-webui-component-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-webui-component:5.3.x-SNAPSHOT   0 24
commons-webui-ext-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-webui-ext:5.3.x-SNAPSHOT   0 24
exo.kernel.component.cache-5.3.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.cache:5.3.x-SNAPSHOT   0 22
antlr-2.7.7.jar antlr:antlr:2.7.7    0 18
hibernate-core-4.2.21.Final.jar org.hibernate:hibernate-core:4.2.21.Final    0 32
jakarta-regexp-1.4.jar jakarta-regexp:jakarta-regexp:1.4    0 14
xpp3-1.1.6.jar org.ogce:xpp3:1.1.6    0 24
exo.core.component.organization.api-5.3.x-SNAPSHOT.jar cpe:/a:api-platform:core:5.3 org.exoplatform.core:exo.core.component.organization.api:5.3.x-SNAPSHOT   0 Low 22
commons-dbcp-1.4.jar commons-dbcp:commons-dbcp:1.4    0 34
commons-pool-1.6.jar commons-pool:commons-pool:1.6    0 36
exo.kernel.component.common-5.3.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.common:5.3.x-SNAPSHOT   0 22
exo.core.component.security.core-5.3.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.security.core:5.3.x-SNAPSHOT   0 22
mime-util-2.1.3.jar eu.medsea.mimeutil:mime-util:2.1.3    0 30
jcl-over-slf4j-1.7.18.jar org.slf4j:jcl-over-slf4j:1.7.18    0 31
exo.kernel.commons-5.3.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.commons:5.3.x-SNAPSHOT   0 22
javax.servlet-api-3.0.1.jar javax.servlet:javax.servlet-api:3.0.1    0 38
commons-beanutils-1.8.3.jar cpe:/a:apache:commons_beanutils:1.8.3 commons-beanutils:commons-beanutils:1.8.3  High 1 Low 34
jibx-run-1.2.6.jar org.jibx:jibx-run:1.2.6    0 29
cdi-api-1.0-SP4.jar javax.enterprise:cdi-api:1.0-SP4    0 31
exo.kernel.container-5.3.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.container:5.3.x-SNAPSHOT   0 22
exo.portal.webui.core-5.3.x-SNAPSHOT.jar cpe:/a:in-portal:in-portal:5.3 org.exoplatform.gatein.portal:exo.portal.webui.core:5.3.x-SNAPSHOT   0 Low 27
htmlcleaner-2.7.jar cpe:/a:htmlcleaner_project:htmlcleaner:2.7 net.sourceforge.htmlcleaner:htmlcleaner:2.7    0 Low 20
xercesImpl-2.9.1.jar cpe:/a:apache:xerces2_java:2.9.1 xerces:xercesImpl:2.9.1  High 1 Low 50
stax-utils-20070216.jar net.java.dev.stax-utils:stax-utils:20070216    0 20
xwiki-commons-xml-5.4.7.jar cpe:/a:xwiki:xwiki:5.4.7 org.xwiki.commons:xwiki-commons-xml:5.4.7 Low 1 Low 26
picocontainer-1.1.jar picocontainer:picocontainer:1.1    0 28
wiki-renderer-5.3.x-SNAPSHOT.jar org.exoplatform.wiki:wiki-renderer:5.3.x-SNAPSHOT   0 24
commons-chain-1.2.jar commons-chain:commons-chain:1.2    0 34
commons-fileupload-1.3.3.jar cpe:/a:apache:commons_fileupload:1.3.3 commons-fileupload:commons-fileupload:1.3.3    0 Low 40
activation-1.1.1.jar javax.activation:activation:1.1.1    0 24
mail-1.4.7.jar cpe:/a:sun:javamail:1.4.7 javax.mail:mail:1.4.7    0 Low 38
jsr311-api-1.1.1.jar javax.ws.rs:jsr311-api:1.1.1    0 28
lucene-core-3.6.2.jar org.apache.lucene:lucene-core:3.6.2    0 26
chromattic.api-1.3.0.jar org.chromattic:chromattic.api:1.3.0    0 23
reflext.api-1.1.0.jar org.reflext:reflext.api:1.1.0    0 23
reflext.core-1.1.0.jar org.reflext:reflext.core:1.1.0    0 23
reflext.spi-1.1.0.jar org.reflext:reflext.spi:1.1.0    0 25
reflext.apt-1.1.0.jar cpe:/a:processing:processing:1.1.0 org.reflext:reflext.apt:1.1.0  Medium 1 Low 23
chromattic.apt-1.3.0.jar org.chromattic:chromattic.apt:1.3.0    0 23
chromattic.common-1.3.0.jar org.chromattic:chromattic.common:1.3.0    0 25
reflext.jlr-1.1.0.jar org.reflext:reflext.jlr:1.1.0    0 23
chromattic.core-1.3.0.jar org.chromattic:chromattic.core:1.3.0    0 23
chromattic.ext-1.3.0.jar org.chromattic:chromattic.ext:1.3.0    0 25
chromattic.metamodel-1.3.0.jar org.chromattic:chromattic.metamodel:1.3.0    0 23
chromattic.spi-1.3.0.jar org.chromattic:chromattic.spi:1.3.0    0 25
exo.jcr.component.webdav-5.3.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.webdav:5.3.x-SNAPSHOT   0 22
commons-digester-2.1.jar commons-digester:commons-digester:2.1    0 34
exo.kernel.component.command-5.3.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.command:5.3.x-SNAPSHOT   0 22
exo.ws.rest.core-5.3.x-SNAPSHOT.jar cpe:/a:ws_project:ws:5.3 org.exoplatform.ws:exo.ws.rest.core:5.3.x-SNAPSHOT   0 Low 22
jboss-logging-annotations-1.2.0.Beta1.jar org.jboss.logging:jboss-logging-annotations:1.2.0.Beta1    0 30
hibernate-commons-annotations-4.0.5.Final.jar org.hibernate.common:hibernate-commons-annotations:4.0.5.Final    0 30
log4j-1.2.17.jar cpe:/a:apache:log4j:2.0:alpha1 log4j:log4j:1.2.17  High 1 High 36
stax-api-1.0-2.jar javax.xml.stream:stax-api:1.0-2    0 20
jaxb-api-2.1.jar javax.xml.bind:jaxb-api:2.1    0 15
jaxb-impl-2.1.8.jar com.sun.xml.bind:jaxb-impl:2.1.8    0 20
picketlink-idm-core-1.4.6.Final.jar cpe:/a:picketlink:picketlink:1.4.6 org.picketlink.idm:picketlink-idm-core:1.4.6.Final  Medium 3 Low 37
nekohtml-1.9.22.jar net.sourceforge.nekohtml:nekohtml:1.9.22    0 20
social-component-service-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-service:5.3.x-SNAPSHOT   0 26
itext-2.1.7.jar com.lowagie:itext:2.1.7    0 23
validation-api-1.1.0.Final.jar javax.validation:validation-api:1.1.0.Final    0 22
sac-1.3.jar org.w3c.css:sac:1.3    0 27
cssparser-0.9.18.jar net.sourceforge.cssparser:cssparser:0.9.18    0 27
mchange-commons-java-0.2.3.4.jar com.mchange:mchange-commons-java:0.2.3.4    0 19
c3p0-0.9.2.1.jar cpe:/a:mchange:c3p0:0.9.2.1 com.mchange:c3p0:0.9.2.1  Medium 1 Highest 24
hibernate-c3p0-4.2.21.Final.jar org.hibernate:hibernate-c3p0:4.2.21.Final    0 32
exo.core.component.organization.jdbc-5.3.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.organization.jdbc:5.3.x-SNAPSHOT   0 22
jrcs.rcs-0.4.2.jar org.jvnet.hudson:org.suigeneris.jrcs.rcs:0.4.2    0 17
flying-saucer-core-9.0.8.jar org.xhtmlrenderer:flying-saucer-core:9.0.8    0 21
xpp3-1.1.4c.jar xpp3:xpp3:1.1.4c    0 26
wiki-service-5.3.x-SNAPSHOT.jar org.exoplatform.wiki:wiki-service:5.3.x-SNAPSHOT   0 24
common-common-2.2.2.Final.jar org.gatein.common:common-common:2.2.2.Final    0 31
exo.kernel.component.ext.cache.impl.infinispan.v8-5.3.x-SNAPSHOT.jar cpe:/a:infinispan:infinispan:5.3.0 org.exoplatform.kernel:exo.kernel.component.ext.cache.impl.infinispan.v8:5.3.x-SNAPSHOT Medium 3 Highest 22
exo.core.component.database-5.3.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.database:5.3.x-SNAPSHOT   0 22
staxnav.core-0.9.8.jar org.staxnav:staxnav.core:0.9.8    0 19
pc-portlet-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-portlet:5.3.x-SNAPSHOT   0 27
pc-federation-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-federation:5.3.x-SNAPSHOT   0 27
pc-bridge-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-bridge:5.3.x-SNAPSHOT   0 27
common-logging-2.2.2.Final.jar org.gatein.common:common-logging:2.2.2.Final    0 31
mop-api-1.3.2.Final.jar org.gatein.mop:mop-api:1.3.2.Final   0 30
mop-spi-1.3.2.Final.jar org.gatein.mop:mop-spi:1.3.2.Final   0 30
mop-core-1.3.2.Final.jar org.gatein.mop:mop-core:1.3.2.Final   0 30
gatein-management-api-2.1.0.Final.jar org.gatein.management:gatein-management-api:2.1.0.Final   0 28
gatein-management-spi-2.1.0.Final.jar org.gatein.management:gatein-management-spi:2.1.0.Final   0 28
json-20070829.jar org.json:json:20070829    0 23
closure-compiler-externs-v20170910.jar com.google.javascript:closure-compiler-externs:v20170910    0 19
args4j-2.33.jar args4j:args4j:2.33    0 24
error_prone_annotations-2.0.18.jar com.google.errorprone:error_prone_annotations:2.0.18    0 23
guava-20.0.jar cpe:/a:google:guava:20.0 com.google.guava:guava:20.0  Medium 1 Highest 29
gson-2.7.jar com.google.code.gson:gson:2.7    0 33
jsinterop-annotations-1.0.0.jar com.google.jsinterop:jsinterop-annotations:1.0.0    0 19
closure-compiler-v20170910.jar com.google.javascript:closure-compiler:v20170910    0 13
twitter4j-core-3.0.5.jar cpe:/a:twitter_project:twitter:3.0.5
cpe:/a:twitter:twitter:3.0.5 		org.twitter4j:twitter4j-core:3.0.5    0 Low 22
scribe-1.3.5.jar cpe:/a:scribe:scribe:1.3.5 org.scribe:scribe:1.3.5    0 Low 23
google-http-client-1.14.1-beta.jar com.google.http-client:google-http-client:1.14.1-beta    0 24
jsr305-1.3.9.jar com.google.code.findbugs:jsr305:1.3.9    0 21
google-oauth-client-1.14.1-beta.jar com.google.oauth-client:google-oauth-client:1.14.1-beta    0 24
google-api-client-1.14.1-beta.jar com.google.api-client:google-api-client:1.14.1-beta    0 22
jackson-core-asl-1.9.11.jar cpe:/a:fasterxml:jackson:1.9.11 org.codehaus.jackson:jackson-core-asl:1.9.11    0 Low 32
google-http-client-jackson-1.14.1-beta.jar com.google.http-client:google-http-client-jackson:1.14.1-beta    0 22
google-api-services-plus-v1-rev69-1.14.2-beta.jar com.google.apis:google-api-services-plus:v1-rev69-1.14.2-beta    0 26
google-api-services-oauth2-v2-rev36-1.14.2-beta.jar com.google.apis:google-api-services-oauth2:v2-rev36-1.14.2-beta    0 26
groovy-all-2.4.12.jar cpe:/a:apache:groovy:2.4.12 org.codehaus.groovy:groovy-all:2.4.12    0 Low 36
aopalliance-1.0.jar aopalliance:aopalliance:1.0    0 20
guice-3.0.jar com.google.inject:guice:3.0    0 29
joda-time-2.4.jar joda-time:joda-time:2.4    0 34
oauth-20100527.jar net.oauth.core:oauth:20100527    0 18
ehcache-core-2.6.9.jar net.sf.ehcache:ehcache-core:2.6.9    0 19
juel-impl-2.2.7.jar de.odysseus.juel:juel-impl:2.2.7    0 26
el-api-6.0.41.jar cpe:/a:apache_tomcat:apache_tomcat:6.0.41
cpe:/a:apache:tomcat:6.0.41
cpe:/a:apache_software_foundation:tomcat:6.0.41 		org.apache.tomcat:el-api:6.0.41  High 22 Highest 19
jasper-el-6.0.41.jar cpe:/a:apache_tomcat:apache_tomcat:6.0.41
cpe:/a:apache:tomcat:6.0.41
cpe:/a:apache_software_foundation:tomcat:6.0.41
cpe:/a:jasper_project:jasper:6.0.41 		org.apache.tomcat:jasper-el:6.0.41  High 22 Highest 21
shindig-common-2.5.2.jar cpe:/a:apache:shindig:2.5.2 org.apache.shindig:shindig-common:2.5.2    0 Low 26
filters-2.0.235.jar cpe:/a:image_processing_software:image_processing_software:2.0.235
cpe:/a:processing:processing:2.0.235 		com.jhlabs:filters:2.0.235  Medium 2 Low 22
simplecaptcha-1.1.1.Final-gatein-4.jar org.gatein.captcha:simplecaptcha:1.1.1.Final-gatein-4   0 27
gatein-api-1.0.1.Final.jar org.gatein.api:gatein-api:1.0.1.Final    0 29
icu4j-56.1.jar cpe:/a:icu-project:international_components_for_unicode:56.1::~~~c%2fc%2b%2b~~ com.ibm.icu:icu4j:56.1  High 8 Highest 33
commons-component-product-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-component-product:5.3.x-SNAPSHOT   0 28
commons-component-upgrade-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-component-upgrade:5.3.x-SNAPSHOT   0 24
social-component-common-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-common:5.3.x-SNAPSHOT   0 26
pc-api-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-api:5.3.x-SNAPSHOT   0 27
caja-r5054.jar com.google.caja:caja:r5054   0 23
htmlparser-r4209.jar caja:htmlparser:r4209   0 24
oauth-consumer-20090617.jar net.oauth.core:oauth-consumer:20090617   0 17
oauth-httpclient4-20090913.jar net.oauth.core:oauth-httpclient4:20090913   0 20
oauth-provider-20100527.jar net.oauth.core:oauth-provider:20100527    0 18
guice-multibindings-3.0.jar com.google.inject.extensions:guice-multibindings:3.0    0 29
sanselan-0.97-incubator.jar org.apache.sanselan:sanselan:0.97-incubator    0 35
social-component-core-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-core:5.3.x-SNAPSHOT   0 26
social-component-webui-5.3.x-SNAPSHOT.jar org.exoplatform.social:social-component-webui:5.3.x-SNAPSHOT   0 26
flying-saucer-pdf-9.0.8.jar org.xhtmlrenderer:flying-saucer-pdf:9.0.8    0 23
bcmail-jdk15-1.45.jar cpe:/a:no-cms_project:no-cms:1.45 org.bouncycastle:bcmail-jdk15:1.45    0 Low 24
bcprov-jdk15-1.45.jar cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.45
cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.45 		org.bouncycastle:bcprov-jdk15:1.45  Medium 1 Low 24
bctsp-jdk15-1.45.jar org.bouncycastle:bctsp-jdk15:1.45    0 24
jsr250-api-1.0.jar javax.annotation:jsr250-api:1.0    0 20
bayeux-api-3.0.8.jar org.cometd.java:bayeux-api:3.0.8    0 29
cometd-java-common-3.0.8.jar org.cometd.java:cometd-java-common:3.0.8    0 29
cometd-java-websocket-javax-server-3.0.8.jar org.cometd.java:cometd-java-websocket-javax-server:3.0.8    0 29
cometd-java-websocket-common-server-3.0.8.jar org.cometd.java:cometd-java-websocket-common-server:3.0.8    0 29
cometd-java-annotations-3.0.8.jar org.cometd.java:cometd-java-annotations:3.0.8    0 29
jetty-io-9.2.14.v20151106.jar org.eclipse.jetty:jetty-io:9.2.14.v20151106    0 35
cometd-java-client-3.0.8.jar org.cometd.java:cometd-java-client:3.0.8    0 29
cometd-java-websocket-common-client-3.0.8.jar org.cometd.java:cometd-java-websocket-common-client:3.0.8    0 29
cometd-java-websocket-javax-client-3.0.8.jar org.cometd.java:cometd-java-websocket-javax-client:3.0.8    0 29
cometd-java-oort-3.0.8.jar org.cometd.java:cometd-java-oort:3.0.8    0 29
jetty-jmx-9.2.14.v20151106.jar cpe:/a:jetty:jetty:9.2.14.v20151106
cpe:/a:eclipse:jetty:9.2.14.v20151106 		org.eclipse.jetty:jetty-jmx:9.2.14.v20151106  High 4 Low 37
cometd-java-server-3.0.8.jar org.cometd.java:cometd-java-server:3.0.8    0 29
commons-comet-service-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-comet-service:5.3.x-SNAPSHOT   0 24
aspectjrt-1.8.8.jar org.aspectj:aspectjrt:1.8.8    0 21
c3p0-0.9.1.1.jar cpe:/a:mchange:c3p0:0.9.1.1 c3p0:c3p0:0.9.1.1  Medium 1 Highest 23
quartz-2.2.2.jar org.quartz-scheduler:quartz:2.2.2    0 43
owasp-java-html-sanitizer-20160413.1.jar cpe:/a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:20160413.1 com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20160413.1    0 Low 21
jrcs.diff-0.4.2.jar org.jvnet.hudson:org.suigeneris.jrcs.diff:0.4.2    0 17
ecs-1.4.2.jar ecs:ecs:1.4.2    0 14
liquibase-core-3.4.2.jar org.liquibase:liquibase-core:3.4.2    0 19
stax2-api-3.1.4.jar org.codehaus.woodstox:stax2-api:3.1.4    0 29
jackson-dataformat-xml-2.4.2.jar cpe:/a:fasterxml:jackson-databind:2.4.2
cpe:/a:fasterxml:jackson:2.4.2 		com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.4.2  High 13 Highest 37
swagger-annotations-1.5.0.jar io.swagger:swagger-annotations:1.5.0    0 24
swagger-models-1.5.0.jar io.swagger:swagger-models:1.5.0    0 24
swagger-core-1.5.0.jar io.swagger:swagger-core:1.5.0    0 17
annotations-2.0.1.jar com.google.code.findbugs:annotations:2.0.1    0 23
reflections-0.9.9.jar org.reflections:reflections:0.9.9    0 19
swagger-jaxrs-1.5.0.jar io.swagger:swagger-jaxrs:1.5.0    0 17
commons-component-common-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-component-common:5.3.x-SNAPSHOT   0 24
wiki-macros-iframe-5.3.x-SNAPSHOT.jar org.exoplatform.wiki:wiki-macros-iframe:5.3.x-SNAPSHOT   0 24
wci-wci-5.3.x-SNAPSHOT.jar org.exoplatform.gatein.wci:wci-wci:5.3.x-SNAPSHOT   0 27
jython-standalone-2.5.4-rc1.jar cpe:/a:jython_project:jython:2.5.4.rc1 org.python:jython-standalone:2.5.4-rc1    0 Low 10
pygments-1.6.jar cpe:/a:pygments:pygments:1.6 org.pygments:pygments:1.6  High 1 Highest 18
jdom2-2.0.5.jar org.jdom:jdom2:2.0.5    0 43
wiki-webui-5.3.x-SNAPSHOT.jar org.exoplatform.wiki:wiki-webui:5.3.x-SNAPSHOT   0 24
json-simple-1.1.1.jar com.googlecode.json-simple:json-simple:1.1.1    0 23
httpcore-4.3.3.jar org.apache.httpcomponents:httpcore:4.3.3    0 32
commons-logging-1.1.3.jar commons-logging:commons-logging:1.1.3    0 36
httpclient-4.3.6.jar cpe:/a:apache:httpclient:4.3.6 org.apache.httpcomponents:httpclient:4.3.6    0 Low 32
commons-search-5.3.x-SNAPSHOT.jar cpe:/a:pro_search:pro_search:5.3 org.exoplatform.commons:commons-search:5.3.x-SNAPSHOT   0 Low 24
commons-api-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-api:5.3.x-SNAPSHOT   0 24
commons-file-storage-5.3.x-SNAPSHOT.jar org.exoplatform.commons:commons-file-storage:5.3.x-SNAPSHOT   0 26
jboss-logging-3.3.0.Final.jar org.jboss.logging:jboss-logging:3.3.0.Final    0 44
dom4j-1.6.1.jar cpe:/a:dom4j_project:dom4j:1.6.1 dom4j:dom4j:1.6.1  Medium 1 Highest 31
javassist-3.20.0-GA.jar org.javassist:javassist:3.20.0-GA    0 27
jboss-transaction-api_1.1_spec-1.0.1.Final.jar org.jboss.spec.javax.transaction:jboss-transaction-api_1.1_spec:1.0.1.Final    0 38
hibernate-jpa-2.0-api-1.0.1.Final.jar org.hibernate.javax.persistence:hibernate-jpa-2.0-api:1.0.1.Final    0 26
hibernate-entitymanager-4.2.21.Final.jar org.hibernate:hibernate-entitymanager:4.2.21.Final    0 32
wiki-jpa-5.3.x-SNAPSHOT.jar org.exoplatform.wiki:wiki-jpa:5.3.x-SNAPSHOT   0 24
wiki-jpa-migration-5.3.x-SNAPSHOT.jar org.exoplatform.wiki:wiki-jpa-migration:5.3.x-SNAPSHOT   0 24
commons-lang3-3.3.2.jar org.apache.commons:commons-lang3:3.3.2    0 37
gwt-user-2.6.1.jar cpe:/a:user_project:user:2.6.1 com.google.gwt:gwt-user:2.6.1    0 Low 20
jdom-1.0.jar jdom:jdom:1.0    0 33
modules-0.3.2.jar rome:modules:0.3.2    0 24
protobuf-java-3.0.2.jar cpe:/a:google:protobuf:3.0.2 com.google.protobuf:protobuf-java:3.0.2  Medium 1 Highest 29
geronimo-stax-api_1.0_spec-1.0.1.jar org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:1.0.1    0 26
xml-apis-1.0.b2.jar xml-apis:xml-apis:1.0.b2    0 37
xml-apis-1.4.01.jar xml-apis:xml-apis:1.4.01    0 49
jmock-1.0.1.jar jmock:jmock:1.0.1    0 14
jsr305-3.0.1.jar com.google.code.findbugs:jsr305:3.0.1    0 23
jackson-core-2.4.2.jar cpe:/a:fasterxml:jackson:2.4.2 com.fasterxml.jackson.core:jackson-core:2.4.2    0 Low 37
jackson-annotations-2.4.0.jar cpe:/a:fasterxml:jackson:2.4.0 com.fasterxml.jackson.core:jackson-annotations:2.4.0    0 Low 37
commons-logging-1.0.4.jar commons-logging:commons-logging:1.0.4    0 26
smartgwt-lgpl-6.0-p20170514.jar: isomorphic_applets.jar   0 9
ehcache-core-2.6.9.jar: sizeof-agent.jar net.sf.ehcache:sizeof-agent:1.0.1   0 26
jython-standalone-2.5.4-rc1.jar: jline64.dll   0 4
jython-standalone-2.5.4-rc1.jar: jline32.dll   0 4
jython-standalone-2.5.4-rc1.jar: wininst-7.1.exe   0 4
jython-standalone-2.5.4-rc1.jar: wininst-6.exe   0 4
jython-standalone-2.5.4-rc1.jar: jffi-1.0.dll   0 4
jython-standalone-2.5.4-rc1.jar: jffi-1.0.dll   0 4
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling/pom.xml org.jboss.marshalling:jboss-marshalling:2.0.0.Beta3   0 13
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-river/pom.xml org.jboss.marshalling:jboss-marshalling-river:2.0.0.Beta3   0 13
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-serial/pom.xml org.jboss.marshalling:jboss-marshalling-serial:2.0.0.Beta3   0 13
closure-compiler-v20170910.jar/META-INF/maven/com.google.javascript/closure-compiler/pom.xml cpe:/a:google:gmail:- com.google.javascript:closure-compiler:v20170910 Medium 1 Low 15
jackson-dataformat-yaml-2.4.2.jar/META-INF/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/pom.xml cpe:/a:fasterxml:jackson:2.4.2 com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.4.2   0 Low 16
jackson-dataformat-yaml-2.4.2.jar/META-INF/maven/org.yaml/snakeyaml/pom.xml org.yaml:snakeyaml:1.12   0 11
jython-standalone-2.5.4-rc1.jar/META-INF/maven/jline/jline/pom.xml jline:jline:0.9.95-SNAPSHOT   0 11
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.antlr/antlr-runtime/pom.xml org.antlr:antlr-runtime:3.1.3   0 15
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.ext.posix/jnr-posix/pom.xml cpe:/a:jruby:jruby:1.1.4 org.jruby.ext.posix:jnr-posix:1.1.4 High 3 Highest 9
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/constantine/pom.xml cpe:/a:values_project:values:0.7 org.jruby.extras:constantine:0.7   0 Low 11
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jaffl/pom.xml org.jruby.extras:jaffl:0.5.1   0 11
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jffi/pom.xml cpe:/a:jruby:jruby:1.0.1 org.jruby.extras:jffi:1.0.1 High 3 Highest 11
jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jnr-netdb/pom.xml org.jruby.extras:jnr-netdb:0.4   0 11

Dependencies

platform-ui-skin-5.3.x-SNAPSHOT.war

File Path: /home/ciagent/.m2/repository/org/exoplatform/platform-ui/platform-ui-skin/5.3.x-SNAPSHOT/platform-ui-skin-5.3.x-SNAPSHOT.war
MD5: 27ec72c7e2b3d00395a6ffd4cee60748
SHA1: 995106fdac815a895ae87f40050a61e4cbb8d3fa
Referenced In Project/Scope: eXo PLF:: Wiki Webapp:provided

Identifiers

  • maven: org.exoplatform.platform-ui:platform-ui-skin:5.3.x-SNAPSHOT   Confidence:High

gwt-servlet-2.6.1.jar

Description:  Protocol Buffers are a way of encoding structured data in an efficient yet extensible format.

License:

New BSD license: http://www.opensource.org/licenses/bsd-license.php
File Path: /home/ciagent/.m2/repository/com/google/gwt/gwt-servlet/2.6.1/gwt-servlet-2.6.1.jar
MD5: 46fa19a4859520cdf86c083e4c4519a4
SHA1: 983e26ec957ee3463f8554f4f03a58e16129e8f2
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

smartgwt-lgpl-6.0-p20170514.jar

File Path: /home/ciagent/.m2/repository/com/isomorphic/smartgwt/lgpl/smartgwt-lgpl/6.0-p20170514/smartgwt-lgpl-6.0-p20170514.jar
MD5: feef4d7601d4e2ca9cfdaa5315eb17c6
SHA1: b27485a980eca557785290c25f15349075e077b7
Referenced In Project/Scope: eXo PLF:: Wiki Webapp:compile

Identifiers

CVE-2015-6737  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content.

Vulnerable Software & Versions:

xwiki-platform-gwt-dom-6.0.jar

Description: An extension of the GWT DOM API, providing W3C Range and Selection support, depth-first pre-order iterator and lots of DOM utility methods

License:

http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/xwiki/platform/xwiki-platform-gwt-dom/6.0/xwiki-platform-gwt-dom-6.0.jar
MD5: a032bb06ae3b65d4eb77611b87c9870c
SHA1: 06b7a3ce91be3c3ae2878c1ee4811f74a7d50df0
Referenced In Project/Scope: eXo PLF:: Wiki Webapp:compile

Identifiers

  • cpe: cpe:/a:xwiki:xwiki:6.0   Confidence:Low   
  • maven: org.xwiki.platform:xwiki-platform-gwt-dom:6.0   Confidence:High

CVE-2018-16277  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The Image Import function in XWiki through 10.7 has XSS.

Vulnerable Software & Versions:

slf4j-api-1.7.18.jar

Description: The slf4j API

File Path: /home/ciagent/.m2/repository/org/slf4j/slf4j-api/1.7.18/slf4j-api-1.7.18.jar
MD5: 1b1d1af21206ac5ae44cd79a6c04dd92
SHA1: b631d286463ced7cc42ee2171fe3beaed2836823
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Macros Iframe:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

javax.inject-1.jar

Description: The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Macros Iframe:compile
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

commons-io-2.4.jar

Description:  The Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-io/commons-io/2.4/commons-io-2.4.jar
MD5: 7f97854dc04c119d461fed14f5d8bb96
SHA1: b1b6ea3b7e4aa4f492509a4952029cd8e48019ad
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

jcommon-1.0.17.jar

Description:  JCommon is a free general purpose Java class library that is used in several projects at www.jfree.org, including JFreeChart and JFreeReport.

License:

GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txt
File Path: /home/ciagent/.m2/repository/org/jfree/jcommon/1.0.17/jcommon-1.0.17.jar
MD5: d123cd511e2ebc4542e8b424cd20bbde
SHA1: 7bcb68fde08258e59fe7bcc758c08af830fb2c1d
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

jfreechart-1.0.14.jar

Description:  JFreeChart is a class library, written in Java, for generating charts. Utilising the Java2D APIs, it currently supports bar charts, pie charts, line charts, XY-plots and time series plots.

License:

GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txt
File Path: /home/ciagent/.m2/repository/org/jfree/jfreechart/1.0.14/jfreechart-1.0.14.jar
MD5: e0ac6e8ecb858f946200b326209fe639
SHA1: fa67c798b0ae80b84f3854d69e341abacd3867c5
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

velocity-1.7.jar

Description: Apache Velocity is a general purpose template engine.

File Path: /home/ciagent/.m2/repository/org/apache/velocity/velocity/1.7/velocity-1.7.jar
MD5: 3692dd72f8367cb35fb6280dc2916725
SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7a
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

velocity-tools-1.4.jar

File Path: /home/ciagent/.m2/repository/velocity-tools/velocity-tools/1.4/velocity-tools-1.4.jar
MD5: 2ef7ed8b728186558b5d587c38900b84
SHA1: 4e1f4d507030a00959f4c0c7fcc60b3565617d08
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

commons-codec-1.10.jar

Description:  The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

jackson-core-2.3.1.jar

Description: Core Jackson abstractions, basic JSON streaming API implementation

License:

http://www.apache.org/licenses/LICENSE-2.0.txt, http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.3.1/jackson-core-2.3.1.jar
MD5: aa2152b5f610a2dee75bb81bcab66c36
SHA1: f9f7185c92ca5fefe2fb3efdeb477a67c96ea2d0
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

jackson-annotations-2.3.0.jar

Description: Core annotations used for value types, used by Jackson data binding package.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt, http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.3.0/jackson-annotations-2.3.0.jar
MD5: c954fbca7d677f323d810d0fa8baead2
SHA1: f5e853a20b60758922453d56f9ae1e64af5cb3da
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

jackson-databind-2.3.1.jar

Description: General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt, http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.1/jackson-databind-2.3.1.jar
MD5: 4de637793707fdecb1b7a90f677103ec
SHA1: c4096a8323bbbcbeda072e3def123a9b66783361
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

CVE-2017-15095  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

Vulnerable Software & Versions: (show all)

CVE-2017-17485  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

Vulnerable Software & Versions: (show all)

CVE-2017-7525  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Vulnerable Software & Versions: (show all)

CVE-2018-1000873  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.

Vulnerable Software & Versions: (show all)

CVE-2018-14719  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-14720  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-14721  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-918 Server-Side Request Forgery (SSRF)

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-19360  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-19361  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-19362  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-5968  

Severity: Medium
CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-184 Incomplete Blacklist

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

Vulnerable Software & Versions: (show all)

CVE-2018-7489  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-184 Incomplete Blacklist

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.

Vulnerable Software & Versions: (show all)

CVE-2019-12086  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.

Vulnerable Software & Versions: (show all)

ezmorph-1.0.6.jar

Description:  Simple java library for transforming an Object to another Object.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/net/sf/ezmorph/ezmorph/1.0.6/ezmorph-1.0.6.jar
MD5: 1fa113c6aacf3a01af1449df77acd474
SHA1: 01e55d2a0253ea37745d33062852fd2c90027432
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

json-lib-2.4-jdk15.jar

File Path: /home/ciagent/.m2/repository/net/sf/json-lib/json-lib/2.4/json-lib-2.4-jdk15.jar
MD5: f5db294d05b3d5a5bfb873455b0a8626
SHA1: 136743e0d12df4e785e62b48618cee169b2ae546
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

commons-configuration-1.10.jar

Description: Tools to assist in the reading of configuration/preferences files in various formats.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-configuration/commons-configuration/1.10/commons-configuration-1.10.jar
MD5: b16511ce540fefd53981245f5f21c5f8
SHA1: 2b36e4adfb66d966c5aef2d73deb6be716389dc9
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

commons-collections-3.2.2.jar

Description: Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

commons-lang3-3.2.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/commons/commons-lang3/3.2/commons-lang3-3.2.jar
MD5: 9f2013bc16457ff8dfbfbf3357060192
SHA1: 4ff27bd725ae39f616e4ecdd08c27978cef749ec
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Macros Iframe:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

rome-1.0.jar

Description: All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it easy to work in Java with most syndication formats. Today it accepts all flavors of RSS (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes a set of parsers and generators for the various flavors of feeds, as well as converters to convert from one format to another. The parsers can give you back Java objects that are either specific for the format you want to work with, or a generic normalized SyndFeed object that lets you work on with the data without bothering about the underlying format.

File Path: /home/ciagent/.m2/repository/rome/rome/1.0/rome-1.0.jar
MD5: 53d38c030287b939f4e6d745ba1269a7
SHA1: 022b33347f315833e9348cec2751af1a5d5656e4
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

jdom-1.1.3.jar

Description:  A complete, Java-based solution for accessing, manipulating, and outputting XML data

License:

Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt
File Path: /home/ciagent/.m2/repository/org/jdom/jdom/1.1.3/jdom-1.1.3.jar
MD5: 140bfed13341fe2039eee0f26a16d705
SHA1: 8bdfeb39fa929c35f5e4f0b02d34350db39a1efc
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

commons-httpclient-3.1.jar

Description: The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.

License:

Apache License: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/ciagent/.m2/repository/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

  • cpe: cpe:/a:apache:httpclient:3.1   Confidence:Low   
  • cpe: cpe:/a:apache:commons-httpclient:3.1   Confidence:Low   
  • maven: commons-httpclient:commons-httpclient:3.1    Confidence:Highest

snuggletex-core-1.1.0.jar

File Path: /home/ciagent/.m2/repository/uk/ac/ed/ph/snuggletex/snuggletex-core/1.1.0/snuggletex-core-1.1.0.jar
MD5: 1ea61a45bcb155a830d6a149f9f3f845
SHA1: 668865eca57ae9765b042558bc95522763333b70
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

  • maven: uk.ac.ed.ph.snuggletex:snuggletex-core:1.1.0   Confidence:High

batik-css-1.7.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/xmlgraphics/batik-css/1.7/batik-css-1.7.jar
MD5: b0203e64b3c06729baa0ef84743ab119
SHA1: e6bb5c85753331534593f33fb9236acb41a0ab79
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

Severity: High
CVSS Score: 7.9 (AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Vulnerable Software & Versions:

CVE-2018-8013  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

Vulnerable Software & Versions: (show all)

xmlgraphics-commons-1.3.1.jar

Description:  Apache XML Graphics Commons is a library that consists of several reusable components used by Apache Batik and Apache FOP. Many of these components can easily be used separately outside the domains of SVG and XSL-FO.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/xmlgraphics/xmlgraphics-commons/1.3.1/xmlgraphics-commons-1.3.1.jar
MD5: e63589601d939739349a50a029dab120
SHA1: f7d0fa54e2750acd82b1a241c043be6fce1bf0dc
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

jeuclid-core-3.1.5.jar

Description: This is the core module containing the basic JEuclid rendering and document handling classes.

File Path: /home/ciagent/.m2/repository/net/sourceforge/jeuclid/jeuclid-core/3.1.5/jeuclid-core-3.1.5.jar
MD5: ef55609690f186df77611d25e79ae781
SHA1: e7b45abc13ba621b384b475ff6d10aa13e121b02
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

snuggletex-jeuclid-1.1.0.jar

File Path: /home/ciagent/.m2/repository/uk/ac/ed/ph/snuggletex/snuggletex-jeuclid/1.1.0/snuggletex-jeuclid-1.1.0.jar
MD5: 4b84195d37d3ad1ece60e9abb56e9bf7
SHA1: 14c790c08d2ca60b9067b5fd156ba01c83f25a3e
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

  • maven: uk.ac.ed.ph.snuggletex:snuggletex-jeuclid:1.1.0   Confidence:High

serializer-2.7.1.jar

Description:  Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input SAX events.

File Path: /home/ciagent/.m2/repository/xalan/serializer/2.7.1/serializer-2.7.1.jar
MD5: a6b64dfe58229bdd810263fa0cc54cff
SHA1: 4b4b18df434451249bb65a63f2fb69e215a6a020
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Service:runtime
  • eXo Wiki JPA Migration Service:runtime
  • eXo PLF:: Wiki Renderer:runtime
  • eXo PLF:: Wiki Upgrade Plugins:runtime
  • eXo Wiki JPA DAO:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

CVE-2014-0107  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.

Vulnerable Software & Versions: (show all)

xalan-2.7.1.jar

Description:  Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It implements XSL Transformations (XSLT) Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from the command line, in an applet or a servlet, or as a module in other program.

File Path: /home/ciagent/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar
MD5: d43aad24f2c143b675292ccfef487f9c
SHA1: 75f1d83ce27bab5f29fff034fc74aa9f7266f22a
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Service:runtime
  • eXo Wiki JPA Migration Service:runtime
  • eXo PLF:: Wiki Renderer:runtime
  • eXo PLF:: Wiki Upgrade Plugins:runtime
  • eXo Wiki JPA DAO:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

CVE-2014-0107  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.

Vulnerable Software & Versions: (show all)

commons-lang-2.6.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Macros Iframe:compile
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

portlet-api-2.0.jar

Description: The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group.

File Path: /home/ciagent/.m2/repository/javax/portlet/portlet-api/2.0/portlet-api-2.0.jar
MD5: 0ec08593cda1df33985391919996c740
SHA1: 1cd72f2a37fcf8ab9893a9468d7ba71c85fe2653
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jcr-1.0.1.jar

Description: Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation.

License:

Day License: http://www.day.com/maven/jsr170/licenses/day-spec-license.htm
File Path: /home/ciagent/.m2/repository/javax/jcr/jcr/1.0.1/jcr-1.0.1.jar
MD5: 4639c7b994528948dab1a4feb1f68d6f
SHA1: 567ee103cf7592e3cf036e1bf4e2e06b9f08e1a1
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • cpe: cpe:/a:content_project:content:1.0.1   Confidence:Low   
  • maven: javax.jcr:jcr:1.0.1   Confidence:High

CVE-2017-16111  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.

Vulnerable Software & Versions:

fontbox-1.8.14.jar

Description:  The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/pdfbox/fontbox/1.8.14/fontbox-1.8.14.jar
MD5: 901640f7e2bd12508ae4a7cccba3df79
SHA1: 9c7caec614a6a132bedc83f1d6d247bb96ca0df3
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2018-11797  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.

Vulnerable Software & Versions: (show all)

CVE-2018-8036  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

Vulnerable Software & Versions: (show all)

jempbox-1.8.14.jar

Description:  The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/pdfbox/jempbox/1.8.14/jempbox-1.8.14.jar
MD5: 393135759731daf4e301903b3de2fbbb
SHA1: 7f94c7cd4efc21e78729436cc4cf0c09eeea0f38
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2018-11797  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.

Vulnerable Software & Versions: (show all)

CVE-2018-8036  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

Vulnerable Software & Versions: (show all)

pdfbox-1.8.14.jar

Description:  The Apache PDFBox library is an open source Java tool for working with PDF documents.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/pdfbox/pdfbox/1.8.14/pdfbox-1.8.14.jar
MD5: c90740e185fc2f8013d1119f509ea4f3
SHA1: 7550298240c8540b721733ede6dc88fcf4fa2b0f
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2018-11797  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.

Vulnerable Software & Versions: (show all)

CVE-2018-8036  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

Vulnerable Software & Versions: (show all)

htmllexer-2.1.jar

Description: HTML Lexer is the low level lexical analyzer.

File Path: /home/ciagent/.m2/repository/org/htmlparser/htmllexer/2.1/htmllexer-2.1.jar
MD5: 1cb7184766a0c52f4d98d671bb08be19
SHA1: 2ebf2c073e649b7e674cddd0558ff102a486402f
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

htmlparser-2.1.jar

Description: HTML Parser is the high level syntactical analyzer.

File Path: /home/ciagent/.m2/repository/org/htmlparser/htmlparser/2.1/htmlparser-2.1.jar
MD5: aa05b921026c228f92ef8b4a13c26f8d
SHA1: c752e5984b7767533cbd3fdffa48cecb52fa226c
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

poi-3.13.jar

Description: Apache POI - Java API To Access Microsoft Format Files

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/poi/poi/3.13/poi-3.13.jar
MD5: 1b43f32e2211546040597a9e2d07b869
SHA1: 0f59f504ba8c521e61e25f417ec652fd485010f3
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2016-5000  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions:

CVE-2017-5644  

Severity: High
CVSS Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

Vulnerable Software & Versions:

tika-core-1.5.jar

Description: This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tika/tika-core/1.5/tika-core-1.5.jar
MD5: e864bf637f51283dc525087b015d7b1a
SHA1: 194ca0fb3d73b07737524806fbc3bec89063c03a
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2016-6809  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

Vulnerable Software & Versions:

CVE-2018-11761  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

Vulnerable Software & Versions: (show all)

CVE-2018-11762  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.

Vulnerable Software & Versions: (show all)

CVE-2018-11796  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.

Vulnerable Software & Versions: (show all)

CVE-2018-1335  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.

Vulnerable Software & Versions: (show all)

CVE-2018-1338  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.

Vulnerable Software & Versions: (show all)

CVE-2018-1339  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.

Vulnerable Software & Versions: (show all)

CVE-2018-8017  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.

Vulnerable Software & Versions: (show all)

vorbis-java-core-0.1-tests.jar

File Path: /home/ciagent/.m2/repository/org/gagravarr/vorbis-java-core/0.1/vorbis-java-core-0.1-tests.jar
MD5: d58f076c08a917277d03f3417aa867a6
SHA1: c849979e199d8a7c3da1a00799c623c00f94efac
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Service:test,provided
  • eXo PLF:: Wiki Webui:test,provided
  • eXo PLF:: Wiki Renderer:test,provided
  • eXo Wiki JPA Migration Service:test,provided
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Upgrade Plugins:test,provided

Identifiers

vorbis-java-tika-0.1.jar

File Path: /home/ciagent/.m2/repository/org/gagravarr/vorbis-java-tika/0.1/vorbis-java-tika-0.1.jar
MD5: 1fccc6796a0924ba4f32eb1d44b8616b
SHA1: 6966c8663a7f689021accb13cceaa6101f53ea3d
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2016-6809  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

Vulnerable Software & Versions:

CVE-2018-11761  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

Vulnerable Software & Versions: (show all)

CVE-2018-11796  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.

Vulnerable Software & Versions: (show all)

CVE-2018-1335  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.

Vulnerable Software & Versions: (show all)

CVE-2018-1338  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.

Vulnerable Software & Versions: (show all)

CVE-2018-1339  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.

Vulnerable Software & Versions: (show all)

netcdf-4.2-min.jar

Description: The NetCDF-Java Library is a Java interface to NetCDF files, as well as to many other types of scientific data formats.

License:

(MIT-style) netCDF C library license.: http://www.unidata.ucar.edu/software/netcdf/copyright.html
File Path: /home/ciagent/.m2/repository/edu/ucar/netcdf/4.2-min/netcdf-4.2-min.jar
MD5: eb00b40b0511f0fc1dfcfc9cb89e3c53
SHA1: 0f3c3f3db4c54483aa1fbc4497e300879ce24da1
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

apache-mime4j-core-0.7.2.jar

Description: Java stream based MIME message parser

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/james/apache-mime4j-core/0.7.2/apache-mime4j-core-0.7.2.jar
MD5: 88f799546eca803c53eee01a4ce5edcd
SHA1: a81264fe0265ebe8fd1d8128aad06dc320de6eef
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

xz-1.2.jar

Description: XZ data compression

License:

Public Domain
File Path: /home/ciagent/.m2/repository/org/tukaani/xz/1.2/xz-1.2.jar
MD5: 04bd31459826c30c2a3c304e3b225ad4
SHA1: bfc66dda280a18ab341b5023248925265c00394c
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.tukaani:xz:1.2    Confidence:Highest
  • cpe: cpe:/a:tukaani:xz:1.2   Confidence:Low   

CVE-2015-4035  

Severity: Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.

Vulnerable Software & Versions:

commons-compress-1.5.jar

Description:  Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/commons/commons-compress/1.5/commons-compress-1.5.jar
MD5: 5e18cfcf472548c2e0b90a4ea1cedf42
SHA1: d2bd2c0bd328f1dabdf33e10b6d223ebcbe93343
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

tagsoup-1.2.1.jar

Description: TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML.

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/ccil/cowan/tagsoup/tagsoup/1.2.1/tagsoup-1.2.1.jar
MD5: ae73a52cdcbec10cd61d9ef22fab5936
SHA1: 5584627487e984c03456266d3f8802eb85a9ce97
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

asm-debug-all-4.1.jar

File Path: /home/ciagent/.m2/repository/org/ow2/asm/asm-debug-all/4.1/asm-debug-all-4.1.jar
MD5: 6c3a8842f484dd3d620002b361e3610e
SHA1: dd6ba5c392d4102458494e29f54f70ac534ec2a2
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

isoparser-1.0-RC-1.jar

Description: A generic parser and writer for all ISO 14496 based files (MP4, Quicktime, DCF, PDCF, ...)

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/googlecode/mp4parser/isoparser/1.0-RC-1/isoparser-1.0-RC-1.jar
MD5: b0444fde2290319c9028564c3c3ff1ab
SHA1: 4a5768b1070b9488a433362d736720fd7a7b264f
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2013-0259  

Severity: Low
CVSS Score: 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter.

Vulnerable Software & Versions: (show all)

xmpcore-5.1.2.jar

Description:  The XMP Library for Java is based on the C++ XMPCore library and the API is similar.

License:

The BSD License: http://www.adobe.com/devnet/xmp/library/eula-xmp-library-java.html
File Path: /home/ciagent/.m2/repository/com/adobe/xmp/xmpcore/5.1.2/xmpcore-5.1.2.jar
MD5: 0b2cf2a09d32abdedd17de864e93ad25
SHA1: 55615fa2582424e38705487d1d3969af8554f637
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

metadata-extractor-2.6.2.jar

Description: Java library for reading metadata from image files.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/drewnoakes/metadata-extractor/2.6.2/metadata-extractor-2.6.2.jar
MD5: 8f3acbee87dbd5b0cdfacee3bb3aff8b
SHA1: 13930ff22d3f152bd969a63e88537d2f2adc2cd5
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

vorbis-java-core-0.1.jar

File Path: /home/ciagent/.m2/repository/org/gagravarr/vorbis-java-core/0.1/vorbis-java-core-0.1.jar
MD5: b88115be2754cb6883e652ba68ca46c8
SHA1: 662a02b94701947e6e66e7793d996043f05fad4a
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

juniversalchardet-1.0.3.jar

Description: Java port of universalchardet

License:

Mozilla Public License 1.1 (MPL 1.1): http://www.mozilla.org/MPL/MPL-1.1.html
File Path: /home/ciagent/.m2/repository/com/googlecode/juniversalchardet/juniversalchardet/1.0.3/juniversalchardet-1.0.3.jar
MD5: d9ea0a9a275336c175b343f2e4cd8f27
SHA1: cd49678784c46aa8789c060538e0154013bb421b
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jhighlight-1.0.jar

Description:  JHighlight is an embeddable pure Java syntax highlighting library that supports Java, HTML, XHTML, XML and LZX languages and outputs to XHTML. It also supports RIFE templates tags and highlights them clearly so that you can easily identify the difference between your RIFE markup and the actual marked up source.

License:

CDDL, v1.0: http://www.opensource.org/licenses/cddl1.php
LGPL, v2.1 or later: http://www.opensource.org/licenses/lgpl-license.php
File Path: /home/ciagent/.m2/repository/com/uwyn/jhighlight/1.0/jhighlight-1.0.jar
MD5: 0ad5cf1bc56657f5e9e327e5e768da0a
SHA1: 0b1774029ee29472df8c25e5ba796431f7689fd6
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

xmlbeans-2.6.0.jar

Description: XmlBeans main jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/xmlbeans/xmlbeans/2.6.0/xmlbeans-2.6.0.jar
MD5: 6591c08682d613194dacb01e95c78c2c
SHA1: 29e80d2dd51f9dcdef8f9ffaee0d4dc1c9bbfc87
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

exo.core.component.document-5.3.x-SNAPSHOT.jar

Description: Implementation of Document Service of Exoplatform SAS 'eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.document/5.3.x-SNAPSHOT/exo.core.component.document-5.3.x-SNAPSHOT.jar
MD5: f45710d396a164821cae9d6be2c43dea
SHA1: 3816bb2203bb3f7c818df5a3a3949a093bd74d02
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.core:exo.core.component.document:5.3.x-SNAPSHOT   Confidence:High

lucene-analyzers-3.6.2.jar

Description: Additional Analyzers

File Path: /home/ciagent/.m2/repository/org/apache/lucene/lucene-analyzers/3.6.2/lucene-analyzers-3.6.2.jar
MD5: 13f8241b6991bd1349c05369a7c0f002
SHA1: 3a083510dcb0d0fc67f8456cdac6f48aa0da2993
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

lucene-spellchecker-3.6.2.jar

Description: Spell Checker

File Path: /home/ciagent/.m2/repository/org/apache/lucene/lucene-spellchecker/3.6.2/lucene-spellchecker-3.6.2.jar
MD5: a4b684913f93aea76f5dbd7e479f19c5
SHA1: 15db0c0cfee44e275f15ad046e46b9a05910ad24
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jta-1.1.jar

Description:  The javax.transaction package. It is appropriate for inclusion in a classpath, and may be added to a Java 2 installation.

File Path: /home/ciagent/.m2/repository/javax/transaction/jta/1.1/jta-1.1.jar
MD5: 82a10ce714f411b28f13850059de09ee
SHA1: 2ca09f0b36ca7d71b762e14ea2ff09d5eac57558
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

concurrent-1.3.4.jar

License:

Public domain, Sun Microsoystems: >http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.html
File Path: /home/ciagent/.m2/repository/concurrent/concurrent/1.3.4/concurrent-1.3.4.jar
MD5: f29b9d930d3426ebc56919eba10fbd4d
SHA1: 1cf394c2a388199db550cda311174a4c6a7d117c
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jgroups-3.6.13.Final.jar

Description:  Reliable cluster communication toolkit

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/org/jgroups/jgroups/3.6.13.Final/jgroups-3.6.13.Final.jar
MD5: d7a4d1065e9b09e3f48bfa88ab368a0c
SHA1: 1315a8a1aed98dcafc11a850957ced42dc26bf18
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jbossjta-4.16.6.Final.jar

Description: JBossTS - JBoss Transaction Service. JTA, JTS and XTS (WS-AT, WS-BA)

License:

LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/jboss/jbossts/jbossjta/4.16.6.Final/jbossjta-4.16.6.Final.jar
MD5: 9e3c8d7d93b92ab97489aeb5816370c8
SHA1: 99e79e03ced180bea4e3307511d350eb2b88c91c
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

ws-commons-util-1.0.1.jar

Description: This is a small collection of utility classes, that allow high performance XML processing based on SAX. Basically, it is assumed, that you are using an JAXP 1.1 compliant XML parser and nothing else. In particular, no dependency on the javax.xml.transform package is introduced.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/ws/commons/ws-commons-util/1.0.1/ws-commons-util-1.0.1.jar
MD5: 66919d22287ddab742a135da764c2cd6
SHA1: 126e80ff798fece634bc94e61f8be8a8da00be60
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2016-10542  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.

Vulnerable Software & Versions:

jboss-common-core-2.2.22.GA.jar

Description: JBoss Common Core Utility classes

File Path: /home/ciagent/.m2/repository/org/jboss/jboss-common-core/2.2.22.GA/jboss-common-core-2.2.22.GA.jar
MD5: 8c415e1467075a90045a7b0fd19886a3
SHA1: ae1a22412d879c4ac48e35cf00f438bb263d41c3
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

stringtemplate-3.2.1.jar

Description: StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.

License:

BSD licence: http://antlr.org/license.html
File Path: /home/ciagent/.m2/repository/org/antlr/stringtemplate/3.2.1/stringtemplate-3.2.1.jar
MD5: b58ca53e518a92a1991eb63b61917582
SHA1: 59ec8083721eae215c6f3caee944c410d2be34de
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

antlr-runtime-3.5.jar

Description: A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.

File Path: /home/ciagent/.m2/repository/org/antlr/antlr-runtime/3.5/antlr-runtime-3.5.jar
MD5: aa6d7c8b425df59f5f5bc98c58cfd9fc
SHA1: 0baa82bff19059401e90e1b90020beb9c96305d7
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jboss-marshalling-osgi-2.0.0.Beta3.jar

Description: JBoss Marshalling OSGi Bundle with API and implementations

License:

http://repository.jboss.org/licenses/cc0-1.0.txt
File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar
MD5: 7652392087f6e70312cf0309ab563a4f
SHA1: a55fe6527a2d50dc48ad3f8b9093bd0cb01302b0
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

infinispan-core-8.2.6.Final.jar

Description: Infinispan core module

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/ciagent/.m2/repository/org/infinispan/infinispan-core/8.2.6.Final/infinispan-core-8.2.6.Final.jar
MD5: 06371c22b39aef4faf1da8d21b2102cb
SHA1: 84937a866a56760b9c50bfbca10442fa14be6375
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2016-0750  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.

Vulnerable Software & Versions: (show all)

CVE-2017-15089  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.

Vulnerable Software & Versions: (show all)

CVE-2017-2638  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication

It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.

Vulnerable Software & Versions: (show all)

exo.jcr.component.core-5.3.x-SNAPSHOT.jar

Description: Implementation of Core Service of Exoplatform SAS 'eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/jcr/exo.jcr.component.core/5.3.x-SNAPSHOT/exo.jcr.component.core-5.3.x-SNAPSHOT.jar
MD5: 270fed54370dddb7b6f2a0ac0a53fb19
SHA1: 2e610d06ecc8ae00c94f7504cdef11211515dbd3
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.jcr:exo.jcr.component.core:5.3.x-SNAPSHOT   Confidence:High

jtidy-r938.jar

Description:  JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML.

License:

Java HTML Tidy License: http://jtidy.svn.sourceforge.net/viewvc/jtidy/trunk/jtidy/LICENSE.txt?revision=95
File Path: /home/ciagent/.m2/repository/net/sf/jtidy/jtidy/r938/jtidy-r938.jar
MD5: 6a9121561b8f98c0a8fb9b6e57f50e6b
SHA1: ab08d87a225a715a69107732b67f21e1da930349
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: net.sf.jtidy:jtidy:r938    Confidence:Highest
  • cpe: cpe:/a:html-tidy:tidy:-   Confidence:Low   

exo.core.component.xml-processing-5.3.x-SNAPSHOT.jar

Description: Implementation of XML Processing Service of Exoplatform SAS 'eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.xml-processing/5.3.x-SNAPSHOT/exo.core.component.xml-processing-5.3.x-SNAPSHOT.jar
MD5: 72733f679e354536825490dcd09a699a
SHA1: 8abf87f511ed36fa29ee72cd75c7308f852c7b6f
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • cpe: cpe:/a:processing:processing:5.3   Confidence:Low   
  • maven: org.exoplatform.core:exo.core.component.xml-processing:5.3.x-SNAPSHOT   Confidence:High

exo.core.component.script.groovy-5.3.x-SNAPSHOT.jar

Description: Groovy Scripts Instantiator of Exoplatform SAS 'eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.script.groovy/5.3.x-SNAPSHOT/exo.core.component.script.groovy-5.3.x-SNAPSHOT.jar
MD5: 7b83e6a1b4a6dad0afeeb2169f8bed89
SHA1: ee331e349386b130980f5564f3ba15a9cba7ebce
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.core:exo.core.component.script.groovy:5.3.x-SNAPSHOT   Confidence:High

exo.jcr.component.ext-5.3.x-SNAPSHOT.jar

Description: Implementation of Extension Service of Exoplatform SAS 'eXo JCR' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/jcr/exo.jcr.component.ext/5.3.x-SNAPSHOT/exo.jcr.component.ext-5.3.x-SNAPSHOT.jar
MD5: 80ba6722d208fa7b15b8c7d090d4c0cc
SHA1: ecd82797b6732d7e1c33328f5970ffd1d7caee03
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.jcr:exo.jcr.component.ext:5.3.x-SNAPSHOT   Confidence:High

xmlpull-1.1.3.1.jar

License:

Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt
File Path: /home/ciagent/.m2/repository/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Service:runtime
  • eXo PLF:: Wiki Renderer:runtime
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

xpp3_min-1.1.4c.jar

Description: MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+.

License:

Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt
Public Domain: http://creativecommons.org/licenses/publicdomain
File Path: /home/ciagent/.m2/repository/xpp3/xpp3_min/1.1.4c/xpp3_min-1.1.4c.jar
MD5: dcd95bcb84b09897b2b66d4684c040da
SHA1: 19d4e90b43059058f6e056f794f0ea4030d60b86
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Service:runtime
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

xstream-1.4.10.jar

Description: XStream is a serialization library from Java objects to XML and back.

License:

http://x-stream.github.io/license.html
File Path: /home/ciagent/.m2/repository/com/thoughtworks/xstream/xstream/1.4.10/xstream-1.4.10.jar
MD5: d00eec778910f95b26201395ac64cca0
SHA1: dfecae23647abc9d9fd0416629a4213a3882b101
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:runtime
  • eXo PLF:: Wiki Renderer:runtime
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2013-7285  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.

Vulnerable Software & Versions: (show all)

commons-webui-component-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-webui-component/5.3.x-SNAPSHOT/commons-webui-component-5.3.x-SNAPSHOT.jar
MD5: afe16b7e36ecbb581a371dafe5370c3b
SHA1: 3b0b4a1f913cd523987ed381a1d4883f59c3f899
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.commons:commons-webui-component:5.3.x-SNAPSHOT   Confidence:High

commons-webui-ext-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-webui-ext/5.3.x-SNAPSHOT/commons-webui-ext-5.3.x-SNAPSHOT.jar
MD5: 21e85e2bf15d4ab08eaa0374f2b2b4f7
SHA1: 3ef63b11d132511df342085a73b563a8e98f72dc
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile

Identifiers

  • maven: org.exoplatform.commons:commons-webui-ext:5.3.x-SNAPSHOT   Confidence:High

exo.kernel.component.cache-5.3.x-SNAPSHOT.jar

Description: Implementation of Cache Service of Exoplatform SAS 'eXo Kernel' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.cache/5.3.x-SNAPSHOT/exo.kernel.component.cache-5.3.x-SNAPSHOT.jar
MD5: 6a322bdcc585dcf7bb26e4b7554adf3c
SHA1: 249eab6c763268ea4c6bcc15a6b53bf38c49fb6e
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.kernel:exo.kernel.component.cache:5.3.x-SNAPSHOT   Confidence:High

antlr-2.7.7.jar

Description:  A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.

License:

BSD License: http://www.antlr.org/license.html
File Path: /home/ciagent/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

hibernate-core-4.2.21.Final.jar

Description: A module of the Hibernate O/RM project

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-core/4.2.21.Final/hibernate-core-4.2.21.Final.jar
MD5: 492567c1f36fb3a5968ca2d3c452edaf
SHA1: bb587d00287c13d9e4324bc76c13abbd493efa81
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jakarta-regexp-1.4.jar

File Path: /home/ciagent/.m2/repository/jakarta-regexp/jakarta-regexp/1.4/jakarta-regexp-1.4.jar
MD5: 5d8b8c601c21b37aa6142d38f45c0297
SHA1: 0ea514a179ac1dd7e81c7e6594468b9b9910d298
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

xpp3-1.1.6.jar

Description: XML Pull parser library developed by Extreme Computing Lab, Indiana University

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/ogce/xpp3/1.1.6/xpp3-1.1.6.jar
MD5: 626a429318310e92e3466151e050bdc5
SHA1: dc87e00ddb69341b46a3eb1c331c6fcebf6c8546
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

exo.core.component.organization.api-5.3.x-SNAPSHOT.jar

Description: API of Organization Service of Exoplatform SAS 'eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.organization.api/5.3.x-SNAPSHOT/exo.core.component.organization.api-5.3.x-SNAPSHOT.jar
MD5: dac80c845342c757a54f5b1c780c52d6
SHA1: a07f68213aab5a6dd25dfcc8780e4162c59a7673
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • cpe: cpe:/a:api-platform:core:5.3   Confidence:Low   
  • maven: org.exoplatform.core:exo.core.component.organization.api:5.3.x-SNAPSHOT   Confidence:High

commons-dbcp-1.4.jar

Description: Commons Database Connection Pooling

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-dbcp/commons-dbcp/1.4/commons-dbcp-1.4.jar
MD5: b004158fab904f37f5831860898b3cd9
SHA1: 30be73c965cc990b153a100aaaaafcf239f82d39
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Service:runtime
  • eXo Wiki JPA Migration Service:runtime
  • eXo PLF:: Wiki Renderer:runtime
  • eXo PLF:: Wiki Upgrade Plugins:runtime
  • eXo Wiki JPA DAO:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

commons-pool-1.6.jar

Description: Commons Object Pooling Library

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6.jar
MD5: 5ca02245c829422176d23fa530e919cc
SHA1: 4572d589699f09d866a226a14b7f4323c6d8f040
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Service:runtime
  • eXo Wiki JPA Migration Service:runtime
  • eXo PLF:: Wiki Renderer:runtime
  • eXo PLF:: Wiki Upgrade Plugins:runtime
  • eXo Wiki JPA DAO:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

exo.kernel.component.common-5.3.x-SNAPSHOT.jar

Description: Implementation of Common Service of Exoplatform SAS 'eXo Kernel' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.common/5.3.x-SNAPSHOT/exo.kernel.component.common-5.3.x-SNAPSHOT.jar
MD5: c57430ba3cc88079d9fe4604fed4798c
SHA1: d3f3536bcb0b5ed4306eaf6896f22d022f844899
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.kernel:exo.kernel.component.common:5.3.x-SNAPSHOT   Confidence:High

exo.core.component.security.core-5.3.x-SNAPSHOT.jar

Description: Implementation of 'eXo Security' component of Exoplatform SAS 'eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.security.core/5.3.x-SNAPSHOT/exo.core.component.security.core-5.3.x-SNAPSHOT.jar
MD5: 488f425f279a0c228294112bce69f54a
SHA1: 851b19507264b0f4a9f19d3752df3b127276ce2a
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.core:exo.core.component.security.core:5.3.x-SNAPSHOT   Confidence:High

mime-util-2.1.3.jar

Description: mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/eu/medsea/mimeutil/mime-util/2.1.3/mime-util-2.1.3.jar
MD5: 3d4f3e1a96eb79683197f1c8b182f4a6
SHA1: 0c9cfae15c74f62491d4f28def0dff1dabe52a47
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jcl-over-slf4j-1.7.18.jar

Description: JCL 1.1.1 implemented over SLF4J

File Path: /home/ciagent/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.18/jcl-over-slf4j-1.7.18.jar
MD5: 86c8f80da62e4640564effb9dff7e003
SHA1: eca71be00af2579564e9f3a23ce0b245ca79ee5d
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

exo.kernel.commons-5.3.x-SNAPSHOT.jar

Description: Implementation of Commons Utils of Exoplatform SAS 'eXo Kernel' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.commons/5.3.x-SNAPSHOT/exo.kernel.commons-5.3.x-SNAPSHOT.jar
MD5: e45922985af7344ecbcca4bae3fc09ab
SHA1: c338e8e2fb4598959349acdf407306be46246113
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.kernel:exo.kernel.commons:5.3.x-SNAPSHOT   Confidence:High

javax.servlet-api-3.0.1.jar

Description: Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/ciagent/.m2/repository/javax/servlet/javax.servlet-api/3.0.1/javax.servlet-api-3.0.1.jar
MD5: 3ef236ac4c24850cd54abff60be25f35
SHA1: 6bf0ebb7efd993e222fc1112377b5e92a13b38dd
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Webui:provided
  • eXo PLF:: Wiki Service:provided
  • eXo PLF:: Wiki Webapp:provided
  • eXo Wiki JPA DAO:provided
  • eXo PLF:: Wiki Upgrade Plugins:provided
  • eXo Wiki JPA Migration Service:provided
  • eXo PLF:: Wiki Renderer:provided

Identifiers

commons-beanutils-1.8.3.jar

Description: BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar
MD5: b45be74134796c89db7126083129532f
SHA1: 686ef3410bcf4ab8ce7fd0b899e832aaba5facf7
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Macros Iframe:compile
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

CVE-2014-0114  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

jibx-run-1.2.6.jar

Description: JiBX runtime code

License:

http://jibx.sourceforge.net/jibx-license.html
File Path: /home/ciagent/.m2/repository/org/jibx/jibx-run/1.2.6/jibx-run-1.2.6.jar
MD5: 4ef53e4279c8440aff2d16c0af024231
SHA1: 544f3ac7887d7eed20ca0420ee1963df6c7ecebb
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

cdi-api-1.0-SP4.jar

Description: APIs for JSR-299: Contexts and Dependency Injection for Java EE

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/javax/enterprise/cdi-api/1.0-SP4/cdi-api-1.0-SP4.jar
MD5: 6c1e2b4036d64b6ba1a1136a00c7cdaa
SHA1: 6e38490033eb8b36c4cf1f7605163424a574dcf0
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

exo.kernel.container-5.3.x-SNAPSHOT.jar

Description: Implementation of Container for Exoplatform SAS 'eXo Kernel' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.container/5.3.x-SNAPSHOT/exo.kernel.container-5.3.x-SNAPSHOT.jar
MD5: e3a9fd28ca075c2222bbeed39e55297d
SHA1: 6a171b6b0e06e09151f08de470d69b3b5358489a
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.kernel:exo.kernel.container:5.3.x-SNAPSHOT   Confidence:High

exo.portal.webui.core-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.webui.core/5.3.x-SNAPSHOT/exo.portal.webui.core-5.3.x-SNAPSHOT.jar
MD5: 4e253065194ba0054c6d12ec0b724bad
SHA1: 40016d9274ed13258c15197a39051966ad7c20f0
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.gatein.portal:exo.portal.webui.core:5.3.x-SNAPSHOT   Confidence:High
  • cpe: cpe:/a:in-portal:in-portal:5.3   Confidence:Low   

htmlcleaner-2.7.jar

Description:  HtmlCleaner is an HTML parser written in Java. It transforms dirty HTML to well-formed XML following the same rules that most web-browsers use.

License:

BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /home/ciagent/.m2/repository/net/sourceforge/htmlcleaner/htmlcleaner/2.7/htmlcleaner-2.7.jar
MD5: 59c43d382a268e31867fcd3de90991a0
SHA1: e2f6f5e109695701578258934d9819379c5bffe4
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

xercesImpl-2.9.1.jar

Description:  Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.

File Path: /home/ciagent/.m2/repository/xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar
MD5: f807f86d7d9db25edbfc782aca7ca2a9
SHA1: 7bc7e49ddfe4fb5f193ed37ecc96c12292c8ceb6
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

  • maven: xerces:xercesImpl:2.9.1    Confidence:Highest
  • cpe: cpe:/a:apache:xerces2_java:2.9.1   Confidence:Low   

CVE-2012-0881  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors

Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.

Vulnerable Software & Versions:

stax-utils-20070216.jar

Description: Provides a set of utility classes to integrate StAX into existing XML processing applications.

License:

BSD: http://www.opensource.org/licenses/bsd-license.html
File Path: /home/ciagent/.m2/repository/net/java/dev/stax-utils/stax-utils/20070216/stax-utils-20070216.jar
MD5: e4e3c9cad3b8289b1f905d6705bb6368
SHA1: 1d9fc60be26a0482c36b7a04d2c581ddf758b6ea
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

xwiki-commons-xml-5.4.7.jar

Description: XWiki Commons - XML

License:

http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/xwiki/commons/xwiki-commons-xml/5.4.7/xwiki-commons-xml-5.4.7.jar
MD5: 292ec670c150223faee3a24a5288b9bd
SHA1: 788b59fc9ea9109aacc237a15f059530b1afb793
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

  • maven: org.xwiki.commons:xwiki-commons-xml:5.4.7   Confidence:High
  • cpe: cpe:/a:xwiki:xwiki:5.4.7   Confidence:Low   

CVE-2018-16277  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The Image Import function in XWiki through 10.7 has XSS.

Vulnerable Software & Versions:

picocontainer-1.1.jar

Description: Please refer to the main website for documentation.

File Path: /home/ciagent/.m2/repository/picocontainer/picocontainer/1.1/picocontainer-1.1.jar
MD5: 98f476491eed3b106b9a015f15bf5fda
SHA1: a2babe80a3af3a3672095341625e4a9ba4278c1b
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

wiki-renderer-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/wiki/wiki-renderer/5.3.x-SNAPSHOT/wiki-renderer-5.3.x-SNAPSHOT.jar
MD5: 20e03d7c2100f6b2547350e871910870
SHA1: 83803dcbe0c8d678c7dbcb02b403b10d680222a1
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.wiki:wiki-renderer:5.3.x-SNAPSHOT   Confidence:High

commons-chain-1.2.jar

Description:  An implementation of the GoF Chain of Responsibility pattern

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-chain/commons-chain/1.2/commons-chain-1.2.jar
MD5: e18e2c87826644e4c8c08635572c154f
SHA1: 744a13e8766e338bd347b6fbc28c6db12979d0c6
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

commons-fileupload-1.3.3.jar

Description:  The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-fileupload/commons-fileupload/1.3.3/commons-fileupload-1.3.3.jar
MD5: dd77e787b7b5dc56f6a1cb658716d55d
SHA1: 04ff14d809195b711fd6bcc87e6777f886730ca1
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

activation-1.1.1.jar

Description: The JavaBeans(TM) Activation Framework is used by the JavaMail(TM) API to manage MIME data

License:

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/ciagent/.m2/repository/javax/activation/activation/1.1.1/activation-1.1.1.jar
MD5: 46a37512971d8eca81c3fcf245bf07d2
SHA1: 485de3a253e23f645037828c07f1d7f1af40763a
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

mail-1.4.7.jar

Description: JavaMail API (compat)

License:

http://www.sun.com/cddl, https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/ciagent/.m2/repository/javax/mail/mail/1.4.7/mail-1.4.7.jar
MD5: 77f53ff0c78ba43c4812ecc9f53e20f8
SHA1: 9add058589d5d85adeb625859bf2c5eeaaedf12d
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jsr311-api-1.1.1.jar

License:

                CDDL License
            : http://www.opensource.org/licenses/cddl1.php
File Path: /home/ciagent/.m2/repository/javax/ws/rs/jsr311-api/1.1.1/jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

lucene-core-3.6.2.jar

Description: Apache Lucene Java Core

File Path: /home/ciagent/.m2/repository/org/apache/lucene/lucene-core/3.6.2/lucene-core-3.6.2.jar
MD5: ee396d04f5a35557b424025f5382c815
SHA1: 9ec77e2507f9cc01756964c71d91efd8154a8c47
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

chromattic.api-1.3.0.jar

Description: Chromattic Framework API

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.api/1.3.0/chromattic.api-1.3.0.jar
MD5: 11f2df6e3a3b4451719710c0f4c08103
SHA1: 4f60a9585bd6e68833eaaea1f1a615c682adbe27
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

reflext.api-1.1.0.jar

Description: The Reflext Framework API

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.api/1.1.0/reflext.api-1.1.0.jar
MD5: fe732172fa2fb5ae4b63866ef15da41f
SHA1: 28374c509099736aeedc52fef3d7b8e78238c2a0
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

reflext.core-1.1.0.jar

Description: The Reflect Framework Core

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.core/1.1.0/reflext.core-1.1.0.jar
MD5: cc65231f60a70dec43a57ccba5adce81
SHA1: 56316a714b99d7ac85d23d0f1a4680149c3273d6
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

reflext.spi-1.1.0.jar

Description: The Reflext Framework SPI

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.spi/1.1.0/reflext.spi-1.1.0.jar
MD5: 2c967ae0c3078d23b615f8825377f304
SHA1: 4df0428c39922079c53955602bce66735f9d20a8
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

reflext.apt-1.1.0.jar

Description: The Reflext Framework Annotation Processing Tool Plugin

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.apt/1.1.0/reflext.apt-1.1.0.jar
MD5: e6bb0195d6cdd15b618939c78999ea4e
SHA1: 093ab21e03197c1c7a2d2d20da4d3dd34a60ac24
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2018-1000840  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.

Vulnerable Software & Versions:

chromattic.apt-1.3.0.jar

Description: Chromattic Framework APT Plugin

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.apt/1.3.0/chromattic.apt-1.3.0.jar
MD5: 5f51682435a2e2014a9bd9c5936a5cc5
SHA1: f2e219c2b8e13983a26b4c3f4e8eb54d71730b4d
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

chromattic.common-1.3.0.jar

Description: Chromattic Framework Common

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.common/1.3.0/chromattic.common-1.3.0.jar
MD5: 15bfb4cc0312aefffb25952cdf18b2cd
SHA1: 55470175c1ba46a917504acf97018e6ef2932659
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

reflext.jlr-1.1.0.jar

Description: The Reflext Framework Java Lang Reflect Plugin

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.jlr/1.1.0/reflext.jlr-1.1.0.jar
MD5: 1103f3b1ed3762e0bd100cbee6e7f345
SHA1: 79ad1a5053213cbb350d37ff12d5f767243c8c46
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

chromattic.core-1.3.0.jar

Description: Chromattic Framework Core

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.core/1.3.0/chromattic.core-1.3.0.jar
MD5: 9ece56be0e1e1b3289bbe177e8e1b4ab
SHA1: 1bc4ebc89d7b47af394b920f44a0b51409343034
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

chromattic.ext-1.3.0.jar

Description: Chromattic Framework Extensions

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.ext/1.3.0/chromattic.ext-1.3.0.jar
MD5: a8482bb9fe7572e77a58627251740ee1
SHA1: ea3bd25892c827d9b830aea768de69e200a93165
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

chromattic.metamodel-1.3.0.jar

Description: Chromattic Framework Metamodel

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.metamodel/1.3.0/chromattic.metamodel-1.3.0.jar
MD5: 0d534975c688ebabbc232601c6bc13da
SHA1: fbaa10037faf34a2d4d8eeb4e6b5ce28c95a9455
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

chromattic.spi-1.3.0.jar

Description: Chromattic Framework SPI

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.spi/1.3.0/chromattic.spi-1.3.0.jar
MD5: e440e3f5a8e5ad38720975546ab7f06d
SHA1: 64c36f826b832acab48fea793b7c70b019a46181
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

exo.jcr.component.webdav-5.3.x-SNAPSHOT.jar

Description: Implementation of Webdav Service of Exoplatform SAS 'eXo JCR' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/jcr/exo.jcr.component.webdav/5.3.x-SNAPSHOT/exo.jcr.component.webdav-5.3.x-SNAPSHOT.jar
MD5: 8aecb716c94f1eba325d18df977af0e6
SHA1: d57042632271dc768d64aa23fd4cb5fa9fe2d598
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.jcr:exo.jcr.component.webdav:5.3.x-SNAPSHOT   Confidence:High

commons-digester-2.1.jar

Description:  The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

exo.kernel.component.command-5.3.x-SNAPSHOT.jar

Description: Implementation of Command Service of Exoplatform SAS 'eXo Kernel' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.command/5.3.x-SNAPSHOT/exo.kernel.component.command-5.3.x-SNAPSHOT.jar
MD5: c8e34b4521db08641687547b1fbc1ce5
SHA1: 1527c8dccb38e62fb298b68bda8263e9005bc6c1
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.kernel:exo.kernel.component.command:5.3.x-SNAPSHOT   Confidence:High

exo.ws.rest.core-5.3.x-SNAPSHOT.jar

Description: Implementation of REST Core for Exoplatform SAS 'Web Services' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/ws/exo.ws.rest.core/5.3.x-SNAPSHOT/exo.ws.rest.core-5.3.x-SNAPSHOT.jar
MD5: 44bf545ee3d289362f22532c0760547b
SHA1: 03ac20ae6703e58212d45e4e153056957e97d413
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.ws:exo.ws.rest.core:5.3.x-SNAPSHOT   Confidence:High
  • cpe: cpe:/a:ws_project:ws:5.3   Confidence:Low   

jboss-logging-annotations-1.2.0.Beta1.jar

File Path: /home/ciagent/.m2/repository/org/jboss/logging/jboss-logging-annotations/1.2.0.Beta1/jboss-logging-annotations-1.2.0.Beta1.jar
MD5: 938e552e319015a8863dd91284aada54
SHA1: 2f437f37bb265d9f8f1392823dbca12d2bec06d6
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

hibernate-commons-annotations-4.0.5.Final.jar

Description: Common reflection code used in support of annotation processing

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/common/hibernate-commons-annotations/4.0.5.Final/hibernate-commons-annotations-4.0.5.Final.jar
MD5: 5dadbafd7c7bc1168c10a2ba87e927a2
SHA1: 2a581b9edb8168e45060d8bad8b7f46712d2c52c
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

log4j-1.2.17.jar

Description: Apache Log4j 1.2

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/log4j/log4j/1.2.17/log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2017-5645  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Vulnerable Software & Versions: (show all)

stax-api-1.0-2.jar

Description:  StAX is a standard XML processing API that allows you to stream XML data from and to your application.

License:

GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html
File Path: /home/ciagent/.m2/repository/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar
MD5: 7d18b63063580284c3f5734081fdc99f
SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jaxb-api-2.1.jar

File Path: /home/ciagent/.m2/repository/javax/xml/bind/jaxb-api/2.1/jaxb-api-2.1.jar
MD5: 9534ce6506dc96bac3944423d804be30
SHA1: d68570e722cffe2000358ce9c661a0b0bf1ebe11
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jaxb-impl-2.1.8.jar

File Path: /home/ciagent/.m2/repository/com/sun/xml/bind/jaxb-impl/2.1.8/jaxb-impl-2.1.8.jar
MD5: 1340264c75ea00b3d4d83e1ba57b606a
SHA1: 41b915446cb6962f9b403d1a5da3817a95ee579e
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

picketlink-idm-core-1.4.6.Final.jar

Description: PicketLink IDM IMPL contains the implementation of the API and the Identity Model.

License:

lgpl: http://repository.jboss.com/licenses/lgpl.txt
File Path: /home/ciagent/.m2/repository/org/picketlink/idm/picketlink-idm-core/1.4.6.Final/picketlink-idm-core-1.4.6.Final.jar
MD5: a5c21c2186c186bc296d9909bcb11616
SHA1: 30d4385012393e4c50a82f8b84153eb6ee301a7d
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2015-0277  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control

The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion.

Vulnerable Software & Versions:

CVE-2015-3158  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.

Vulnerable Software & Versions:

CVE-2015-6254  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-17 Code

The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types.

Vulnerable Software & Versions:

nekohtml-1.9.22.jar

Description: An HTML parser and tag balancer.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/net/sourceforge/nekohtml/nekohtml/1.9.22/nekohtml-1.9.22.jar
MD5: a97dfe2d0ceb81ffbdd15436961b0f23
SHA1: 4f54af68ecb345f2453fb6884672ad08414154e3
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

social-component-service-5.3.x-SNAPSHOT.jar

Description: eXo Social Service Component

File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-component-service/5.3.x-SNAPSHOT/social-component-service-5.3.x-SNAPSHOT.jar
MD5: 5656117cbf0d7ba9a5f944e0920ae5b5
SHA1: 0a50203c211eb19e29aded4f6ad4c113403ac6a4
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.social:social-component-service:5.3.x-SNAPSHOT   Confidence:High

itext-2.1.7.jar

Description: iText, a free Java-PDF library

License:

Mozilla Public License: http://www.mozilla.org/MPL/MPL-1.1.html
File Path: /home/ciagent/.m2/repository/com/lowagie/itext/2.1.7/itext-2.1.7.jar
MD5: 7587a618197a065eac4a453d173d4ed6
SHA1: 892bfb3e97074a61123b3b2d7caa2db112750864
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Service:runtime
  • eXo Wiki JPA Migration Service:runtime
  • eXo PLF:: Wiki Upgrade Plugins:runtime
  • eXo Wiki JPA DAO:runtime
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile

Identifiers

validation-api-1.1.0.Final.jar

Description:  Bean Validation API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Macros Iframe:compile
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:runtime
  • eXo PLF:: Wiki Renderer:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

sac-1.3.jar

Description: SAC is a standard interface for CSS parsers.

License:

The W3C Software License: http://www.w3.org/Consortium/Legal/copyright-software-19980720
File Path: /home/ciagent/.m2/repository/org/w3c/css/sac/1.3/sac-1.3.jar
MD5: eb04fa63fc70c722f2b8ec156166343b
SHA1: cdb2dcb4e22b83d6b32b93095f644c3462739e82
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:runtime
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

cssparser-0.9.18.jar

Description: A CSS parser which implements SAC (the Simple API for CSS).

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl.txt
File Path: /home/ciagent/.m2/repository/net/sourceforge/cssparser/cssparser/0.9.18/cssparser-0.9.18.jar
MD5: dc57713d4c7a54a569fc67529ce3b525
SHA1: 61c015378d27b5e245a5deb7a324c7e716b4706a
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:runtime
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

mchange-commons-java-0.2.3.4.jar

Description: a library of arguably useful Java utilities.

License:

GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.php
File Path: /home/ciagent/.m2/repository/com/mchange/mchange-commons-java/0.2.3.4/mchange-commons-java-0.2.3.4.jar
MD5: cc99f685b11309071e1e94fd758c372b
SHA1: 5eb5a801d96f65912bcf418a831fa23c663b029b
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Service:runtime
  • eXo Wiki JPA Migration Service:runtime
  • eXo PLF:: Wiki Upgrade Plugins:runtime
  • eXo Wiki JPA DAO:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

c3p0-0.9.2.1.jar

Description: a JDBC Connection pooling / Statement caching library

License:

GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.php
File Path: /home/ciagent/.m2/repository/com/mchange/c3p0/0.9.2.1/c3p0-0.9.2.1.jar
MD5: 35085ff8cfaf6576d118ad4492236ae6
SHA1: 11b29ccb286d34eb804b7f6a3786809c9bd2e1b7
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Service:runtime
  • eXo Wiki JPA Migration Service:runtime
  • eXo PLF:: Wiki Upgrade Plugins:runtime
  • eXo Wiki JPA DAO:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

hibernate-c3p0-4.2.21.Final.jar

Description: A module of the Hibernate O/RM project

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-c3p0/4.2.21.Final/hibernate-c3p0-4.2.21.Final.jar
MD5: a020364e0f8e4997c889977e491d0084
SHA1: 838aaf84a93af3930c1e30d314a242f34aeee57a
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Service:runtime
  • eXo Wiki JPA Migration Service:runtime
  • eXo PLF:: Wiki Upgrade Plugins:runtime
  • eXo Wiki JPA DAO:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

exo.core.component.organization.jdbc-5.3.x-SNAPSHOT.jar

Description: Implementation of JDBC Service of Exoplatform SAS 'eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.organization.jdbc/5.3.x-SNAPSHOT/exo.core.component.organization.jdbc-5.3.x-SNAPSHOT.jar
MD5: 2caf7cb0b21b88bd8ac3dfe114c4d93e
SHA1: 6347529dec556074b85276396924ff76862ae6b5
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Service:runtime
  • eXo Wiki JPA Migration Service:runtime
  • eXo PLF:: Wiki Upgrade Plugins:runtime
  • eXo Wiki JPA DAO:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

  • maven: org.exoplatform.core:exo.core.component.organization.jdbc:5.3.x-SNAPSHOT   Confidence:High

jrcs.rcs-0.4.2.jar

File Path: /home/ciagent/.m2/repository/org/suigeneris/jrcs.rcs/0.4.2/jrcs.rcs-0.4.2.jar
MD5: 39a0ad326f371e1b1b0b1f35cf0f6efb
SHA1: 50fde3e7078afa87aea35a11be3ee01e7805a103
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Service:runtime
  • eXo Wiki JPA Migration Service:runtime
  • eXo PLF:: Wiki Upgrade Plugins:runtime
  • eXo Wiki JPA DAO:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

flying-saucer-core-9.0.8.jar

Description: Flying Saucer is a CSS 2.1 renderer written in Java. This artifact contains the core rendering and layout code as well as Java2D output.

License:

GNU Lesser General Public License (LGPL), version 2.1 or later: http://www.gnu.org/licenses/lgpl.html
File Path: /home/ciagent/.m2/repository/org/xhtmlrenderer/flying-saucer-core/9.0.8/flying-saucer-core-9.0.8.jar
MD5: f95e2ae188539bb7c4d675c8c435660e
SHA1: 9c5a8fcd423e4a86d9f460a240f43911a5824a40
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Service:runtime
  • eXo Wiki JPA Migration Service:runtime
  • eXo PLF:: Wiki Upgrade Plugins:runtime
  • eXo Wiki JPA DAO:runtime
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile

Identifiers

xpp3-1.1.4c.jar

Description: MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+.

License:

Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt
Public Domain: http://creativecommons.org/licenses/publicdomain
Apache Software License, version 1.1: http://www.apache.org/licenses/LICENSE-1.1
File Path: /home/ciagent/.m2/repository/xpp3/xpp3/1.1.4c/xpp3-1.1.4c.jar
MD5: 6e3c39f391e4994888b7d0030f775804
SHA1: 9b988ea84b9e4e9f1874e390ce099b8ac12cfff5
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:runtime
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

wiki-service-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/wiki/wiki-service/5.3.x-SNAPSHOT/wiki-service-5.3.x-SNAPSHOT.jar
MD5: b98a3ec99d6d30a051bd2479b784d270
SHA1: 8e2ca37e77852ebc0aeacadcd658f0560782960d
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.wiki:wiki-service:5.3.x-SNAPSHOT   Confidence:High

common-common-2.2.2.Final.jar

File Path: /home/ciagent/.m2/repository/org/gatein/common/common-common/2.2.2.Final/common-common-2.2.2.Final.jar
MD5: 8ce16b5e3991285cd27e553740d09d1f
SHA1: 44522d899e31a5a10dbd70f7b0ca2fe5a614f740
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

exo.kernel.component.ext.cache.impl.infinispan.v8-5.3.x-SNAPSHOT.jar

Description: Infinispan Implementation of Cache Service for Exoplatform SAS 'eXo Kernel' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.ext.cache.impl.infinispan.v8/5.3.x-SNAPSHOT/exo.kernel.component.ext.cache.impl.infinispan.v8-5.3.x-SNAPSHOT.jar
MD5: 2bd82588a1d04ea435de3b334321abb1
SHA1: 1008ebec01e1a674843d64dee25fdd0daf31078e
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.kernel:exo.kernel.component.ext.cache.impl.infinispan.v8:5.3.x-SNAPSHOT   Confidence:High
  • cpe: cpe:/a:infinispan:infinispan:5.3.0   Confidence:Highest   

CVE-2016-0750  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.

Vulnerable Software & Versions: (show all)

CVE-2017-15089  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.

Vulnerable Software & Versions: (show all)

CVE-2017-2638  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication

It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.

Vulnerable Software & Versions: (show all)

exo.core.component.database-5.3.x-SNAPSHOT.jar

Description: Implementation of Database Service of Exoplatform SAS eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.database/5.3.x-SNAPSHOT/exo.core.component.database-5.3.x-SNAPSHOT.jar
MD5: 92c38f5d3a2df6c2b885ad7408b22678
SHA1: 5b5bff26d83127aa80f76883395a4db05c39a4ff
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.core:exo.core.component.database:5.3.x-SNAPSHOT   Confidence:High

staxnav.core-0.9.8.jar

File Path: /home/ciagent/.m2/repository/org/staxnav/staxnav.core/0.9.8/staxnav.core-0.9.8.jar
MD5: 0f786e5be21df9fbe8753175564564c7
SHA1: 27bd12d4d74b0851e38de79f8299462d93ba3d7f
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

pc-portlet-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/pc/pc-portlet/5.3.x-SNAPSHOT/pc-portlet-5.3.x-SNAPSHOT.jar
MD5: 471a9c4fc6eb53f16cd833eedcd1069f
SHA1: 4a9cf81176c3da5bc100a8f90a87a151a20c4123
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.gatein.pc:pc-portlet:5.3.x-SNAPSHOT   Confidence:High

pc-federation-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/pc/pc-federation/5.3.x-SNAPSHOT/pc-federation-5.3.x-SNAPSHOT.jar
MD5: dd4ce55f7c860bb7d016dce9d657b75c
SHA1: 6740d145021ee194ff19685821bb77cf57ad1ec1
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.gatein.pc:pc-federation:5.3.x-SNAPSHOT   Confidence:High

pc-bridge-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/pc/pc-bridge/5.3.x-SNAPSHOT/pc-bridge-5.3.x-SNAPSHOT.jar
MD5: a8031f45e408fb5a638da0e001313c6e
SHA1: 807ded891c83a604160e6eac68bbaf3d6c071da9
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.gatein.pc:pc-bridge:5.3.x-SNAPSHOT   Confidence:High

common-logging-2.2.2.Final.jar

File Path: /home/ciagent/.m2/repository/org/gatein/common/common-logging/2.2.2.Final/common-logging-2.2.2.Final.jar
MD5: 28b7108ee63899bca08636d360e7df11
SHA1: aee18008518671fb10982c0fe5f7383e98f71c47
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

mop-api-1.3.2.Final.jar

Description: API of the Object Model for Portal

File Path: /home/ciagent/.m2/repository/org/gatein/mop/mop-api/1.3.2.Final/mop-api-1.3.2.Final.jar
MD5: 4f2c10678f3c5850bb85c25514469e2e
SHA1: 78f9c03a23ec1c3564e827d3927ce53eca6d919d
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.gatein.mop:mop-api:1.3.2.Final   Confidence:High

mop-spi-1.3.2.Final.jar

Description: SPI of the Object Model for Portal

File Path: /home/ciagent/.m2/repository/org/gatein/mop/mop-spi/1.3.2.Final/mop-spi-1.3.2.Final.jar
MD5: 6ef18d761e625d923ec01c6e5283026e
SHA1: 4fe3a673d58c85d2f6c9ad4446b90229f46c8987
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.gatein.mop:mop-spi:1.3.2.Final   Confidence:High

mop-core-1.3.2.Final.jar

Description: Model Object for Portal Core

File Path: /home/ciagent/.m2/repository/org/gatein/mop/mop-core/1.3.2.Final/mop-core-1.3.2.Final.jar
MD5: 7d5eb7a5c2ed2d88362f9d8a9413a475
SHA1: d27e4c960aefd919f7c25049b72a9bc225cd6548
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.gatein.mop:mop-core:1.3.2.Final   Confidence:High

gatein-management-api-2.1.0.Final.jar

File Path: /home/ciagent/.m2/repository/org/gatein/management/gatein-management-api/2.1.0.Final/gatein-management-api-2.1.0.Final.jar
MD5: dde253e45fefd580cab7a4ee75c6d92e
SHA1: 5c73b152fe9497eb37386052f86bfa7ee7d33b87
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.gatein.management:gatein-management-api:2.1.0.Final   Confidence:High

gatein-management-spi-2.1.0.Final.jar

File Path: /home/ciagent/.m2/repository/org/gatein/management/gatein-management-spi/2.1.0.Final/gatein-management-spi-2.1.0.Final.jar
MD5: 4e10565858662ec9eea75cfbd3544ba1
SHA1: 79670b2dd849b49e145b7122cbff4ef83116157f
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.gatein.management:gatein-management-spi:2.1.0.Final   Confidence:High

json-20070829.jar

Description:  JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.

File Path: /home/ciagent/.m2/repository/org/json/json/20070829/json-20070829.jar
MD5: 4a913140f9099519dfc0212fa5d9a457
SHA1: 89190ff77b57203c3417555f32226998da97ff38
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

closure-compiler-externs-v20170910.jar

File Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler-externs/v20170910/closure-compiler-externs-v20170910.jar
MD5: 573e49fb83760d25b675028eb612e2b2
SHA1: 036e801a929fcd121d212093923daf34986f5572
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

args4j-2.33.jar

Description: args4j : Java command line arguments parser

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/ciagent/.m2/repository/args4j/args4j/2.33/args4j-2.33.jar
MD5: 0a6d515f76b15d29e3cd529de9319739
SHA1: bd87a75374a6d6523de82fef51fc3cfe9baf9fc9
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

error_prone_annotations-2.0.18.jar

File Path: /home/ciagent/.m2/repository/com/google/errorprone/error_prone_annotations/2.0.18/error_prone_annotations-2.0.18.jar
MD5: 98051758c08c9b7111b3268655069432
SHA1: 5f65affce1684999e2f4024983835efc3504012e
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

guava-20.0.jar

Description:  Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/google/guava/guava/20.0/guava-20.0.jar
MD5: f32a8a2524620dbecc9f6bf6a20c293f
SHA1: 89507701249388e1ed5ddcf8c41f4ce1be7831ef
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2018-10237  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Vulnerable Software & Versions: (show all)

gson-2.7.jar

Description: Gson JSON library

File Path: /home/ciagent/.m2/repository/com/google/code/gson/gson/2.7/gson-2.7.jar
MD5: 5134a2350f58890ffb9db0b40047195d
SHA1: 751f548c85fa49f330cecbb1875893f971b33c4e
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jsinterop-annotations-1.0.0.jar

File Path: /home/ciagent/.m2/repository/com/google/jsinterop/jsinterop-annotations/1.0.0/jsinterop-annotations-1.0.0.jar
MD5: 93302e3d0cc146097ecd08039dc1de52
SHA1: 23c3a3c060ffe4817e67673cc8294e154b0a4a95
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

closure-compiler-v20170910.jar

File Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler/v20170910/closure-compiler-v20170910.jar
MD5: ca8e9f88ba9aad9c5e2c0f8f937fe869
SHA1: 3b87499e9ed3f068e69889182ab95cff92de0932
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

twitter4j-core-3.0.5.jar

Description: A Java library for the Twitter API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/ciagent/.m2/repository/org/twitter4j/twitter4j-core/3.0.5/twitter4j-core-3.0.5.jar
MD5: e6c8d2b10c621b2bbd7809bad9cedca3
SHA1: c38ad47bc8ba5991886ce2c0e0acd76d0fdd6e6d
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • cpe: cpe:/a:twitter_project:twitter:3.0.5   Confidence:Low   
  • maven: org.twitter4j:twitter4j-core:3.0.5    Confidence:Highest
  • cpe: cpe:/a:twitter:twitter:3.0.5   Confidence:Low   

scribe-1.3.5.jar

Description: The best OAuth library out there

License:

MIT: http://github.com/fernandezpablo85/scribe-java/blob/master/LICENSE.txt
File Path: /home/ciagent/.m2/repository/org/scribe/scribe/1.3.5/scribe-1.3.5.jar
MD5: 0abb910da19741cd84aabf5520385bc2
SHA1: a3b3deded9d241d9f2c8aa9c9bcd90ad29e2581e
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • cpe: cpe:/a:scribe:scribe:1.3.5   Confidence:Low   
  • maven: org.scribe:scribe:1.3.5    Confidence:Highest

google-http-client-1.14.1-beta.jar

Description:  Google HTTP Client Library for Java. Functionality that works on all supported Java platforms, including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.

File Path: /home/ciagent/.m2/repository/com/google/http-client/google-http-client/1.14.1-beta/google-http-client-1.14.1-beta.jar
MD5: 8a3711522ebceef2531d455e2f04a639
SHA1: cb503d4021739e6bac39442ac87b4e311ec77b5e
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jsr305-1.3.9.jar

Description: JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/google/code/findbugs/jsr305/1.3.9/jsr305-1.3.9.jar
MD5: 1d5a772e400b04bb67a7ef4a0e0996d8
SHA1: 40719ea6961c0cb6afaeb6a921eaa1f6afd4cfdf
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile

Identifiers

google-oauth-client-1.14.1-beta.jar

Description:  Google OAuth Client Library for Java. Functionality that works on all supported Java platforms, including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.

File Path: /home/ciagent/.m2/repository/com/google/oauth-client/google-oauth-client/1.14.1-beta/google-oauth-client-1.14.1-beta.jar
MD5: 71feea1d54eb7878c12855b7c47ef289
SHA1: 7260cd30808a6d1d4ddef6250e3d92d814aaa4cb
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

google-api-client-1.14.1-beta.jar

File Path: /home/ciagent/.m2/repository/com/google/api-client/google-api-client/1.14.1-beta/google-api-client-1.14.1-beta.jar
MD5: 6832804471d4d635ed74ae1fbd5d9d86
SHA1: e95d3b6e36fc67bffd7e71ef60bc5af623e73843
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jackson-core-asl-1.9.11.jar

Description: Jackson is a high-performance JSON processor (parser, generator)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/codehaus/jackson/jackson-core-asl/1.9.11/jackson-core-asl-1.9.11.jar
MD5: 49801a6d43725d5c3a1a52ca021d7dc5
SHA1: e32303ef8bd18a5c9272780d49b81c95e05ddf43
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

google-http-client-jackson-1.14.1-beta.jar

File Path: /home/ciagent/.m2/repository/com/google/http-client/google-http-client-jackson/1.14.1-beta/google-http-client-jackson-1.14.1-beta.jar
MD5: 85d9f42910a68e85ff22d24805688da9
SHA1: 3cfc08bf4b0f62234ff69ff2a0b3c26d7e447829
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

google-api-services-plus-v1-rev69-1.14.2-beta.jar

File Path: /home/ciagent/.m2/repository/com/google/apis/google-api-services-plus/v1-rev69-1.14.2-beta/google-api-services-plus-v1-rev69-1.14.2-beta.jar
MD5: fbddf71619f41f1359f0b3abff442444
SHA1: a6c5cc69690a3bd7777025a65b0f1abe66112a5e
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

google-api-services-oauth2-v2-rev36-1.14.2-beta.jar

File Path: /home/ciagent/.m2/repository/com/google/apis/google-api-services-oauth2/v2-rev36-1.14.2-beta/google-api-services-oauth2-v2-rev36-1.14.2-beta.jar
MD5: cd2ac31ad0317e53e660c2a4578749f3
SHA1: c7249e1e4832f6e6585f7b7db307585b3ae53881
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

groovy-all-2.4.12.jar

Description: Groovy: A powerful, dynamic language for the JVM

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/codehaus/groovy/groovy-all/2.4.12/groovy-all-2.4.12.jar
MD5: dddb0b3d3619875fa1c538c743ae8f99
SHA1: 760afc568cbd94c09d78f801ce51aed1326710af
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

aopalliance-1.0.jar

Description: AOP Alliance

License:

Public Domain
File Path: /home/ciagent/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

guice-3.0.jar

Description: Guice is a lightweight dependency injection framework for Java 5 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/google/inject/guice/3.0/guice-3.0.jar
MD5: ca1c7ba366884cfcd2cfb48d2395c400
SHA1: 9d84f15fe35e2c716a02979fb62f50a29f38aefa
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

joda-time-2.4.jar

Description: Date and time library to replace JDK date handling

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/joda-time/joda-time/2.4/joda-time-2.4.jar
MD5: 1231c3e09de6aa5d6b6d9982c0224e20
SHA1: 89e9725439adffbbd41c5f5c215c136082b34a7f
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

oauth-20100527.jar

File Path: /home/ciagent/.m2/repository/net/oauth/core/oauth/20100527/oauth-20100527.jar
MD5: 91c7c70579f95b7ddee95b2143a49b41
SHA1: a84c5331e225bc25a5a288db328048d6b1bb6fd5
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

ehcache-core-2.6.9.jar

Description: This is the ehcache core module. Pair it with other modules for added functionality.

License:

The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt
File Path: /home/ciagent/.m2/repository/net/sf/ehcache/ehcache-core/2.6.9/ehcache-core-2.6.9.jar
MD5: 521348c6da7c20dba2058917a6a8c0a9
SHA1: e892585cc2cf95d46a2533df438a1d3323034ae8
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

juel-impl-2.2.7.jar

File Path: /home/ciagent/.m2/repository/de/odysseus/juel/juel-impl/2.2.7/juel-impl-2.2.7.jar
MD5: c5d7a62edafb5706b6beadbbcfd8f57d
SHA1: 97958467acef4c2b230b72354a4eefc66628dd99
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

el-api-6.0.41.jar

Description: Expression language package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/el-api/6.0.41/el-api-6.0.41.jar
MD5: 7073be2b44ca903e88ef0d36794cbfd8
SHA1: 9b2915f70905fcd366c7cde00cf25ccd2246e38b
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • cpe: cpe:/a:apache_tomcat:apache_tomcat:6.0.41   Confidence:Low   
  • cpe: cpe:/a:apache:tomcat:6.0.41   Confidence:Highest   
  • maven: org.apache.tomcat:el-api:6.0.41    Confidence:Highest
  • cpe: cpe:/a:apache_software_foundation:tomcat:6.0.41   Confidence:Low   

CVE-2012-5568  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-16 Configuration

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Vulnerable Software & Versions: (show all)

CVE-2013-2185  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions: (show all)

CVE-2013-4444  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Vulnerable Software & Versions: (show all)

CVE-2014-0227  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-19 Data Handling

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Vulnerable Software & Versions: (show all)

CVE-2014-0230  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Vulnerable Software & Versions: (show all)

CVE-2014-7810  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Vulnerable Software & Versions: (show all)

CVE-2015-5174  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

Vulnerable Software & Versions: (show all)

CVE-2015-5345  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

Vulnerable Software & Versions: (show all)

CVE-2016-0706  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.

Vulnerable Software & Versions: (show all)

CVE-2016-0714  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

Vulnerable Software & Versions: (show all)

CVE-2016-0762  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.

Vulnerable Software & Versions: (show all)

CVE-2016-5018  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

Vulnerable Software & Versions: (show all)

CVE-2016-5388  

Severity: Medium
CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

Vulnerable Software & Versions: (show all)

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6794  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.

Vulnerable Software & Versions: (show all)

CVE-2016-6796  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

Vulnerable Software & Versions: (show all)

CVE-2016-6797  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

Vulnerable Software & Versions: (show all)

CVE-2016-6816  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

Vulnerable Software & Versions: (show all)

CVE-2016-8735  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

Vulnerable Software & Versions: (show all)

CVE-2017-5647  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

Vulnerable Software & Versions: (show all)

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

jasper-el-6.0.41.jar

Description: Jasper Expression Language Impl

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/jasper-el/6.0.41/jasper-el-6.0.41.jar
MD5: a8ff295523ea0b4c08f9ff75f41b3ccd
SHA1: ea8e38e8f754e69f0ca05cbdcc675d822ef68d8e
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.apache.tomcat:jasper-el:6.0.41    Confidence:Highest
  • cpe: cpe:/a:apache_tomcat:apache_tomcat:6.0.41   Confidence:Low   
  • cpe: cpe:/a:apache:tomcat:6.0.41   Confidence:Highest   
  • cpe: cpe:/a:apache_software_foundation:tomcat:6.0.41   Confidence:Low   
  • cpe: cpe:/a:jasper_project:jasper:6.0.41   Confidence:Low   

CVE-2012-5568  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-16 Configuration

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Vulnerable Software & Versions: (show all)

CVE-2013-2185  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions: (show all)

CVE-2013-4444  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Vulnerable Software & Versions: (show all)

CVE-2014-0227  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-19 Data Handling

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Vulnerable Software & Versions: (show all)

CVE-2014-0230  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Vulnerable Software & Versions: (show all)

CVE-2014-7810  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Vulnerable Software & Versions: (show all)

CVE-2015-5174  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

Vulnerable Software & Versions: (show all)

CVE-2015-5345  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

Vulnerable Software & Versions: (show all)

CVE-2016-0706  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.

Vulnerable Software & Versions: (show all)

CVE-2016-0714  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

Vulnerable Software & Versions: (show all)

CVE-2016-0762  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.

Vulnerable Software & Versions: (show all)

CVE-2016-5018  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

Vulnerable Software & Versions: (show all)

CVE-2016-5388  

Severity: Medium
CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

Vulnerable Software & Versions: (show all)

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6794  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.

Vulnerable Software & Versions: (show all)

CVE-2016-6796  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

Vulnerable Software & Versions: (show all)

CVE-2016-6797  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

Vulnerable Software & Versions: (show all)

CVE-2016-6816  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

Vulnerable Software & Versions: (show all)

CVE-2016-8735  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

Vulnerable Software & Versions: (show all)

CVE-2017-5647  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

Vulnerable Software & Versions: (show all)

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

shindig-common-2.5.2.jar

Description: Common java code for Shindig

File Path: /home/ciagent/.m2/repository/org/apache/shindig/shindig-common/2.5.2/shindig-common-2.5.2.jar
MD5: 9deeebec74d0530849d5dd42e19ee9cd
SHA1: 8e3d0ee31607e7a18f20612ef705b32ab8eace2b
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

filters-2.0.235.jar

Description: A collection of image processing filters.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/ciagent/.m2/repository/com/jhlabs/filters/2.0.235/filters-2.0.235.jar
MD5: d91073d6b28e2505e96620709626495f
SHA1: af6a2dfefef70f1ab2d7a8d1f8173f67e276b3f4
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2005-0406  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Vulnerable Software & Versions:

CVE-2018-1000840  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.

Vulnerable Software & Versions:

simplecaptcha-1.1.1.Final-gatein-4.jar

File Path: /home/ciagent/.m2/repository/org/gatein/captcha/simplecaptcha/1.1.1.Final-gatein-4/simplecaptcha-1.1.1.Final-gatein-4.jar
MD5: a8b83c67e6fd04cd02d8ebcfd47348c1
SHA1: 964c53fedc87745494c5f8f2cd62b2548dbdeff5
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.gatein.captcha:simplecaptcha:1.1.1.Final-gatein-4   Confidence:High

gatein-api-1.0.1.Final.jar

File Path: /home/ciagent/.m2/repository/org/gatein/api/gatein-api/1.0.1.Final/gatein-api-1.0.1.Final.jar
MD5: 04d51eb4e2734df16f83e514b7110000
SHA1: b67727b03994e6081e2e411804c25bd5d0d919a6
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

icu4j-56.1.jar

Description:  International Component for Unicode for Java (ICU4J) is a mature, widely used Java library providing Unicode and Globalization support

License:

ICU License: http://source.icu-project.org/repos/icu/icu/trunk/license.html
File Path: /home/ciagent/.m2/repository/com/ibm/icu/icu4j/56.1/icu4j-56.1.jar
MD5: 7bd1a7a1295868726f991c7593dce442
SHA1: 8dd6671f52165a0419e6de5e1016400875a90fa9
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2016-6293  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.

Vulnerable Software & Versions:

CVE-2016-7415  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.

Vulnerable Software & Versions:

CVE-2017-14952  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-415 Double Free

Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.

Vulnerable Software & Versions:

CVE-2017-15396  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Vulnerable Software & Versions: (show all)

CVE-2017-15422  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Vulnerable Software & Versions: (show all)

CVE-2017-17484  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.

Vulnerable Software & Versions:

CVE-2017-7867  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-787 Out-of-bounds Write

International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.

Vulnerable Software & Versions:

CVE-2017-7868  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-787 Out-of-bounds Write

International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.

Vulnerable Software & Versions:

commons-component-product-5.3.x-SNAPSHOT.jar

Description: Product informations: version, revision and build numbers

File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-component-product/5.3.x-SNAPSHOT/commons-component-product-5.3.x-SNAPSHOT.jar
MD5: b8901f4806b4b15c95950919ab4e22cc
SHA1: 18deee3c16a7fbe462e1ffe37e4317fe89a9d24c
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:provided

Identifiers

  • maven: org.exoplatform.commons:commons-component-product:5.3.x-SNAPSHOT   Confidence:High

commons-component-upgrade-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-component-upgrade/5.3.x-SNAPSHOT/commons-component-upgrade-5.3.x-SNAPSHOT.jar
MD5: dec94676448b6445d4b46241496bdc51
SHA1: 8a096fb70e071ea70a19721012cd6e425cdd3ff4
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:provided

Identifiers

  • maven: org.exoplatform.commons:commons-component-upgrade:5.3.x-SNAPSHOT   Confidence:High

social-component-common-5.3.x-SNAPSHOT.jar

Description: eXo Social Common Component

File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-component-common/5.3.x-SNAPSHOT/social-component-common-5.3.x-SNAPSHOT.jar
MD5: 97c9ee7e9fb1105d2e2fdcd4fdbb3ce4
SHA1: c470e3e88396adeeeb78ac742d2fe3d2a906c57f
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.social:social-component-common:5.3.x-SNAPSHOT   Confidence:High

pc-api-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/pc/pc-api/5.3.x-SNAPSHOT/pc-api-5.3.x-SNAPSHOT.jar
MD5: e995d3069d7ca3308034dcb2ccd06d09
SHA1: 7c15dad670317a24d7e12ff353aa252eb170165b
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.gatein.pc:pc-api:5.3.x-SNAPSHOT   Confidence:High

caja-r5054.jar

Description:  Caja is a HTML/CSS/JavaScript compiler which allows websites to safely embed web applications from third parties, and enables rich interaction between the embedding page and the embedded applications using an object-capability security model.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/caja/caja/r5054/caja-r5054.jar
MD5: 7379ecf5bc7945ca6ab533b905e449a3
SHA1: 18b47afa0172413346d9c8ae1595b6ffbbddd499
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: com.google.caja:caja:r5054   Confidence:High

htmlparser-r4209.jar

Description:  A patched version of the nu.validator v1.2.1 HTML parser.

License:

No Warranty
File Path: /home/ciagent/.m2/repository/caja/htmlparser/r4209/htmlparser-r4209.jar
MD5: 31c18bc52991e53ed4eaa28347c44189
SHA1: 0573217e5c9bf8fad6ce827a94191ca0f5785087
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: caja:htmlparser:r4209   Confidence:High

oauth-consumer-20090617.jar

File Path: /home/ciagent/.m2/repository/net/oauth/core/oauth-consumer/20090617/oauth-consumer-20090617.jar
MD5: f0e2849d152f4d8bf725aa4e11b8f969
SHA1: fb70a4c98119c27e78320c5e42a99f0b9eb7c356
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: net.oauth.core:oauth-consumer:20090617   Confidence:High

oauth-httpclient4-20090913.jar

File Path: /home/ciagent/.m2/repository/net/oauth/core/oauth-httpclient4/20090913/oauth-httpclient4-20090913.jar
MD5: 577e1f28c28bc5006b8adcf838ffd46d
SHA1: a42f9135d3d72e77274982c4aa14fa0f4dab882f
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: net.oauth.core:oauth-httpclient4:20090913   Confidence:High

oauth-provider-20100527.jar

File Path: /home/ciagent/.m2/repository/net/oauth/core/oauth-provider/20100527/oauth-provider-20100527.jar
MD5: afdc85d3f14481e4842c317c4f414f7e
SHA1: 165bfc97e63e5af8e052a47f4dee832ce06bf7d7
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

guice-multibindings-3.0.jar

Description: Guice is a lightweight dependency injection framework for Java 5 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/google/inject/extensions/guice-multibindings/3.0/guice-multibindings-3.0.jar
MD5: 4be1e91408e173eb10ed53a1a565a793
SHA1: 5e670615a927571234df68a8b1fe1a16272be555
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

sanselan-0.97-incubator.jar

Description: Apache Sanselan is a pure-Java image library.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/sanselan/sanselan/0.97-incubator/sanselan-0.97-incubator.jar
MD5: 84f823e61d93fcedcb3c10a827c45989
SHA1: 8396778b076a2eaf62024b64f6d924e4e0095fca
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

social-component-core-5.3.x-SNAPSHOT.jar

Description: eXo Social Core Component: People and Space

File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-component-core/5.3.x-SNAPSHOT/social-component-core-5.3.x-SNAPSHOT.jar
MD5: e316fbfba9fa30e37a9d370db43643f9
SHA1: cd72311e8b68d1ad544934b2e2f0ba33bcaed44d
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.social:social-component-core:5.3.x-SNAPSHOT   Confidence:High

social-component-webui-5.3.x-SNAPSHOT.jar

Description: eXo Social Web UI Component

File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-component-webui/5.3.x-SNAPSHOT/social-component-webui-5.3.x-SNAPSHOT.jar
MD5: d5d875799fa1c7be83a5010d42ea56e5
SHA1: a1eac43938ba4e11dd95ad6e33f980b8c70e6b62
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile

Identifiers

  • maven: org.exoplatform.social:social-component-webui:5.3.x-SNAPSHOT   Confidence:High

flying-saucer-pdf-9.0.8.jar

Description: Flying Saucer is a CSS 2.1 renderer written in Java. This artifact supports PDF output.

License:

GNU Lesser General Public License (LGPL), version 2.1 or later: http://www.gnu.org/licenses/lgpl.html
File Path: /home/ciagent/.m2/repository/org/xhtmlrenderer/flying-saucer-pdf/9.0.8/flying-saucer-pdf-9.0.8.jar
MD5: 7e9a77a1e8234ba5f1751376b7f152f9
SHA1: b7f04073f273918f81be38b1db1f3b2a93e7984b
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Service:runtime
  • eXo Wiki JPA Migration Service:runtime
  • eXo PLF:: Wiki Upgrade Plugins:runtime
  • eXo Wiki JPA DAO:runtime
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile

Identifiers

bcmail-jdk15-1.45.jar

Description: The Bouncy Castle Java CMS and S/MIME APIs for handling the CMS and S/MIME protocols. This jar contains CMS and S/MIME APIs for JDK 1.5. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. If the S/MIME API is used, the JavaMail API and the Java activation framework will also be needed.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: /home/ciagent/.m2/repository/org/bouncycastle/bcmail-jdk15/1.45/bcmail-jdk15-1.45.jar
MD5: 13321fc7eff7bcada7b4fedfb592025c
SHA1: 3aed7e642dd8d39dc14ed1dec3ff79e084637148
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Service:runtime
  • eXo PLF:: Wiki Renderer:compile
  • eXo Wiki JPA DAO:runtime
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

bcprov-jdk15-1.45.jar

Description: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: /home/ciagent/.m2/repository/org/bouncycastle/bcprov-jdk15/1.45/bcprov-jdk15-1.45.jar
MD5: 2062f8e3d15748443ea60a94b266371c
SHA1: 7741883cb07b4634e8b5fd3337113b6ea770a9bb
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Service:runtime
  • eXo PLF:: Wiki Renderer:compile
  • eXo Wiki JPA DAO:runtime
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • cpe: cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.45   Confidence:Low   
  • maven: org.bouncycastle:bcprov-jdk15:1.45    Confidence:Highest
  • cpe: cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.45   Confidence:Low   

CVE-2015-7940  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

Vulnerable Software & Versions: (show all)

bctsp-jdk15-1.45.jar

Description: The Bouncy Castle Java API for handling the Time Stamp Protocol (TSP). This jar contains the TSP API for JDK 1.5. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: /home/ciagent/.m2/repository/org/bouncycastle/bctsp-jdk15/1.45/bctsp-jdk15-1.45.jar
MD5: 84a2c3383fc991fb9d3902e723d96b7a
SHA1: 60647c99cbcd06b27987cb07643fb68b10c2eb74
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Service:runtime
  • eXo Wiki JPA Migration Service:runtime
  • eXo PLF:: Wiki Upgrade Plugins:runtime
  • eXo Wiki JPA DAO:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

jsr250-api-1.0.jar

Description: JSR-250 Reference Implementation by Glassfish

License:

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/ciagent/.m2/repository/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar
MD5: 4cd56b2e4977e541186de69f5126b4a6
SHA1: 5025422767732a1ab45d93abfea846513d742dcf
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

bayeux-api-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/bayeux-api/3.0.8/bayeux-api-3.0.8.jar
MD5: a09842b7f274cefffa408299b5fc8dd0
SHA1: d5aceb0e7fef4a140f7e95be48338b97723d3163
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

cometd-java-common-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-common/3.0.8/cometd-java-common-3.0.8.jar
MD5: 70c7cc13ecc20634a6b357e33134d551
SHA1: 5e2134a1b3bc6e03b7e1666a74e9993d0bb52a7d
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

cometd-java-websocket-javax-server-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-javax-server/3.0.8/cometd-java-websocket-javax-server-3.0.8.jar
MD5: afa5e80138d48292a6f93b708257d2fc
SHA1: 353860f809886a58c181dd9e273ee7b79e133277
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

cometd-java-websocket-common-server-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-common-server/3.0.8/cometd-java-websocket-common-server-3.0.8.jar
MD5: 5772b2360cec4ff610e62151fb4deb62
SHA1: 61538a1231b700bf045fa197514f63509960985e
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

cometd-java-annotations-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-annotations/3.0.8/cometd-java-annotations-3.0.8.jar
MD5: 98b60697675562cf957655c3239a1ad3
SHA1: 5b56875b2ac024b5666633596abb90702ec35e81
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

jetty-io-9.2.14.v20151106.jar

Description: Administrative parent pom for Jetty modules

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-io/9.2.14.v20151106/jetty-io-9.2.14.v20151106.jar
MD5: 94d0e857144c7615b6fd65019cd32b59
SHA1: dfa4137371a3f08769820138ca1a2184dacda267
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

cometd-java-client-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-client/3.0.8/cometd-java-client-3.0.8.jar
MD5: 24f1367fb4d96fe70a3f07a1f48e447e
SHA1: 826d4ae9402e7c48cc98fe287389788134e4986f
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

cometd-java-websocket-common-client-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-common-client/3.0.8/cometd-java-websocket-common-client-3.0.8.jar
MD5: c17616c290c54ffc4a70dda2b901919a
SHA1: 8b75f11de5bba306d0bcb20a6c1bed89675579cd
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

cometd-java-websocket-javax-client-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-javax-client/3.0.8/cometd-java-websocket-javax-client-3.0.8.jar
MD5: 433dd449f689697bbe1a75b0ed2788f8
SHA1: b44bcf098667f0112301d75f73adb5ba3295699d
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

cometd-java-oort-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-oort/3.0.8/cometd-java-oort-3.0.8.jar
MD5: 62dbbecedab27927495fc9c9e0b70505
SHA1: a72695546e010c250ba65519fc91867b208fc8f9
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

jetty-jmx-9.2.14.v20151106.jar

Description: JMX management artifact for jetty.

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-jmx/9.2.14.v20151106/jetty-jmx-9.2.14.v20151106.jar
MD5: 5eccc25d22921cb4787812d0687a2978
SHA1: 617edc5e966b4149737811ef8b289cd94b831bab
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

  • cpe: cpe:/a:jetty:jetty:9.2.14.v20151106   Confidence:Low   
  • maven: org.eclipse.jetty:jetty-jmx:9.2.14.v20151106    Confidence:Highest
  • cpe: cpe:/a:eclipse:jetty:9.2.14.v20151106   Confidence:Low   

CVE-2017-7656  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Vulnerable Software & Versions: (show all)

CVE-2017-7658  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

Vulnerable Software & Versions: (show all)

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

cometd-java-server-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-server/3.0.8/cometd-java-server-3.0.8.jar
MD5: c55eb617762fad72683da9de856e008c
SHA1: 11d535c657bdb491abc2ccd820118f9d6a8f44e0
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

commons-comet-service-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-comet-service/5.3.x-SNAPSHOT/commons-comet-service-5.3.x-SNAPSHOT.jar
MD5: 7c020a92d3114dc217efa8f161b3738a
SHA1: 24540f023fd116f3ccf2ef430b9dffb38a1b90ed
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

  • maven: org.exoplatform.commons:commons-comet-service:5.3.x-SNAPSHOT   Confidence:High

aspectjrt-1.8.8.jar

Description: The runtime needed to execute a program using AspectJ

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/ciagent/.m2/repository/org/aspectj/aspectjrt/1.8.8/aspectjrt-1.8.8.jar
MD5: 2e448cd7ae0bdc357cb2b6e892ba9c9d
SHA1: 7c5b26f24375685e34a50c2d765ebc40a96a5280
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

c3p0-0.9.1.1.jar

Description:  c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension.

License:

GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl.txt
File Path: /home/ciagent/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar
MD5: 640c58226e7bb6beacc8ac3f6bb533d1
SHA1: 302704f30c6e7abb7a0457f7771739e03c973e80
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

quartz-2.2.2.jar

Description: Enterprise Job Scheduler

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
Apache Software License, Version 2.0
File Path: /home/ciagent/.m2/repository/org/quartz-scheduler/quartz/2.2.2/quartz-2.2.2.jar
MD5: 6acfd6ada2f4ad0abf4de916654dcaea
SHA1: 6fd24da6803ab7c3a08bc519a62219a9bebeb0df
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

owasp-java-html-sanitizer-20160413.1.jar

File Path: /home/ciagent/.m2/repository/com/googlecode/owasp-java-html-sanitizer/owasp-java-html-sanitizer/20160413.1/owasp-java-html-sanitizer-20160413.1.jar
MD5: f2dbfedbd7bea844cedc1fc1e95fca80
SHA1: 61780b5d65c39013d733b70b2d2968f72f83aa0a
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

jrcs.diff-0.4.2.jar

File Path: /home/ciagent/.m2/repository/org/suigeneris/jrcs.diff/0.4.2/jrcs.diff-0.4.2.jar
MD5: a05e71b59b7099da7844fd3b5f38e299
SHA1: 6e8eea2281426cd791a64b348c0932c88b966f39
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

ecs-1.4.2.jar

File Path: /home/ciagent/.m2/repository/ecs/ecs/1.4.2/ecs-1.4.2.jar
MD5: 62d53be190ca9cbfe01bec9fc3396934
SHA1: f9bc5fdde56d60876c1785087ce2a301b4e4a676
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

liquibase-core-3.4.2.jar

File Path: /home/ciagent/.m2/repository/org/liquibase/liquibase-core/3.4.2/liquibase-core-3.4.2.jar
MD5: d4ad6d5f7958b69b8fbd01a5564ae45b
SHA1: c91ccf342466857251cf6795b0cecc42509206f2
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

stax2-api-3.1.4.jar

Description: tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /home/ciagent/.m2/repository/org/codehaus/woodstox/stax2-api/3.1.4/stax2-api-3.1.4.jar
MD5: c08e89de601b0a78f941b2c29db565c3
SHA1: ac19014b1e6a7c08aad07fe114af792676b685b7
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jackson-dataformat-xml-2.4.2.jar

Description: Data format extension for Jackson (http://jackson.codehaus.org) to offer alternative support for serializing POJOs as XML and deserializing XML as pojos. Support implemented on top of Stax API (javax.xml.stream), by implementing core Jackson Streaming API types like JsonGenerator, JsonParser and JsonFactory. Some data-binding types overridden as well (ObjectMapper sub-classed as XmlMapper).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-xml/2.4.2/jackson-dataformat-xml-2.4.2.jar
MD5: 1fa55358af6a1364e72e24d9ca4d58e7
SHA1: 02f2d96f68b2d3475452d95dde7a3fbee225f6ae
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2016-3720  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.

Vulnerable Software & Versions:

CVE-2016-7051  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-918 Server-Side Request Forgery (SSRF)

XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.

Vulnerable Software & Versions: (show all)

CVE-2017-15095  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

Vulnerable Software & Versions: (show all)

CVE-2017-17485  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

Vulnerable Software & Versions: (show all)

CVE-2017-7525  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Vulnerable Software & Versions: (show all)

CVE-2018-1000873  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.

Vulnerable Software & Versions: (show all)

CVE-2018-14719  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-14720  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-14721  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-918 Server-Side Request Forgery (SSRF)

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-19360  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-19361  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-19362  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2019-12086  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.

Vulnerable Software & Versions: (show all)

swagger-annotations-1.5.0.jar

Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/io/swagger/swagger-annotations/1.5.0/swagger-annotations-1.5.0.jar
MD5: c16eb2bdd9f90e97849950178c4c543d
SHA1: f7497f7887e65277c0dab1da1148cf211083f3d4
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

swagger-models-1.5.0.jar

Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/io/swagger/swagger-models/1.5.0/swagger-models-1.5.0.jar
MD5: 5c3d553535fddea14a4e7e87c5fc59fa
SHA1: d2566bfc270073a559b342089f54086ee64ca5b1
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

swagger-core-1.5.0.jar

File Path: /home/ciagent/.m2/repository/io/swagger/swagger-core/1.5.0/swagger-core-1.5.0.jar
MD5: abc2015d9e823cb96abfa7e2937b43fb
SHA1: 09d5cfb8188ac316bad3a7b38c46bac0568c60e4
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

annotations-2.0.1.jar

Description: Annotation supports the FindBugs tool

License:

GNU Lesser Public License: http://www.gnu.org/licenses/lgpl.html
File Path: /home/ciagent/.m2/repository/com/google/code/findbugs/annotations/2.0.1/annotations-2.0.1.jar
MD5: 35ef911c85603829ded63f211feb2d68
SHA1: 9ef6656259841cebfb9fb0697bb122ada4485498
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

reflections-0.9.9.jar

Description: Reflections - a Java runtime metadata analysis

License:

WTFPL: http://www.wtfpl.net/
The New BSD License: http://www.opensource.org/licenses/bsd-license.html
File Path: /home/ciagent/.m2/repository/org/reflections/reflections/0.9.9/reflections-0.9.9.jar
MD5: 5f13944b355f927f956b6298136ad959
SHA1: 0296d8adb2f22a38025f44b45cac89835ff0bbaf
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

swagger-jaxrs-1.5.0.jar

File Path: /home/ciagent/.m2/repository/io/swagger/swagger-jaxrs/1.5.0/swagger-jaxrs-1.5.0.jar
MD5: a09d96c899411ac57a479c6635829600
SHA1: 04a77f3f95bfec3073d9d20660c16f54886dfc9f
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

commons-component-common-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-component-common/5.3.x-SNAPSHOT/commons-component-common-5.3.x-SNAPSHOT.jar
MD5: 68e71cc3a18338cdd93d6eb873ec340a
SHA1: e177099769562ebf444b664181284a611c0a1ea7
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

  • maven: org.exoplatform.commons:commons-component-common:5.3.x-SNAPSHOT   Confidence:High

wiki-macros-iframe-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/wiki/wiki-macros-iframe/5.3.x-SNAPSHOT/wiki-macros-iframe-5.3.x-SNAPSHOT.jar
MD5: 0b533573312842d4d8c75b83284f94b9
SHA1: 2a25f98ad63d5a969140a8390835bcf368297a20
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

  • maven: org.exoplatform.wiki:wiki-macros-iframe:5.3.x-SNAPSHOT   Confidence:High

wci-wci-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/wci/wci-wci/5.3.x-SNAPSHOT/wci-wci-5.3.x-SNAPSHOT.jar
MD5: 2ab001252fa543ff2b30839d5d8b60ec
SHA1: 70f414374362f77fa7ec7a35797e32395bbf36ee
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: org.exoplatform.gatein.wci:wci-wci:5.3.x-SNAPSHOT   Confidence:High

jython-standalone-2.5.4-rc1.jar

File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar
MD5: 947e7602dd7ff324e67b0557c088570d
SHA1: 2c7f8e1a5bcc210a686d15f372276365ccd5dffc
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

pygments-1.6.jar

Description: pygments

License:

Simplified BSD License: http://www.opensource.org/licenses/BSD-2-Clause
File Path: /home/ciagent/.m2/repository/org/pygments/pygments/1.6/pygments-1.6.jar
MD5: a2522f9d0b69803307071c79d2e6f00f
SHA1: 0ca48ef8f443c2c01679414d15e2f2c525583a43
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

jdom2-2.0.5.jar

Description:  A complete, Java-based solution for accessing, manipulating, and outputting XML data

License:

Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt
File Path: /home/ciagent/.m2/repository/org/jdom/jdom2/2.0.5/jdom2-2.0.5.jar
MD5: 302db3c65c38d3c10ef31bca76bd76b4
SHA1: 2001db51c131e555bafdb77fc52af6a9408c505e
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo PLF:: Wiki Webapp:compile

Identifiers

wiki-webui-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/wiki/wiki-webui/5.3.x-SNAPSHOT/wiki-webui-5.3.x-SNAPSHOT.jar
MD5: fab8630f8923298c0a8413257ff4a15a
SHA1: 0e0389fddab816ad0a7435a4f0f80327e9595182
Referenced In Project/Scope: eXo PLF:: Wiki Webapp:runtime

Identifiers

  • maven: org.exoplatform.wiki:wiki-webui:5.3.x-SNAPSHOT   Confidence:High

json-simple-1.1.1.jar

Description: A simple Java toolkit for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/googlecode/json-simple/json-simple/1.1.1/json-simple-1.1.1.jar
MD5: 5cc2c478d73e8454b4c369cee66c5bc7
SHA1: c9ad4a0850ab676c5c64461a05ca524cdfff59f1
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

httpcore-4.3.3.jar

Description:  HttpComponents Core (blocking I/O)

File Path: /home/ciagent/.m2/repository/org/apache/httpcomponents/httpcore/4.3.3/httpcore-4.3.3.jar
MD5: c26171852f9810cd3d2416604a387e71
SHA1: f91b7a4aadc5cf486df6e4634748d7dd7a73f06d
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

commons-logging-1.1.3.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar
MD5: 92eb5aabc1b47287de53d45c086a435c
SHA1: f6f66e966c70a83ffbdb6f17a0919eaf7c8aca7f
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

httpclient-4.3.6.jar

Description:  HttpComponents Client

File Path: /home/ciagent/.m2/repository/org/apache/httpcomponents/httpclient/4.3.6/httpclient-4.3.6.jar
MD5: 2d29a27bb6c6b44bc8a608a0e5d09735
SHA1: 4c47155e3e6c9a41a28db36680b828ced53b8af4
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

commons-search-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-search/5.3.x-SNAPSHOT/commons-search-5.3.x-SNAPSHOT.jar
MD5: 8ccf64594bae4e03e2353ad010d9178e
SHA1: 91c4fd04f1d21d7bf52691a22c236732ec66cd53
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:provided

Identifiers

  • maven: org.exoplatform.commons:commons-search:5.3.x-SNAPSHOT   Confidence:High
  • cpe: cpe:/a:pro_search:pro_search:5.3   Confidence:Low   

commons-api-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-api/5.3.x-SNAPSHOT/commons-api-5.3.x-SNAPSHOT.jar
MD5: 2c3b7dfa120a9e5572d3b2c600e4ca02
SHA1: 3405ca34dc1ae7aa88efe1c0c1f2eb4168dd3c60
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile
  • eXo Wiki JPA Migration Service:provided

Identifiers

  • maven: org.exoplatform.commons:commons-api:5.3.x-SNAPSHOT   Confidence:High

commons-file-storage-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-file-storage/5.3.x-SNAPSHOT/commons-file-storage-5.3.x-SNAPSHOT.jar
MD5: d200ecfb46339a97646183edbf00ad49
SHA1: 5a2b78f6f8a3654b8909a179845df4f15964620e
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile

Identifiers

  • maven: org.exoplatform.commons:commons-file-storage:5.3.x-SNAPSHOT   Confidence:High

jboss-logging-3.3.0.Final.jar

Description: The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/jboss/logging/jboss-logging/3.3.0.Final/jboss-logging-3.3.0.Final.jar
MD5: bc11af4b8ce7138cdc79b7ba8561638c
SHA1: 3616bb87707910296e2c195dc016287080bba5af
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

dom4j-1.6.1.jar

Description: dom4j: the flexible XML framework for Java

File Path: /home/ciagent/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

CVE-2018-1000632  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-91 XML Injection (aka Blind XPath Injection)

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

Vulnerable Software & Versions: (show all)

javassist-3.20.0-GA.jar

Description:  Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/ciagent/.m2/repository/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
MD5: a89dd7907d76e061ec2c07e762a74256
SHA1: a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jboss-transaction-api_1.1_spec-1.0.1.Final.jar

Description: The Java Transaction 1.1 API classes

License:

Common Development and Distribution License: http://repository.jboss.org/licenses/cddl.txt
GNU General Public License, Version 2 with the Classpath Exception: http://repository.jboss.org/licenses/gpl-2.0-ce.txt
File Path: /home/ciagent/.m2/repository/org/jboss/spec/javax/transaction/jboss-transaction-api_1.1_spec/1.0.1.Final/jboss-transaction-api_1.1_spec-1.0.1.Final.jar
MD5: 679cd909d6130e6bf467b291031e1e2d
SHA1: 18f0e1d42f010a8b53aa447bf274a706d5148852
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

hibernate-jpa-2.0-api-1.0.1.Final.jar

Description:  Hibernate definition of the Java Persistence 2.0 (JSR 317) API.

License:

license.txt
File Path: /home/ciagent/.m2/repository/org/hibernate/javax/persistence/hibernate-jpa-2.0-api/1.0.1.Final/hibernate-jpa-2.0-api-1.0.1.Final.jar
MD5: d7e7d8f60fc44a127ba702d43e71abec
SHA1: 3306a165afa81938fc3d8a0948e891de9f6b192b
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

hibernate-entitymanager-4.2.21.Final.jar

Description: A module of the Hibernate O/RM project

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-entitymanager/4.2.21.Final/hibernate-entitymanager-4.2.21.Final.jar
MD5: 2c1a3f1c7bb83b730ab3db1fe588904e
SHA1: a6675070b4c7bb843d74d6ab3bc9440fd315dbb3
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

wiki-jpa-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/wiki/wiki-jpa/5.3.x-SNAPSHOT/wiki-jpa-5.3.x-SNAPSHOT.jar
MD5: a1a567c9ccad2f1892eba2f76286076c
SHA1: 09724285a688dc20fc08a90eb4de8d31078795e5
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile

Identifiers

  • maven: org.exoplatform.wiki:wiki-jpa:5.3.x-SNAPSHOT   Confidence:High

wiki-jpa-migration-5.3.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/wiki/wiki-jpa-migration/5.3.x-SNAPSHOT/wiki-jpa-migration-5.3.x-SNAPSHOT.jar
MD5: 803a026031a53e3e69a9950da51ea06b
SHA1: f505aec96aa0d84bf62d86ed9947ef7c27b8d731
Referenced In Project/Scope: eXo PLF:: Wiki Webapp:runtime

Identifiers

  • maven: org.exoplatform.wiki:wiki-jpa-migration:5.3.x-SNAPSHOT   Confidence:High

commons-lang3-3.3.2.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/commons/commons-lang3/3.3.2/commons-lang3-3.3.2.jar
MD5: 3128bf75a2549ebe38663401191bacab
SHA1: 90a3822c38ec8c996e84c16a3477ef632cbc87a3
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

gwt-user-2.6.1.jar

File Path: /home/ciagent/.m2/repository/com/google/gwt/gwt-user/2.6.1/gwt-user-2.6.1.jar
MD5: ce17f82bb92e3a7416a9be5659cbcc89
SHA1: c078b1b8cc0281214b0eb458d2c283d039374fad
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webui:provided
  • eXo PLF:: Wiki Service:provided

Identifiers

jdom-1.0.jar

File Path: /home/ciagent/.m2/repository/jdom/jdom/1.0/jdom-1.0.jar
MD5: 0b8f97de82fc9529b1028a77125ce4f8
SHA1: a2ac1cd690ab4c80defe7f9bce14d35934c35cec
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile

Identifiers

modules-0.3.2.jar

Description: A collection of ROME modules

File Path: /home/ciagent/.m2/repository/rome/modules/0.3.2/modules-0.3.2.jar
MD5: 0bfe56efb3460cc74d4053ef61635131
SHA1: e696eccbad985f8be6c2299b3aee8010f1cd204f
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo Wiki JPA Migration Service:compile

Identifiers

protobuf-java-3.0.2.jar

Description:  Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format.

License:

http://www.opensource.org/licenses/bsd-license.php
File Path: /home/ciagent/.m2/repository/com/google/protobuf/protobuf-java/3.0.2/protobuf-java-3.0.2.jar
MD5: fca93e016f4dd35aacde356a4b711423
SHA1: ee55e8e697d10b6643d77bb1f686bac3b9ba8579
Referenced In Projects/Scopes:
  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

geronimo-stax-api_1.0_spec-1.0.1.jar

Description: Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/geronimo/specs/geronimo-stax-api_1.0_spec/1.0.1/geronimo-stax-api_1.0_spec-1.0.1.jar
MD5: b7c2a715cd3d1c43dc4ccfae426e8e2e
SHA1: 1c171093a8b43aa550c6050ac441abe713ebb4f2
Referenced In Project/Scope: eXo PLF:: Wiki Renderer:compile

Identifiers

xml-apis-1.0.b2.jar

Description: xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.jar
MD5: 458715c0f7646a56b1c6ad3138098beb
SHA1: 3136ca936f64c9d68529f048c2618bd356bf85c9
Referenced In Project/Scope: eXo PLF:: Wiki Renderer:compile

Identifiers

xml-apis-1.4.01.jar

Description: xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
The SAX License: http://www.saxproject.org/copying.html
The W3C License: http://www.w3.org/TR/2004/REC-DOM-Level-3-Core-20040407/java-binding.zip
File Path: /home/ciagent/.m2/repository/xml-apis/xml-apis/1.4.01/xml-apis-1.4.01.jar
MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d
SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3
Referenced In Projects/Scopes:
  • eXo Wiki JPA DAO:compile
  • eXo Wiki JPA Migration Service:compile

Identifiers

jmock-1.0.1.jar

File Path: /home/ciagent/.m2/repository/jmock/jmock/1.0.1/jmock-1.0.1.jar
MD5: d45c5ca4c1063d508ca8df00538decc1
SHA1: 87a39d1a62ea94be5453ecdbb97cd81c978622d3
Referenced In Projects/Scopes:

  • eXo Wiki JPA DAO:compile
  • eXo Wiki JPA Migration Service:compile

Identifiers

jsr305-3.0.1.jar

Description: JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/google/code/findbugs/jsr305/3.0.1/jsr305-3.0.1.jar
MD5: c6532beb3f7cc54a8d73d25d5602b9e4
SHA1: f7be08ec23c21485b9b5a1cf1654c2ec8c58168d
Referenced In Project/Scope: eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

jackson-core-2.4.2.jar

Description: Core Jackson abstractions, basic JSON streaming API implementation

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.4.2/jackson-core-2.4.2.jar
MD5: 1800d8b5c3324eaa7cff549bad28a98b
SHA1: ceb72830d95c512b4b300a38f29febc85bdf6e4b
Referenced In Project/Scope: eXo Wiki JPA Migration Service:compile

Identifiers

jackson-annotations-2.4.0.jar

Description: Core annotations used for value types, used by Jackson data binding package.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.4.0/jackson-annotations-2.4.0.jar
MD5: 6df1b79ec2e57d62106eb47129e4f7a3
SHA1: d6a66c7a5f01cf500377bd669507a08cfeba882a
Referenced In Project/Scope: eXo Wiki JPA Migration Service:compile

Identifiers

commons-logging-1.0.4.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /home/ciagent/.m2/repository/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar
MD5: 8a507817b28077e0478add944c64586a
SHA1: f029a2aefe2b3e1517573c580f948caac31b1056
Referenced In Project/Scope: eXo Wiki JPA Migration Service:compile

Identifiers

smartgwt-lgpl-6.0-p20170514.jar: isomorphic_applets.jar

File Path: /home/ciagent/.m2/repository/com/isomorphic/smartgwt/lgpl/smartgwt-lgpl/6.0-p20170514/smartgwt-lgpl-6.0-p20170514.jar/com/smartclient/public/sc/system/helpers/isomorphic_applets.jar
MD5: 0f754cb070377f2176d66ab61c1adafe
SHA1: b1cfc819d68ad2ecb419ce92f2c36bfceebf0d09
Referenced In Project/Scope: eXo PLF:: Wiki Webapp:compile

Identifiers

  • None

ehcache-core-2.6.9.jar: sizeof-agent.jar

File Path: /home/ciagent/.m2/repository/net/sf/ehcache/ehcache-core/2.6.9/ehcache-core-2.6.9.jar/net/sf/ehcache/pool/sizeof/sizeof-agent.jar
MD5: 5ad919b3ac0516897bdca079c9a222a8
SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571c
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Renderer:compile
  • eXo PLF:: Wiki Service:compile
  • eXo PLF:: Wiki Webapp:runtime
  • eXo Wiki JPA Migration Service:compile
  • eXo PLF:: Wiki Webui:compile
  • eXo PLF:: Wiki Upgrade Plugins:compile

Identifiers

  • maven: net.sf.ehcache:sizeof-agent:1.0.1   Confidence:High

jython-standalone-2.5.4-rc1.jar: jline64.dll

File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/jline/jline64.dll
MD5: d2f7b0db1231aac1846a857f5c0c4f2c
SHA1: e297e4e990ce820e64d41f3f27b9be90283f3f96
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

  • None

jython-standalone-2.5.4-rc1.jar: jline32.dll

File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/jline/jline32.dll
MD5: b3d9a08ff70440ba3638a325512f2cd8
SHA1: 67a55d8f8ca4937d784d4334e554770adc2a1079
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

  • None

jython-standalone-2.5.4-rc1.jar: wininst-7.1.exe

File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/Lib/distutils/command/wininst-7.1.exe
MD5: 60ca8d5d30a48745d2918fc59f663d82
SHA1: f1eceea0200b381e8df1bd21febe4d86216d3a9d
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

  • None

jython-standalone-2.5.4-rc1.jar: wininst-6.exe

File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/Lib/distutils/command/wininst-6.exe
MD5: 2af1ae03a9ada576bbf62fab00b69be9
SHA1: 0f042eb468c23b791446c1594f8f3bb5023eea36
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

  • None

jython-standalone-2.5.4-rc1.jar: jffi-1.0.dll

File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/jni/x86_64-Windows/jffi-1.0.dll
MD5: 63e4285e98616f329c88d741ca6f65e8
SHA1: 966259febd6c05d8287b7dd75be57bfcd77fd400
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

  • None

jython-standalone-2.5.4-rc1.jar: jffi-1.0.dll

File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/jni/i386-Windows/jffi-1.0.dll
MD5: 570f7ce3eae96b92eb4aab891c076b50
SHA1: c35b34b1cf7a20c0478d34bcfbde3d75905a8b19
Referenced In Projects/Scopes:

  • eXo PLF:: Wiki Webui:runtime
  • eXo PLF:: Wiki Webapp:runtime

Identifiers

  • None

jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling/pom.xml

Description: JBoss Marshalling API

File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling/pom.xml
MD5: 2b0e9541ec4a0f19e378eaabc5e85ea0
SHA1: da91abf3554dceed9454faa89acafc48c0649df5

Identifiers

  • maven: org.jboss.marshalling:jboss-marshalling:2.0.0.Beta3   Confidence:High

jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-river/pom.xml

Description: JBoss Marshalling River Implementation

File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-river/pom.xml
MD5: 1dda062cdd15bd160a4ee6cf1be9f93d
SHA1: 366411529f00ec1eb4451b9b45012bfc09bde34b

Identifiers

  • maven: org.jboss.marshalling:jboss-marshalling-river:2.0.0.Beta3   Confidence:High

jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-serial/pom.xml

Description: JBoss Marshalling Serial Implementation

File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-serial/pom.xml
MD5: 16b74097e7ec70db37b74205776ad0a7
SHA1: cf519c8805a14e6ce20933b7a89bfe0d5a7dbf0f

Identifiers

  • maven: org.jboss.marshalling:jboss-marshalling-serial:2.0.0.Beta3   Confidence:High

closure-compiler-v20170910.jar/META-INF/maven/com.google.javascript/closure-compiler/pom.xml

Description:  Closure Compiler is a JavaScript optimizing compiler. It parses your JavaScript, analyzes it, removes dead code and rewrites and minimizes what's left. It also checks syntax, variable references, and types, and warns about common JavaScript pitfalls. It is used in many of Google's JavaScript apps, including Gmail, Google Web Search, Google Maps, and Google Docs.

File Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler/v20170910/closure-compiler-v20170910.jar/META-INF/maven/com.google.javascript/closure-compiler/pom.xml
MD5: 1b66a934999bffadab1ef6f26b68288b
SHA1: c4f1e36254f80d8b202705a678e804bc484c1e27

Identifiers

  • maven: com.google.javascript:closure-compiler:v20170910   Confidence:High
  • cpe: cpe:/a:google:gmail:-   Confidence:Low   

jackson-dataformat-yaml-2.4.2.jar/META-INF/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/pom.xml

Description: Support for reading and writing YAML-encoded data via Jackson abstractions.

File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.4.2/jackson-dataformat-yaml-2.4.2.jar/META-INF/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/pom.xml
MD5: 287aac9a700de46369cc0e327e3577bc
SHA1: da124b77ecdec56e2af7ef65828ec493590ab214

Identifiers

  • maven: com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.4.2   Confidence:High
  • cpe: cpe:/a:fasterxml:jackson:2.4.2   Confidence:Low   

jackson-dataformat-yaml-2.4.2.jar/META-INF/maven/org.yaml/snakeyaml/pom.xml

Description: YAML 1.1 parser and emitter for Java

License:

Apache License Version 2.0: LICENSE.txt
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.4.2/jackson-dataformat-yaml-2.4.2.jar/META-INF/maven/org.yaml/snakeyaml/pom.xml
MD5: d103ace8c756cc13661469b53cff1794
SHA1: c9dbe57a55450ef61cdb139c01a8edea9206949d

Identifiers

  • maven: org.yaml:snakeyaml:1.12   Confidence:High

jython-standalone-2.5.4-rc1.jar/META-INF/maven/jline/jline/pom.xml

Description: JLine is a java library for reading and editing user input in console applications. It features tab-completion, command history, password masking, customizable keybindings, and pass-through handlers to use to chain to other console applications.

License:

BSD: LICENSE.txt
File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/META-INF/maven/jline/jline/pom.xml
MD5: 0d6d52cb98633c1b3a711696db169d43
SHA1: 4206e42ea819ceb6d541d9d394c44e2b5344fef2

Identifiers

  • maven: jline:jline:0.9.95-SNAPSHOT   Confidence:High

jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.antlr/antlr-runtime/pom.xml

Description: A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.

File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.antlr/antlr-runtime/pom.xml
MD5: 2663ae2cc7c8739fa5b19e2224ab6e55
SHA1: d72704aaf6a6fd2cd6bc142b959f9206e8f71a90

Identifiers

  • maven: org.antlr:antlr-runtime:3.1.3   Confidence:High

jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.ext.posix/jnr-posix/pom.xml

Description:  Common cross-project/cross-platform POSIX APIs

License:

Common Public License - v 1.0: http://www-128.ibm.com/developerworks/library/os-cpl.html
GNU General Public License Version 2: http://www.gnu.org/copyleft/gpl.html
GNU Lesser General Public License Version 2.1: http://www.gnu.org/licenses/lgpl.html
File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.ext.posix/jnr-posix/pom.xml
MD5: feaa380889a30e4e2beee4746d9b0b54
SHA1: 28d89352183ec1db9f4cb75efe98f5f0b9ae589d

Identifiers

  • cpe: cpe:/a:jruby:jruby:1.1.4   Confidence:Highest   
  • maven: org.jruby.ext.posix:jnr-posix:1.1.4   Confidence:High

CVE-2010-1330  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.

Vulnerable Software & Versions: (show all)

CVE-2011-4838  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Vulnerable Software & Versions: (show all)

CVE-2012-5370  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-310 Cryptographic Issues

JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.

Vulnerable Software & Versions:

jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/constantine/pom.xml

Description: A set of platform constants (e.g. errno values)

License:

The MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/constantine/pom.xml
MD5: 970585d7cb052c21db6caa55c946e35e
SHA1: 7d6faeadd03efb438919ff833a9814728c042f0c

Identifiers

  • maven: org.jruby.extras:constantine:0.7   Confidence:High
  • cpe: cpe:/a:values_project:values:0.7   Confidence:Low   

jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jaffl/pom.xml

Description: An abstracted interface to invoking native functions from java

License:

GNU Lesser General Public License Version 3: http://www.gnu.org/licenses/lgpl-3.0.txt
File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jaffl/pom.xml
MD5: 486f581e2d6cee3f3c1020bd1cd856e2
SHA1: d833022c9991b70bcf6ebc9924af7da3bc79f5d1

Identifiers

  • maven: org.jruby.extras:jaffl:0.5.1   Confidence:High

jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jffi/pom.xml

Description: Java wrapper around libffi

License:

GNU LGPLv3: http://www.gnu.org/licenses/lgpl-3.0.txt
File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jffi/pom.xml
MD5: 39e5edd1583d710078ef1f596bb29ce7
SHA1: 5aea815e74debbfc61f10e9274a9ba27cd3e22af

Identifiers

  • maven: org.jruby.extras:jffi:1.0.1   Confidence:High
  • cpe: cpe:/a:jruby:jruby:1.0.1   Confidence:Highest   

CVE-2010-1330  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.

Vulnerable Software & Versions: (show all)

CVE-2011-4838  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Vulnerable Software & Versions: (show all)

CVE-2012-5370  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-310 Cryptographic Issues

JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.

Vulnerable Software & Versions:

jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jnr-netdb/pom.xml

Description: Lookup TCP and UDP services from java

License:

GNU Lesser General Public License Version 3: http://www.gnu.org/licenses/lgpl-3.0.txt
File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jnr-netdb/pom.xml
MD5: 303650108f1ec73ff0561d8b3b879769
SHA1: 1cef127eec64ffe5fa5ac078e14b6fd481536436

Identifiers

  • maven: org.jruby.extras:jnr-netdb:0.4   Confidence:High


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the Node Security Platform.