Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: eXo PLF:: Wiki Macros Iframe

org.exoplatform.wiki:wiki-macros-iframe:5.3.x-SNAPSHOT

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE Coordinates Highest Severity CVE Count CPE Confidence Evidence Count
commons-lang-2.6.jar org.netbeans.external:org-apache-commons-lang:RELEASE90    0 39
xwiki-commons-text-5.4.7.jar cpe:/a:xwiki:xwiki:5.4.7 org.xwiki.commons:xwiki-commons-text:5.4.7 Low 1 Low 26
slf4j-api-1.7.18.jar org.slf4j:slf4j-api:1.7.18    0 31
javax.inject-1.jar javax.inject:javax.inject:1    0 20
validation-api-1.1.0.Final.jar javax.validation:validation-api:1.1.0.Final    0 22
commons-beanutils-1.8.3.jar cpe:/a:apache:commons_beanutils:1.8.3 commons-beanutils:commons-beanutils:1.8.3  High 1 Low 34
commons-lang3-3.2.jar org.apache.commons:commons-lang3:3.2    0 37

Dependencies

commons-lang-2.6.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Project/Scope: eXo PLF:: Wiki Macros Iframe:compile

Identifiers

xwiki-commons-text-5.4.7.jar

Description: Offers text-related APIs

License:

http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/xwiki/commons/xwiki-commons-text/5.4.7/xwiki-commons-text-5.4.7.jar
MD5: 477305b76113ea2a7838264affdd500a
SHA1: 1f79f0bd85b203195251a4f15ff808ab8d3146e8
Referenced In Project/Scope: eXo PLF:: Wiki Macros Iframe:compile

Identifiers

  • maven: org.xwiki.commons:xwiki-commons-text:5.4.7   Confidence:High
  • cpe: cpe:/a:xwiki:xwiki:5.4.7   Confidence:Low   

CVE-2018-16277  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The Image Import function in XWiki through 10.7 has XSS.

Vulnerable Software & Versions:

slf4j-api-1.7.18.jar

Description: The slf4j API

File Path: /home/ciagent/.m2/repository/org/slf4j/slf4j-api/1.7.18/slf4j-api-1.7.18.jar
MD5: 1b1d1af21206ac5ae44cd79a6c04dd92
SHA1: b631d286463ced7cc42ee2171fe3beaed2836823
Referenced In Project/Scope: eXo PLF:: Wiki Macros Iframe:compile

Identifiers

javax.inject-1.jar

Description: The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
Referenced In Project/Scope: eXo PLF:: Wiki Macros Iframe:compile

Identifiers

validation-api-1.1.0.Final.jar

Description:  Bean Validation API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
Referenced In Project/Scope: eXo PLF:: Wiki Macros Iframe:compile

Identifiers

commons-beanutils-1.8.3.jar

Description: BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar
MD5: b45be74134796c89db7126083129532f
SHA1: 686ef3410bcf4ab8ce7fd0b899e832aaba5facf7
Referenced In Project/Scope: eXo PLF:: Wiki Macros Iframe:compile

Identifiers

CVE-2014-0114  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

commons-lang3-3.2.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/commons/commons-lang3/3.2/commons-lang3-3.2.jar
MD5: 9f2013bc16457ff8dfbfbf3357060192
SHA1: 4ff27bd725ae39f616e4ecdd08c27978cef749ec
Referenced In Project/Scope: eXo PLF:: Wiki Macros Iframe:compile

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the Node Security Platform.