Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 5.2.4Report Generated On : Thu, 26 Dec 2019 00:00:03 +0900Dependencies Scanned : 61 (61 unique)Vulnerable Dependencies : 9 Vulnerabilities Found : 24Vulnerabilities Suppressed : 0... NVD CVE Checked : 2019-12-25T23:59:52NVD CVE Modified : 2019-12-25T22:02:45VersionCheckOn : 2019-12-25T23:59:52Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies spring-security-saml2-service-provider-5.3.0.BUILD-SNAPSHOT.jarFile Path: /Users/yito/spring-security-saml-login/libs/org/springframework/security/spring-security-saml2-service-provider/5.3.0.BUILD-SNAPSHOT/spring-security-saml2-service-provider-5.3.0.BUILD-SNAPSHOT.jarMD5: 72147b1c623e02c269ed236a7f417019SHA1: 74176ae5f6da5483c78f0ac8cf2023869320062cSHA256: 66655f4bbb174c5eaf65d2616e6af605f6bc993a7c3190e91372f5dc7db63870Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:runtime spring-security-saml-login:compileClasspath spring-security-saml-login:compile spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name saml2 Low Vendor jar package name saml2 Highest Vendor Manifest automatic-module-name spring.security.saml2.service.provider Medium Vendor jar package name springframework Low Vendor file name spring-security-saml2-service-provider High Vendor jar package name provider Highest Vendor jar package name security Low Vendor jar package name security Highest Vendor hint analyzer vendor pivotal software Highest Product jar package name saml2 Low Product jar package name provider Low Product jar package name saml2 Highest Product Manifest Implementation-Title spring-security-saml2-service-provider High Product Manifest automatic-module-name spring.security.saml2.service.provider Medium Product file name spring-security-saml2-service-provider High Product jar package name provider Highest Product jar package name security Low Product jar package name security Highest Version Manifest Implementation-Version 5.3.0.BUILD-SNAPSHOT High Version file version 5.3.0 Highest
Published Vulnerabilities CVE-2018-1258 suppress
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
spring-boot-starter-security-2.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-security/2.2.2.RELEASE/4644039ba9ff9e74b41d92a715d7e7640ba0e7f5/spring-boot-starter-security-2.2.2.RELEASE.jarMD5: 507e99f480548dec814fdc459b2dfe33SHA1: 4644039ba9ff9e74b41d92a715d7e7640ba0e7f5SHA256: 02e14f254d801a662d0e83490a4e38a137775b217a8350a766cede0f7f7212bcReferenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid org.springframework.boot Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest automatic-module-name spring.boot.starter.security Medium Vendor file name spring-boot-starter-security High Product gradle artifactid spring-boot-starter-security Highest Product Manifest Implementation-Title Spring Boot Security Starter High Product Manifest build-jdk-spec 1.8 Low Product Manifest automatic-module-name spring.boot.starter.security Medium Product file name spring-boot-starter-security High Version gradle version 2.2.2.RELEASE Highest Version file name spring-boot-starter-security Medium Version Manifest build-jdk-spec 1.8 Low Version Manifest Implementation-Version 2.2.2.RELEASE High Version file version 2.2.2 Highest
spring-boot-starter-web-2.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-web/2.2.2.RELEASE/3e15f18a4dafd499b900082f3cc25bb11ea91821/spring-boot-starter-web-2.2.2.RELEASE.jarMD5: f574939a264f4270037579e8228f7606SHA1: 3e15f18a4dafd499b900082f3cc25bb11ea91821SHA256: 005f7c156eb9216c2d814fe3429f89ca0307bd3a7e8c70ce2c9c456ca1279962Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid org.springframework.boot Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor file name spring-boot-starter-web High Vendor Manifest automatic-module-name spring.boot.starter.web Medium Product Manifest build-jdk-spec 1.8 Low Product file name spring-boot-starter-web High Product Manifest automatic-module-name spring.boot.starter.web Medium Product Manifest Implementation-Title Spring Boot Web Starter High Product gradle artifactid spring-boot-starter-web Highest Version gradle version 2.2.2.RELEASE Highest Version Manifest build-jdk-spec 1.8 Low Version Manifest Implementation-Version 2.2.2.RELEASE High Version file version 2.2.2 Highest Version file name spring-boot-starter-web Medium
opensaml-2.6.4.jarDescription:
The OpenSAML-J library provides tools to support developers working with the Security Assertion Markup Language
(SAML).
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.opensaml/opensaml/2.6.4/de2c742b770bd58328fd05ebd9d9efc85f79d88c/opensaml-2.6.4.jarMD5: 70e20154abc9a94e230b5679e3603e5aSHA1: de2c742b770bd58328fd05ebd9d9efc85f79d88cSHA256: b8297a0b783113a5e0113ee69683addf99194b3ff981c0c90b85dda492f30064Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor pom parent-artifactid parent-v2 Low Vendor pom name OpenSAML-J High Vendor jar package name support Highest Vendor jar package name opensaml Highest Vendor gradle groupid org.opensaml Highest Vendor pom artifactid opensaml Low Vendor jar package name assertion Highest Vendor file name opensaml High Vendor pom groupid opensaml Highest Vendor pom parent-groupid net.shibboleth Medium Vendor manifest: org/opensaml/ Implementation-Vendor www.opensaml.org Medium Vendor jar package name security Highest Vendor hint analyzer vendor shibboleth Highest Product pom parent-groupid net.shibboleth Low Product pom artifactid opensaml Highest Product pom name OpenSAML-J High Product jar package name support Highest Product jar package name xacml Highest Product jar package name version Highest Product jar package name opensaml Highest Product jar package name saml Highest Product manifest: org/opensaml/saml1/ Specification-Title Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1 Medium Product jar package name assertion Highest Product file name opensaml High Product manifest: org/opensaml/saml2/ Specification-Title Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2.0 Medium Product pom parent-artifactid parent-v2 Medium Product pom groupid opensaml Low Product manifest: org/opensaml/xacml/profile/saml/ Specification-Title SAML 2.0 Profile of XACML, Version 2 Medium Product gradle artifactid opensaml Highest Product jar package name security Highest Product manifest: org/opensaml/ Implementation-Title opensaml Medium Product hint analyzer product opensaml Highest Product manifest: org/opensaml/xacml/ Specification-Title eXtensible Access Control Markup Language (XACML) Version 2.0 Medium Product jar package name profile Highest Version gradle version 2.6.4 Highest Version pom parent-version 2.6.4 Low Version pom version 2.6.4 Highest Version file version 2.6.4 Highest Version manifest: org/opensaml/ Implementation-Version 2.6.4 Medium
Published Vulnerabilities CVE-2015-1796 (OSSINDEX) suppress
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor. CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.opensaml:opensaml:2.6.4:*:*:*:*:*:*:* spring-boot-starter-json-2.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-json/2.2.2.RELEASE/7ef93e43938abf3064cce9b7317bdb8278060437/spring-boot-starter-json-2.2.2.RELEASE.jarMD5: 38ea724b60ed821b3de68250063b70ccSHA1: 7ef93e43938abf3064cce9b7317bdb8278060437SHA256: bd393d66fe5fa969e2cc39e8f62539ab73dd6e06f1b5bec79d7f5dfd2ef260b2Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid org.springframework.boot Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest automatic-module-name spring.boot.starter.json Medium Vendor file name spring-boot-starter-json High Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Spring Boot Json Starter High Product Manifest automatic-module-name spring.boot.starter.json Medium Product gradle artifactid spring-boot-starter-json Highest Product file name spring-boot-starter-json High Version gradle version 2.2.2.RELEASE Highest Version Manifest build-jdk-spec 1.8 Low Version Manifest Implementation-Version 2.2.2.RELEASE High Version file version 2.2.2 Highest Version file name spring-boot-starter-json Medium
spring-boot-starter-validation-2.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-validation/2.2.2.RELEASE/ef3ac3571ae518f22117e8bce826970b358f3cdf/spring-boot-starter-validation-2.2.2.RELEASE.jarMD5: 29007604e0e73f74ecc893a69479c5eaSHA1: ef3ac3571ae518f22117e8bce826970b358f3cdfSHA256: cfaabe379dccb0ff3c1bd97a7046f956e6b65573c7a809295d5716a4863aa9d9Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid org.springframework.boot Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest automatic-module-name spring.boot.starter.validation Medium Vendor file name spring-boot-starter-validation High Product Manifest build-jdk-spec 1.8 Low Product gradle artifactid spring-boot-starter-validation Highest Product Manifest automatic-module-name spring.boot.starter.validation Medium Product file name spring-boot-starter-validation High Product Manifest Implementation-Title Spring Boot Validation Starter High Version gradle version 2.2.2.RELEASE Highest Version Manifest build-jdk-spec 1.8 Low Version file name spring-boot-starter-validation Medium Version Manifest Implementation-Version 2.2.2.RELEASE High Version file version 2.2.2 Highest
spring-boot-starter-2.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter/2.2.2.RELEASE/1f8bb1e33a900c95dc31011e0998b70929d05a68/spring-boot-starter-2.2.2.RELEASE.jarMD5: 2871f29bf58317e77907f49c9913b82cSHA1: 1f8bb1e33a900c95dc31011e0998b70929d05a68SHA256: 1a42d8e35c2f00b7ce751e8a6e11a059a58176c5a97ba76a11673485d7e16812Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid org.springframework.boot Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest automatic-module-name spring.boot.starter Medium Vendor file name spring-boot-starter High Product Manifest Implementation-Title Spring Boot Starter High Product Manifest build-jdk-spec 1.8 Low Product Manifest automatic-module-name spring.boot.starter Medium Product gradle artifactid spring-boot-starter Highest Product file name spring-boot-starter High Version gradle version 2.2.2.RELEASE Highest Version Manifest build-jdk-spec 1.8 Low Version Manifest Implementation-Version 2.2.2.RELEASE High Version file version 2.2.2 Highest Version file name spring-boot-starter Medium
spring-security-config-5.2.1.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-config/5.2.1.RELEASE/8f49e12035d0357b5f35e254334ea06d4585cf01/spring-security-config-5.2.1.RELEASE.jarMD5: cf21988164811c34c25c5d512d6d34e2SHA1: 8f49e12035d0357b5f35e254334ea06d4585cf01SHA256: 83478f549c82c1ba9b3aa7f042e19c43b05cce6dbc0084755003b53b79ee8be7Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name config Highest Vendor jar package name config Low Vendor Manifest automatic-module-name spring.security.config Medium Vendor jar package name springframework Low Vendor jar package name security Low Vendor gradle groupid org.springframework.security Highest Vendor jar package name security Highest Vendor file name spring-security-config High Vendor hint analyzer vendor pivotal software Highest Product jar package name config Highest Product jar package name annotation Low Product jar package name config Low Product Manifest automatic-module-name spring.security.config Medium Product jar package name security Low Product Manifest Implementation-Title spring-security-config High Product jar package name security Highest Product gradle artifactid spring-security-config Highest Product file name spring-security-config High Version file name spring-security-config Medium Version Manifest Implementation-Version 5.2.1.RELEASE High Version file version 5.2.1 Highest Version gradle version 5.2.1.RELEASE Highest
Published Vulnerabilities CVE-2018-1258 suppress
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
spring-security-web-5.2.1.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-web/5.2.1.RELEASE/9e43c2d8d2dffc60bfba8ac95a106d30e9593106/spring-security-web-5.2.1.RELEASE.jarMD5: f771efbaf1e50b4def5f3e019df021beSHA1: 9e43c2d8d2dffc60bfba8ac95a106d30e9593106SHA256: 816e4fa4dce2e782b1e5eee5fd6d8ae75290ca92b894b5c504bda25a111a26b9Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name spring.security.web Medium Vendor jar package name web Highest Vendor jar package name springframework Low Vendor file name spring-security-web High Vendor jar package name security Low Vendor gradle groupid org.springframework.security Highest Vendor jar package name security Highest Vendor hint analyzer vendor pivotal software Highest Vendor jar package name web Low Product gradle artifactid spring-security-web Highest Product Manifest automatic-module-name spring.security.web Medium Product Manifest Implementation-Title spring-security-web High Product jar package name web Highest Product file name spring-security-web High Product jar package name security Low Product jar package name security Highest Product jar package name web Low Version Manifest Implementation-Version 5.2.1.RELEASE High Version file name spring-security-web Medium Version file version 5.2.1 Highest Version gradle version 5.2.1.RELEASE Highest
Published Vulnerabilities CVE-2018-1258 suppress
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
spring-webmvc-5.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-webmvc/5.2.2.RELEASE/a0e9e88a296c09850f92318872f4dee9f62c8c13/spring-webmvc-5.2.2.RELEASE.jarMD5: ac88114f687d16d181769ad5d1a49ff0SHA1: a0e9e88a296c09850f92318872f4dee9f62c8c13SHA256: e3da078986c603697551349f84c062c0322d7a564a2f4cddf8fcf324ebbd6a08Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name spring.webmvc Medium Vendor jar package name servlet Low Vendor gradle groupid org.springframework Highest Vendor jar package name springframework Low Vendor file name spring-webmvc High Vendor hint analyzer vendor pivotal software Highest Vendor jar package name web Low Product gradle artifactid spring-webmvc Highest Product Manifest automatic-module-name spring.webmvc Medium Product jar package name servlet Low Product Manifest Implementation-Title spring-webmvc High Product file name spring-webmvc High Product jar package name web Low Version Manifest Implementation-Version 5.2.2.RELEASE High Version file name spring-webmvc Medium Version gradle version 5.2.2.RELEASE Highest Version file version 5.2.2 Highest
spring-security-core-5.2.1.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-core/5.2.1.RELEASE/f1265ecdd4636a2038768c2ab9da4b79961a3465/spring-security-core-5.2.1.RELEASE.jarMD5: 8dad6a85f53ab899d210ed36994528deSHA1: f1265ecdd4636a2038768c2ab9da4b79961a3465SHA256: 97e138c645df205b15e044a2e7fe6ebad0b5ce5ff9d9d4aacc689bd1ce828c77Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name springframework Low Vendor file name spring-security-core High Vendor Manifest automatic-module-name spring.security.core Medium Vendor jar package name security Low Vendor gradle groupid org.springframework.security Highest Vendor jar package name security Highest Vendor jar package name core Highest Vendor hint analyzer vendor pivotal software Highest Product Manifest Implementation-Title spring-security-core High Product file name spring-security-core High Product Manifest automatic-module-name spring.security.core Medium Product jar package name security Low Product jar package name security Highest Product gradle artifactid spring-security-core Highest Product jar package name core Highest Version Manifest Implementation-Version 5.2.1.RELEASE High Version file version 5.2.1 Highest Version gradle version 5.2.1.RELEASE Highest Version file name spring-security-core Medium
Published Vulnerabilities CVE-2018-1258 suppress
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
spring-boot-autoconfigure-2.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-autoconfigure/2.2.2.RELEASE/2e7876e237097d36bfffd5ce3416930f6d6b579c/spring-boot-autoconfigure-2.2.2.RELEASE.jarMD5: dd29905d16e949abb5c2218249f7664fSHA1: 2e7876e237097d36bfffd5ce3416930f6d6b579cSHA256: 4a7c5e6a0c58f329aeedda17f2c2b6b750d9c77c3300b03d807f750818f7a2c5Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor file name spring-boot-autoconfigure High Vendor Manifest automatic-module-name spring.boot.autoconfigure Medium Vendor gradle groupid org.springframework.boot Highest Vendor jar package name boot Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor jar package name autoconfigure Low Vendor jar package name springframework Low Vendor jar package name boot Low Vendor jar package name autoconfigure Highest Product file name spring-boot-autoconfigure High Product Manifest automatic-module-name spring.boot.autoconfigure Medium Product Manifest Implementation-Title Spring Boot AutoConfigure High Product gradle artifactid spring-boot-autoconfigure Highest Product jar package name boot Highest Product Manifest build-jdk-spec 1.8 Low Product jar package name autoconfigure Low Product jar package name boot Low Product jar package name autoconfigure Highest Version gradle version 2.2.2.RELEASE Highest Version file name spring-boot-autoconfigure Medium Version Manifest build-jdk-spec 1.8 Low Version Manifest Implementation-Version 2.2.2.RELEASE High Version file version 2.2.2 Highest
spring-boot-2.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot/2.2.2.RELEASE/cc636f24a5ebbfb21f1c8c30ed9c3b13512c16ec/spring-boot-2.2.2.RELEASE.jarMD5: 92d78e26ff34c5b508f82fda173e3b17SHA1: cc636f24a5ebbfb21f1c8c30ed9c3b13512c16ecSHA256: 17c61775a96aa2e3b0e9da79ee194f60828c45678f161a68e32e8b60e2d7009aReferenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid org.springframework.boot Highest Vendor Manifest automatic-module-name spring.boot Medium Vendor jar package name boot Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor file name spring-boot High Vendor jar package name springframework Low Vendor jar package name boot Low Product gradle artifactid spring-boot Highest Product jar package name boot Highest Product Manifest automatic-module-name spring.boot Medium Product Manifest build-jdk-spec 1.8 Low Product file name spring-boot High Product jar package name boot Low Product Manifest Implementation-Title Spring Boot High Version file name spring-boot Medium Version gradle version 2.2.2.RELEASE Highest Version Manifest build-jdk-spec 1.8 Low Version Manifest Implementation-Version 2.2.2.RELEASE High Version file version 2.2.2 Highest
spring-context-5.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-context/5.2.2.RELEASE/a77a18fa425eba9c55447fa0711e2dbfbf71907b/spring-context-5.2.2.RELEASE.jarMD5: 6e8cd67b25cd9796d4b193cbddf24261SHA1: a77a18fa425eba9c55447fa0711e2dbfbf71907bSHA256: bb9ed510c61e44b4d39b4e27eb6dfa1737914ee10e4d915a9d757114dbd01fd0Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name spring.context Medium Vendor jar package name context Highest Vendor gradle groupid org.springframework Highest Vendor file name spring-context High Vendor jar package name springframework Low Vendor hint analyzer vendor pivotal software Highest Product Manifest automatic-module-name spring.context Medium Product gradle artifactid spring-context Highest Product Manifest Implementation-Title spring-context High Product jar package name context Highest Product file name spring-context High Version Manifest Implementation-Version 5.2.2.RELEASE High Version file name spring-context Medium Version gradle version 5.2.2.RELEASE Highest Version file version 5.2.2 Highest
spring-aop-5.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-aop/5.2.2.RELEASE/899739cf7f338f6297aa9eb25ea8b16338fe4e6d/spring-aop-5.2.2.RELEASE.jarMD5: 312eecf5bee066739670e2648e5d3cd9SHA1: 899739cf7f338f6297aa9eb25ea8b16338fe4e6dSHA256: fdd91ca946d7e8afd33edbdab99fe04cb5a62988fc6d95d60fdf1444b48b9c21Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name spring.aop Medium Vendor jar package name aop Highest Vendor file name spring-aop High Vendor jar package name aop Low Vendor gradle groupid org.springframework Highest Vendor jar package name springframework Low Vendor hint analyzer vendor pivotal software Highest Product jar package name aop Highest Product Manifest automatic-module-name spring.aop Medium Product file name spring-aop High Product Manifest Implementation-Title spring-aop High Product jar package name aop Low Product gradle artifactid spring-aop Highest Version Manifest Implementation-Version 5.2.2.RELEASE High Version file name spring-aop Medium Version gradle version 5.2.2.RELEASE Highest Version file version 5.2.2 Highest
spring-boot-starter-tomcat-2.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-tomcat/2.2.2.RELEASE/cd343e40e4de11f78d6d70f3f35f4ca93ea9de9f/spring-boot-starter-tomcat-2.2.2.RELEASE.jarMD5: d30abc7e924870caef0262b07ac62228SHA1: cd343e40e4de11f78d6d70f3f35f4ca93ea9de9fSHA256: 6d87066a8dae2a8d48efd7a781843bb0e53ac010ff113bbdfaac2df9d771a086Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid org.springframework.boot Highest Vendor Manifest automatic-module-name spring.boot.starter.tomcat Medium Vendor file name spring-boot-starter-tomcat High Vendor Manifest build-jdk-spec 1.8 Low Product Manifest automatic-module-name spring.boot.starter.tomcat Medium Product file name spring-boot-starter-tomcat High Product Manifest Implementation-Title Spring Boot Tomcat Starter High Product gradle artifactid spring-boot-starter-tomcat Highest Product Manifest build-jdk-spec 1.8 Low Version gradle version 2.2.2.RELEASE Highest Version Manifest build-jdk-spec 1.8 Low Version file name spring-boot-starter-tomcat Medium Version Manifest Implementation-Version 2.2.2.RELEASE High Version file version 2.2.2 Highest
spring-web-5.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/5.2.2.RELEASE/d9b0a8079b7d604f134e3054127a7aeba65949a5/spring-web-5.2.2.RELEASE.jarMD5: 8c1caecd2cd2a8e8c116f44d862e1daaSHA1: d9b0a8079b7d604f134e3054127a7aeba65949a5SHA256: b99203146edecf0c28d0c930f91526e1237cd4048ad5022cabaeab5ac4e4bb83Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid org.springframework Highest Vendor jar package name web Highest Vendor jar package name springframework Low Vendor Manifest automatic-module-name spring.web Medium Vendor hint analyzer vendor pivotal software Highest Vendor file name spring-web High Vendor jar package name web Low Product jar package name web Highest Product Manifest automatic-module-name spring.web Medium Product Manifest Implementation-Title spring-web High Product gradle artifactid spring-web Highest Product file name spring-web High Product jar package name web Low Version Manifest Implementation-Version 5.2.2.RELEASE High Version gradle version 5.2.2.RELEASE Highest Version file version 5.2.2 Highest Version file name spring-web Medium
openws-1.5.4.jarDescription:
The OpenWS library provides a growing set of tools to work with web services at a low level. These tools include
classes for creating and reading SOAP messages, transport-independent clients for connecting to web services,
and various transports for use with those clients.
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.opensaml/openws/1.5.4/942bd987e5956fcdf1eaa56cde87112ea871d0e8/openws-1.5.4.jarMD5: 5b5f0fbe27277f2d119d4c4feab48a12SHA1: 942bd987e5956fcdf1eaa56cde87112ea871d0e8SHA256: 6bb7ed759c3c5318ee44cfe1cf483a91e31688df78b9501fcebd05dca559df76Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor pom parent-artifactid parent-v2 Low Vendor pom groupid opensaml Highest Vendor jar package name transport Highest Vendor pom parent-groupid net.shibboleth Medium Vendor manifest: org/opensaml/ws/ Implementation-Vendor www.opensaml.org Medium Vendor pom artifactid openws Low Vendor pom name OpenWS High Vendor jar package name soap Highest Vendor file name openws High Vendor jar package name opensaml Highest Vendor gradle groupid org.opensaml Highest Product manifest: org/opensaml/ws/wstrust/ Specification-Title WS-Trust Medium Product manifest: org/opensaml/ws/wspolicy/ Specification-Title WS-Policy Medium Product jar package name transport Highest Product pom parent-groupid net.shibboleth Low Product file name openws High Product manifest: org/opensaml/ws/ Implementation-Title openws Medium Product jar package name opensaml Highest Product manifest: org/opensaml/ws/wssecurity/ Specification-Title WS-Security Medium Product manifest: org/opensaml/ws/wsfed/ Specification-Title WS-Federation Medium Product jar package name ws Highest Product manifest: org/opensaml/ws/wsaddressing/ Specification-Title WS-Addressing Medium Product manifest: org/opensaml/ws/soap/soap11/ Specification-Title Simple Object Access Protocol (SOAP) 1.1 Medium Product pom parent-artifactid parent-v2 Medium Product pom groupid opensaml Low Product pom artifactid openws Highest Product jar package name security Highest Product jar package name soap Highest Product pom name OpenWS High Product gradle artifactid openws Highest Product jar package name policy Highest Version pom parent-version 1.5.4 Low Version manifest: org/opensaml/ws/ Implementation-Version 1.5.4 Medium Version gradle version 1.5.4 Highest Version file version 1.5.4 Highest Version pom version 1.5.4 Highest
xmltooling-1.4.4.jarDescription:
XMLTooling-J is a low-level library that may be used to construct libraries that allow developers to work with XML in a Java beans manner. File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.opensaml/xmltooling/1.4.4/8cf44998d4b9cca5f9eeb47cc95d95cea9f86714/xmltooling-1.4.4.jarMD5: 03e3929084aabe1b2a91a191a6932a57SHA1: 8cf44998d4b9cca5f9eeb47cc95d95cea9f86714SHA256: b2fb3f2b0c0c62b3aae6d83ccc127b972a0fd64b494fb435fdb4bbbaf329ddbdReferenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor file name xmltooling High Vendor pom parent-artifactid parent-v2 Low Vendor jar package name j Highest Vendor pom groupid opensaml Highest Vendor pom parent-groupid net.shibboleth Medium Vendor pom artifactid xmltooling Low Vendor manifest: org/opensaml/xml/ Implementation-Vendor www.opensaml.org Medium Vendor pom name XMLTooling-J High Vendor jar package name opensaml Highest Vendor gradle groupid org.opensaml Highest Product file name xmltooling High Product jar package name xml Highest Product jar package name signature Highest Product pom parent-groupid net.shibboleth Low Product manifest: org/opensaml/xml/signature/ Specification-Title XML Signature Syntax and Processing Medium Product manifest: org/opensaml/xml/ Implementation-Title xmltooling Medium Product manifest: org/opensaml/xml/encryption/ Specification-Title XML Encryption Syntax and Processing Medium Product pom name XMLTooling-J High Product jar package name opensaml Highest Product jar package name j Highest Product gradle artifactid xmltooling Highest Product pom parent-artifactid parent-v2 Medium Product pom groupid opensaml Low Product pom artifactid xmltooling Highest Product jar package name encryption Highest Version pom version 1.4.4 Highest Version pom parent-version 1.4.4 Low Version gradle version 1.4.4 Highest Version file version 1.4.4 Highest Version manifest: org/opensaml/xml/ Implementation-Version 1.4.4 Medium
not-yet-commons-ssl-0.3.9.jarDescription:
A Java SSL component library License:
Apache License v2: http://juliusdavies.ca/commons-ssl/LICENSE.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/ca.juliusdavies/not-yet-commons-ssl/0.3.9/e20f0960c000681c91d00de846a43cf2051b8f69/not-yet-commons-ssl-0.3.9.jar
MD5: 478a6177330a0098435828a8409f49c1
SHA1: e20f0960c000681c91d00de846a43cf2051b8f69
SHA256: 198100753dbc631c97a8e86422c12630a0c3d89d06b33313a3c2550af651c174
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name commons Highest Vendor file name not-yet-commons-ssl High Vendor jar package name ssl Low Vendor jar package name commons Low Vendor jar package name apache Low Vendor pom url http://juliusdavies.ca/commons-ssl Highest Vendor hint analyzer vendor not_yet_commons_ssl_project Highest Vendor gradle groupid ca.juliusdavies Highest Vendor pom artifactid not-yet-commons-ssl Low Vendor jar package name ssl Highest Vendor pom groupid ca.juliusdavies Highest Vendor pom name Not Yet Commons SSL High Product pom artifactid not-yet-commons-ssl Highest Product jar package name commons Highest Product jar package name asn1 Low Product file name not-yet-commons-ssl High Product jar package name ssl Low Product jar package name commons Low Product hint analyzer product not_yet_commons_ssl Highest Product jar package name ssl Highest Product pom url http://juliusdavies.ca/commons-ssl Medium Product gradle artifactid not-yet-commons-ssl Highest Product pom groupid ca.juliusdavies Low Product pom name Not Yet Commons SSL High Version file version 0.3.9 Highest Version gradle version 0.3.9 Highest Version pom version 0.3.9 Highest
Published Vulnerabilities CVE-2014-3604 suppress
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions:
commons-httpclient-3.1.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/commons-httpclient/commons-httpclient/3.1/964cd74171f427720480efdec40a7c7f6e58426a/commons-httpclient-3.1.jarMD5: 8ad8c9229ef2d59ab9f59f7050e846a5SHA1: 964cd74171f427720480efdec40a7c7f6e58426aSHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name apache Low Vendor jar package name httpclient Low Vendor gradle groupid commons-httpclient Highest Vendor jar package name apache Highest Vendor file name commons-httpclient High Vendor manifest: org/apache/commons/httpclient Implementation-Vendor Apache Software Foundation Medium Vendor jar package name commons Low Product jar package name commons Highest Product jar package name httpclient Low Product jar package name httpclient Highest Product gradle artifactid commons-httpclient Highest Product jar package name apache Highest Product file name commons-httpclient High Product manifest: org/apache/commons/httpclient Specification-Title Jakarta Commons HttpClient Medium Product manifest: org/apache/commons/httpclient Implementation-Title org.apache.commons.httpclient Medium Product jar package name commons Low Version gradle version 3.1 Highest Version file name commons-httpclient Medium Version Manifest maven-version 1.1 Medium Version file version 3.1 Highest Version manifest: org/apache/commons/httpclient Implementation-Version 3.1 Medium
commons-codec-1.13.jarDescription:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/commons-codec/commons-codec/1.13/3f18e1aa31031d89db6f01ba05d501258ce69d2c/commons-codec-1.13.jar
MD5: 5085f186156822fa3a02e55bcd5584a8
SHA1: 3f18e1aa31031d89db6f01ba05d501258ce69d2c
SHA256: 61f7a3079e92b9fdd605238d0295af5fd11ac411a0a0af48deace1f6c5ffa072
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name commons Highest Vendor Manifest implementation-url https://commons.apache.org/proper/commons-codec/ Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom groupid commons-codec Highest Vendor jar package name apache Highest Vendor pom artifactid commons-codec Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name codec Highest Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor-Id commons-codec Medium Vendor pom url https://commons.apache.org/proper/commons-codec/ Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor gradle groupid commons-codec Highest Vendor pom parent-artifactid commons-parent Low Vendor Manifest automatic-module-name org.apache.commons.codec Medium Vendor file name commons-codec High Vendor jar package name encoder Highest Vendor Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Vendor pom name Apache Commons Codec High Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Product gradle artifactid commons-codec Highest Product jar package name commons Highest Product Manifest Bundle-Name Apache Commons Codec Medium Product Manifest implementation-url https://commons.apache.org/proper/commons-codec/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product jar package name apache Highest Product Manifest specification-title Apache Commons Codec Medium Product pom parent-artifactid commons-parent Medium Product jar package name codec Highest Product Manifest Implementation-Title Apache Commons Codec High Product pom url https://commons.apache.org/proper/commons-codec/ Medium Product pom groupid commons-codec Low Product pom artifactid commons-codec Highest Product Manifest automatic-module-name org.apache.commons.codec Medium Product file name commons-codec High Product pom parent-groupid org.apache.commons Low Product jar package name encoder Highest Product Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Product pom name Apache Commons Codec High Product Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Version gradle version 1.13 Highest Version pom parent-version 1.13 Low Version pom version 1.13 Highest Version file version 1.13 Highest Version Manifest Implementation-Version 1.13 High
velocity-1.7.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.apache.velocity/velocity/1.7/2ceb567b8f3f21118ecdec129fe1271dbc09aa7a/velocity-1.7.jarMD5: 3692dd72f8367cb35fb6280dc2916725SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7aSHA256: ec92dae810034f4b46dbb16ef4364a4013b0efb24a8c5dd67435cae46a290d8eReferenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest extension-name velocity Medium Vendor jar package name velocity Low Vendor jar package name apache Highest Vendor jar package name velocity Highest Vendor jar package name apache Low Vendor jar package name runtime Low Vendor Manifest bundle-symbolicname org.apache.velocity Medium Vendor file name velocity High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor Apache Software Foundation Low Vendor gradle groupid org.apache.velocity Highest Product Manifest extension-name velocity Medium Product gradle artifactid velocity Highest Product jar package name velocity Low Product jar package name apache Highest Product jar package name template Highest Product Manifest Bundle-Name Apache Velocity Medium Product jar package name velocity Highest Product jar package name runtime Low Product Manifest Implementation-Title org.apache.velocity High Product Manifest specification-title Velocity is a Java-based template engine Medium Product Manifest bundle-symbolicname org.apache.velocity Medium Product file name velocity High Version file version 1.7 Highest Version Manifest Implementation-Version 1.7 High
commons-collections-3.2.1.jarDescription:
Types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/commons-collections/commons-collections/3.2.1/761ea405b9b37ced573d2df0d1e3a4e0f9edc668/commons-collections-3.2.1.jar
MD5: 13bc641afd7fd95e09b260f69c1e4c91
SHA1: 761ea405b9b37ced573d2df0d1e3a4e0f9edc668
SHA256: 87363a4c94eaabeefd8b930cb059f66b64c9f7d632862f23de3012da7660047b
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name commons Highest Vendor gradle groupid commons-collections Highest Vendor Manifest bundle-symbolicname org.apache.commons.collections Medium Vendor file name commons-collections High Vendor jar package name apache Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name collections Highest Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest bundle-docurl http://commons.apache.org/collections/ Low Vendor pom groupid commons-collections Highest Vendor pom artifactid commons-collections Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/collections/ Highest Vendor pom name Commons Collections High Vendor Manifest Implementation-Vendor-Id org.apache Medium Product jar package name commons Highest Product pom groupid commons-collections Low Product pom artifactid commons-collections Highest Product Manifest bundle-symbolicname org.apache.commons.collections Medium Product file name commons-collections High Product Manifest Bundle-Name Commons Collections Medium Product jar package name apache Highest Product Manifest Implementation-Title Commons Collections High Product pom parent-artifactid commons-parent Medium Product jar package name collections Highest Product Manifest bundle-docurl http://commons.apache.org/collections/ Low Product pom url http://commons.apache.org/collections/ Medium Product gradle artifactid commons-collections Highest Product pom parent-groupid org.apache.commons Low Product pom name Commons Collections High Product Manifest specification-title Commons Collections Medium Version pom version 3.2.1 Highest Version pom parent-version 3.2.1 Low Version gradle version 3.2.1 Highest Version file version 3.2.1 Highest Version Manifest Bundle-Version 3.2.1 High Version Manifest Implementation-Version 3.2.1 High
Published Vulnerabilities CVE-2015-6420 suppress
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2017-15708 suppress
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version. CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
Remote code execution (OSSINDEX) suppress
> It was found that a flaw in commons-collection library allowed remote code execution wherever deserialization occurs. While JBoss doesnt expose the JMXInvokerServlet by default, other interfaces where deserialization occur might be vulnerable.
>
> -- [redhat.com](https://bugzilla.redhat.com/show_bug.cgi?id=1279330) Unscored:
References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:commons-collections:commons-collections:3.2.1:*:*:*:*:*:*:* commons-lang-2.6.jarDescription:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/commons-lang/commons-lang/2.6/ce1edb914c94ebc388f086c6827e8bdeec71ac2/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256: 50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/lang/ Low Vendor pom artifactid commons-lang Low Vendor pom groupid commons-lang Highest Vendor Manifest bundle-symbolicname org.apache.commons.lang Medium Vendor pom url http://commons.apache.org/lang/ Highest Vendor jar package name apache Highest Vendor file name commons-lang High Vendor gradle groupid commons-lang Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name lang Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-artifactid commons-parent Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom name Commons Lang High Product jar package name commons Highest Product Manifest bundle-docurl http://commons.apache.org/lang/ Low Product Manifest bundle-symbolicname org.apache.commons.lang Medium Product Manifest specification-title Commons Lang Medium Product jar package name apache Highest Product file name commons-lang High Product Manifest Implementation-Title Commons Lang High Product pom parent-artifactid commons-parent Medium Product pom groupid commons-lang Low Product pom url http://commons.apache.org/lang/ Medium Product jar package name lang Highest Product pom artifactid commons-lang Highest Product pom parent-groupid org.apache.commons Low Product Manifest Bundle-Name Commons Lang Medium Product pom name Commons Lang High Product gradle artifactid commons-lang Highest Version Manifest Implementation-Version 2.6 High Version Manifest Bundle-Version 2.6 High Version file version 2.6 Highest Version pom version 2.6 Highest Version gradle version 2.6 Highest Version pom parent-version 2.6 Low
esapi-2.0.1.jarDescription:
The Enterprise Security API (ESAPI) project is an OWASP project
to create simple strong security controls for every web platform.
Security controls are not simple to build. You can read about the
hundreds of pitfalls for unwary developers on the OWASP website. By
providing developers with a set of strong controls, we aim to
eliminate some of the complexity of creating secure web applications.
This can result in significant cost savings across the SDLC.
License:
BSD: http://www.opensource.org/licenses/bsd-license.php
Creative Commons 3.0 BY-SA: http://creativecommons.org/licenses/by-sa/3.0/ File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.owasp.esapi/esapi/2.0.1/2ea3b87c948dbc0c77a17fe24fda961ecc38c6f2/esapi-2.0.1.jar
MD5: 90c61b27a98c1e0940381b47efe93852
SHA1: 2ea3b87c948dbc0c77a17fe24fda961ecc38c6f2
SHA256: 337ce7afc69ebed3851ba512060615e77ad488252cab210803b1e129da506302
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid org.owasp.esapi Highest Vendor pom organization name The Open Web Application Security Project (OWASP) High Vendor jar package name esapi Highest Vendor pom groupid owasp.esapi Highest Vendor Manifest Implementation-Vendor The Open Web Application Security Project (OWASP) High Vendor Manifest Implementation-Vendor-Id org.owasp.esapi Medium Vendor file name esapi High Vendor pom url http://www.esapi.org/ Highest Vendor pom name ESAPI High Vendor jar package name owasp Highest Vendor Manifest specification-vendor The Open Web Application Security Project (OWASP) Low Vendor pom artifactid esapi Low Vendor pom organization url http://www.owasp.org/index.php Medium Product pom organization name The Open Web Application Security Project (OWASP) Low Product jar package name esapi Highest Product Manifest Implementation-Title ESAPI High Product pom url http://www.esapi.org/ Medium Product file name esapi High Product pom organization url http://www.owasp.org/index.php Low Product pom groupid owasp.esapi Low Product pom name ESAPI High Product Manifest specification-title ESAPI Medium Product jar package name owasp Highest Product gradle artifactid esapi Highest Product pom artifactid esapi Highest Version file version 2.0.1 Highest Version Manifest Implementation-Version 2.0.1 High Version gradle version 2.0.1 Highest Version pom version 2.0.1 Highest
Published Vulnerabilities CVE-2013-5679 (OSSINDEX) suppress
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length. CVSSv2:
Base Score: LOW (2.6) Vector: /AV:L/AC:H/Au:N/C:P/I:P/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.owasp.esapi:esapi:2.0.1:*:*:*:*:*:*:* CVE-2013-5960 (OSSINDEX) suppress
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679. CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.owasp.esapi:esapi:2.0.1:*:*:*:*:*:*:* joda-time-2.10.5.jarDescription:
Date and time library to replace JDK date handling License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/joda-time/joda-time/2.10.5/7f1d89817cd20a32444d5ab4160f035ab9b864e7/joda-time-2.10.5.jar
MD5: a64a54718846cf874324c0967f74e57e
SHA1: 7f1d89817cd20a32444d5ab4160f035ab9b864e7
SHA256: 4ee73e7ff8e2df0d4e3408cf1a1527a59f265dd9fb43fb9b2eb818d87f93759e
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name time Highest Vendor jar package name joda Highest Vendor Manifest Implementation-Vendor Joda.org High Vendor pom name Joda-Time High Vendor gradle groupid joda-time Highest Vendor pom organization url https://www.joda.org Medium Vendor file name joda-time High Vendor Manifest Implementation-Vendor-Id org.joda Medium Vendor Manifest bundle-docurl https://www.joda.org/joda-time/ Low Vendor Manifest extension-name joda-time Medium Vendor Manifest automatic-module-name org.joda.time Medium Vendor pom organization name Joda.org High Vendor Manifest implementation-url https://www.joda.org/joda-time/ Low Vendor Manifest specification-vendor Joda.org Low Vendor pom groupid joda-time Highest Vendor pom artifactid joda-time Low Vendor Manifest bundle-symbolicname joda-time Medium Vendor pom url https://www.joda.org/joda-time/ Highest Product Manifest Implementation-Title org.joda.time High Product pom artifactid joda-time Highest Product jar package name time Highest Product pom url https://www.joda.org/joda-time/ Medium Product jar package name joda Highest Product Manifest Bundle-Name Joda-Time Medium Product pom groupid joda-time Low Product pom name Joda-Time High Product pom organization name Joda.org Low Product file name joda-time High Product Manifest bundle-docurl https://www.joda.org/joda-time/ Low Product Manifest extension-name joda-time Medium Product Manifest automatic-module-name org.joda.time Medium Product Manifest implementation-url https://www.joda.org/joda-time/ Low Product pom organization url https://www.joda.org Low Product Manifest specification-title Joda-Time Medium Product gradle artifactid joda-time Highest Product Manifest bundle-symbolicname joda-time Medium Version pom version 2.10.5 Highest Version file version 2.10.5 Highest Version gradle version 2.10.5 Highest Version Manifest Bundle-Version 2.10.5 High Version Manifest Implementation-Version 2.10.5 High
xmlsec-1.5.7.jarDescription:
Apache XML Security for Java supports XML-Signature Syntax and Processing,
W3C Recommendation 12 February 2002, and XML Encryption Syntax and
Processing, W3C Recommendation 10 December 2002. As of version 1.4,
the library supports the standard Java API JSR-105: XML Digital Signature APIs.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.apache.santuario/xmlsec/1.5.7/89f0e0cd84243a9e48253dcbf8a360e5bdba2de/xmlsec-1.5.7.jar
MD5: 6581ee28bca500739d14eb8119ff3a40
SHA1: 089f0e0cd84243a9e48253dcbf8a360e5bdba2de
SHA256: 392617e40d961d3910a924d7d4ee893912e860a4d55e8f2b0e18cd4cc60b243f
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor jar package name xml Highest Vendor pom parent-artifactid apache Low Vendor jar package name apache Highest Vendor pom url http://santuario.apache.org/ Highest Vendor jar package name signature Highest Vendor Manifest Implementation-Vendor-Id org.apache.santuario Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Apache XML Security for Java High Vendor pom artifactid xmlsec Low Vendor Manifest bundle-symbolicname org.apache.santuario.xmlsec Medium Vendor pom parent-groupid org.apache Medium Vendor pom groupid apache.santuario Highest Vendor gradle groupid org.apache.santuario Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom organization name The Apache Software Foundation High Vendor pom organization url http://www.apache.org/ Medium Vendor jar package name security Highest Vendor jar package name encryption Highest Vendor file name xmlsec High Product jar package name xml Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product pom groupid apache.santuario Low Product jar package name apache Highest Product jar package name signature Highest Product Manifest Implementation-Title Apache XML Security for Java High Product pom name Apache XML Security for Java High Product Manifest bundle-symbolicname org.apache.santuario.xmlsec Medium Product gradle artifactid xmlsec Highest Product Manifest Bundle-Name Apache XML Security for Java Medium Product pom organization url http://www.apache.org/ Low Product pom artifactid xmlsec Highest Product pom parent-groupid org.apache Low Product pom organization name The Apache Software Foundation Low Product Manifest specification-title Apache XML Security for Java Medium Product jar package name security Highest Product pom url http://santuario.apache.org/ Medium Product jar package name encryption Highest Product file name xmlsec High Product pom parent-artifactid apache Medium Version file version 1.5.7 Highest Version pom version 1.5.7 Highest Version pom parent-version 1.5.7 Low Version gradle version 1.5.7 Highest Version Manifest Bundle-Version 1.5.7 High Version Manifest Implementation-Version 1.5.7 High
spring-boot-starter-logging-2.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-logging/2.2.2.RELEASE/dd6b1771f1b3288b332cd41705aadcb2aebda221/spring-boot-starter-logging-2.2.2.RELEASE.jarMD5: 29bc9ee23dd7ce947c40dc8887f72369SHA1: dd6b1771f1b3288b332cd41705aadcb2aebda221SHA256: 0735cdc388c6cad4e19596f9b110addf87c75fe908115fc12566c0df53dd69cdReferenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid org.springframework.boot Highest Vendor file name spring-boot-starter-logging High Vendor Manifest automatic-module-name spring.boot.starter.logging Medium Vendor Manifest build-jdk-spec 1.8 Low Product file name spring-boot-starter-logging High Product Manifest automatic-module-name spring.boot.starter.logging Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Spring Boot Logging Starter High Product gradle artifactid spring-boot-starter-logging Highest Version gradle version 2.2.2.RELEASE Highest Version Manifest build-jdk-spec 1.8 Low Version Manifest Implementation-Version 2.2.2.RELEASE High Version file version 2.2.2 Highest Version file name spring-boot-starter-logging Medium
jakarta.annotation-api-1.3.5.jarDescription:
Jakarta Annotations API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/jakarta.annotation/jakarta.annotation-api/1.3.5/59eb84ee0d616332ff44aba065f3888cf002cd2d/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256: 85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor pom artifactid jakarta.annotation-api Low Vendor Manifest automatic-module-name java.annotation Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.ca Highest Vendor pom name Jakarta Annotations API High Vendor gradle groupid jakarta.annotation Highest Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest bundle-symbolicname jakarta.annotation-api Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor jar package name annotation Highest Vendor Manifest extension-name jakarta.annotation Medium Vendor pom groupid jakarta.annotation Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor file name jakarta.annotation-api High Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor pom parent-artifactid ca-parent Low Product gradle artifactid jakarta.annotation-api Highest Product Manifest automatic-module-name java.annotation Medium Product pom url https://projects.eclipse.org/projects/ee4j.ca Medium Product pom name Jakarta Annotations API High Product pom groupid jakarta.annotation Low Product Manifest bundle-symbolicname jakarta.annotation-api Medium Product pom parent-artifactid ca-parent Medium Product jar package name annotation Highest Product Manifest extension-name jakarta.annotation Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product file name jakarta.annotation-api High Product Manifest bundle-docurl https://www.eclipse.org Low Product pom artifactid jakarta.annotation-api Highest Product Manifest Bundle-Name Jakarta Annotations API Medium Version file version 1.3.5 Highest Version pom version 1.3.5 Highest Version Manifest Bundle-Version 1.3.5 High Version gradle version 1.3.5 Highest Version Manifest Implementation-Version 1.3.5 High
spring-beans-5.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-beans/5.2.2.RELEASE/81e4d9cc2e8fac88ab4eb7325c4521bd07c6389c/spring-beans-5.2.2.RELEASE.jarMD5: a9d90d08943a10cb063ca121b228b3c4SHA1: 81e4d9cc2e8fac88ab4eb7325c4521bd07c6389cSHA256: 58f16fa6718d9e2a456036b681b68dc38802c0da6c90feaf1e63a160b3b74cacReferenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor file name spring-beans High Vendor Manifest automatic-module-name spring.beans Medium Vendor jar package name beans Highest Vendor gradle groupid org.springframework Highest Vendor jar package name beans Low Vendor jar package name springframework Low Vendor jar package name factory Low Vendor hint analyzer vendor pivotal software Highest Product file name spring-beans High Product Manifest automatic-module-name spring.beans Medium Product gradle artifactid spring-beans Highest Product jar package name beans Highest Product Manifest Implementation-Title spring-beans High Product jar package name beans Low Product jar package name factory Low Version Manifest Implementation-Version 5.2.2.RELEASE High Version file name spring-beans Medium Version gradle version 5.2.2.RELEASE Highest Version file version 5.2.2 Highest
spring-expression-5.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-expression/5.2.2.RELEASE/eb93bc4d4eb8e0bee60ea910e0fd615869336643/spring-expression-5.2.2.RELEASE.jarMD5: 2beb78ccde56444dd683d7ddeb23a949SHA1: eb93bc4d4eb8e0bee60ea910e0fd615869336643SHA256: 8e7c7de72ca95ee5c4adeb5d07f37f20e5607e2ef606c34a244ea8f94f5bbe33Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name expression Highest Vendor file name spring-expression High Vendor jar package name spel Low Vendor Manifest automatic-module-name spring.expression Medium Vendor gradle groupid org.springframework Highest Vendor jar package name springframework Low Vendor hint analyzer vendor pivotal software Highest Vendor jar package name expression Low Product jar package name expression Highest Product file name spring-expression High Product jar package name spel Low Product Manifest automatic-module-name spring.expression Medium Product gradle artifactid spring-expression Highest Product Manifest Implementation-Title spring-expression High Product jar package name expression Low Version Manifest Implementation-Version 5.2.2.RELEASE High Version gradle version 5.2.2.RELEASE Highest Version file version 5.2.2 Highest Version file name spring-expression Medium
spring-core-5.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.2.2.RELEASE/bfcf2f6d0494d89db63ae170b8491223c93a88dc/spring-core-5.2.2.RELEASE.jarMD5: af31f2ae937e45b71fa038cc0c010019SHA1: bfcf2f6d0494d89db63ae170b8491223c93a88dcSHA256: 94459936895f669c8bdd794be79850b73a9b980cc01a4aec88f373f150002b70Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor file name spring-core High Vendor hint analyzer vendor vmware Highest Vendor gradle groupid org.springframework Highest Vendor jar package name springframework Low Vendor hint analyzer vendor SpringSource Highest Vendor Manifest automatic-module-name spring.core Medium Vendor jar package name core Highest Vendor hint analyzer vendor pivotal software Highest Vendor jar package name core Low Product file name spring-core High Product hint analyzer product springsource_spring_framework Highest Product gradle artifactid spring-core Highest Product jar package name core Highest Product Manifest automatic-module-name spring.core Medium Product Manifest Implementation-Title spring-core High Product jar package name core Low Version Manifest Implementation-Version 5.2.2.RELEASE High Version gradle version 5.2.2.RELEASE Highest Version file version 5.2.2 Highest Version file name spring-core Medium
jackson-datatype-jdk8-2.10.1.jarDescription:
Add-on module for Jackson (http://jackson.codehaus.org) to support
JDK 8 data types.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.datatype/jackson-datatype-jdk8/2.10.1/db9247b3eb6f07520ff6ff6d1070439edd6803c3/jackson-datatype-jdk8-2.10.1.jar
MD5: 5ed821ec4bb9f16056a74c228f5a0788
SHA1: db9247b3eb6f07520ff6ff6d1070439edd6803c3
SHA256: 05c45b1441e74ea5e4b0c7a20823d2c7cfded946108902b5691a129e78f60515
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name datatype Highest Vendor pom parent-groupid com.fasterxml.jackson.module Medium Vendor Manifest implementation-build-date 2019-11-09 23:29:13+0000 Low Vendor pom groupid fasterxml.jackson.datatype Highest Vendor Manifest specification-vendor FasterXML Low Vendor jar package name jdk8 Highest Vendor pom name Jackson datatype: jdk8 High Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8 Low Vendor pom parent-artifactid jackson-modules-java8 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid jackson-datatype-jdk8 Low Vendor jar package name fasterxml Highest Vendor gradle groupid com.fasterxml.jackson.datatype Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor file name jackson-datatype-jdk8 High Vendor jar package name jackson Highest Vendor Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-jdk8 Medium Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.datatype Medium Product jar package name datatype Highest Product Manifest specification-title Jackson datatype: jdk8 Medium Product pom artifactid jackson-datatype-jdk8 Highest Product pom parent-artifactid jackson-modules-java8 Medium Product Manifest implementation-build-date 2019-11-09 23:29:13+0000 Low Product Manifest Bundle-Name Jackson datatype: jdk8 Medium Product pom groupid fasterxml.jackson.datatype Low Product jar package name jdk8 Highest Product pom name Jackson datatype: jdk8 High Product gradle artifactid jackson-datatype-jdk8 Highest Product Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-groupid com.fasterxml.jackson.module Low Product jar package name fasterxml Highest Product file name jackson-datatype-jdk8 High Product jar package name jackson Highest Product Manifest Implementation-Title Jackson datatype: jdk8 High Product Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-jdk8 Medium Version Manifest Bundle-Version 2.10.1 High Version Manifest Implementation-Version 2.10.1 High Version gradle version 2.10.1 Highest Version pom version 2.10.1 Highest Version file version 2.10.1 Highest
jackson-datatype-jsr310-2.10.1.jarDescription:
Add-on module to support JSR-310 (Java 8 Date & Time API) data types. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.10.1/52ee272b0181a1c0df5c931235c494b1e0e022d0/jackson-datatype-jsr310-2.10.1.jar
MD5: f84efaf51bbfc3c8a783168dcb24c99a
SHA1: 52ee272b0181a1c0df5c931235c494b1e0e022d0
SHA256: 5e7d0363068e3d42ac7f6234c88ade8867174009866e6f00f496edb5b295b56f
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name datatype Highest Vendor pom parent-groupid com.fasterxml.jackson.module Medium Vendor Manifest implementation-build-date 2019-11-09 23:29:13+0000 Low Vendor pom groupid fasterxml.jackson.datatype Highest Vendor Manifest specification-vendor FasterXML Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310 Low Vendor jar package name jsr310 Highest Vendor pom artifactid jackson-datatype-jsr310 Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-jsr310 Medium Vendor pom parent-artifactid jackson-modules-java8 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name fasterxml Highest Vendor pom name Jackson datatype: JSR310 High Vendor gradle groupid com.fasterxml.jackson.datatype Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor file name jackson-datatype-jsr310 High Vendor jar package name jackson Highest Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.datatype Medium Product jar package name datatype Highest Product Manifest Implementation-Title Jackson datatype: JSR310 High Product pom parent-artifactid jackson-modules-java8 Medium Product Manifest implementation-build-date 2019-11-09 23:29:13+0000 Low Product pom groupid fasterxml.jackson.datatype Low Product gradle artifactid jackson-datatype-jsr310 Highest Product Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310 Low Product jar package name jsr310 Highest Product Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-jsr310 Medium Product Manifest Bundle-Name Jackson datatype: JSR310 Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jackson-datatype-jsr310 Highest Product pom parent-groupid com.fasterxml.jackson.module Low Product jar package name fasterxml Highest Product pom name Jackson datatype: JSR310 High Product file name jackson-datatype-jsr310 High Product jar package name jackson Highest Product Manifest specification-title Jackson datatype: JSR310 Medium Version Manifest Bundle-Version 2.10.1 High Version Manifest Implementation-Version 2.10.1 High Version gradle version 2.10.1 Highest Version pom version 2.10.1 Highest Version file version 2.10.1 Highest
jackson-module-parameter-names-2.10.1.jarDescription:
Add-on module for Jackson (http://jackson.codehaus.org) to support
introspection of method/constructor parameter names, without having to add explicit property name annotation.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.module/jackson-module-parameter-names/2.10.1/6643b48d7dab2fb8c874526bea13ce4cd1a76cb9/jackson-module-parameter-names-2.10.1.jar
MD5: 423bbff0e614dd71733ac716416cf4d8
SHA1: 6643b48d7dab2fb8c874526bea13ce4cd1a76cb9
SHA256: e8083b8aef3704fd8a1032454d1d80ad5e250a678fbb3bc8ac89c0f0567badf3
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name module Highest Vendor pom parent-groupid com.fasterxml.jackson.module Medium Vendor Manifest implementation-build-date 2019-11-09 23:29:13+0000 Low Vendor gradle groupid com.fasterxml.jackson.module Highest Vendor Manifest specification-vendor FasterXML Low Vendor file name jackson-module-parameter-names High Vendor pom parent-artifactid jackson-modules-java8 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom groupid fasterxml.jackson.module Highest Vendor pom artifactid jackson-module-parameter-names Low Vendor jar package name fasterxml Highest Vendor Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-parameter-names Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names Low Vendor jar package name jackson Highest Vendor pom name Jackson-module-parameter-names High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.module Medium Product pom artifactid jackson-module-parameter-names Highest Product jar package name module Highest Product Manifest Bundle-Name Jackson-module-parameter-names Medium Product pom parent-artifactid jackson-modules-java8 Medium Product Manifest implementation-build-date 2019-11-09 23:29:13+0000 Low Product Manifest specification-title Jackson-module-parameter-names Medium Product file name jackson-module-parameter-names High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-groupid com.fasterxml.jackson.module Low Product gradle artifactid jackson-module-parameter-names Highest Product jar package name fasterxml Highest Product Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-parameter-names Medium Product Manifest Implementation-Title Jackson-module-parameter-names High Product Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names Low Product pom groupid fasterxml.jackson.module Low Product jar package name jackson Highest Product pom name Jackson-module-parameter-names High Version Manifest Bundle-Version 2.10.1 High Version Manifest Implementation-Version 2.10.1 High Version gradle version 2.10.1 Highest Version pom version 2.10.1 Highest Version file version 2.10.1 Highest
jackson-databind-2.10.1.jarDescription:
General data-binding functionality for Jackson: works on core streaming API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.10.1/18eee15ffc662d27538d5b6ee84e4c92c0a9d03e/jackson-databind-2.10.1.jar
MD5: 5be002ede268ddc0a2ea1b9bc5baceb8
SHA1: 18eee15ffc662d27538d5b6ee84e4c92c0a9d03e
SHA256: 2d23f47001492233565adf5a34f225f2ae89564cee08024873ec36b7842ede46
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid com.fasterxml.jackson.core Highest Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor jar package name databind Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom parent-artifactid jackson-base Low Vendor Manifest implementation-build-date 2019-11-09 23:12:02+0000 Low Vendor Manifest specification-vendor FasterXML Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor file name jackson-databind High Vendor pom name jackson-databind High Vendor pom groupid fasterxml.jackson.core Highest Vendor jar package name fasterxml Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor jar package name jackson Highest Vendor pom artifactid jackson-databind Low Vendor pom url http://github.com/FasterXML/jackson Highest Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product jar package name databind Highest Product Manifest Implementation-Title jackson-databind High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest implementation-build-date 2019-11-09 23:12:02+0000 Low Product pom url http://github.com/FasterXML/jackson Medium Product pom groupid fasterxml.jackson.core Low Product file name jackson-databind High Product pom parent-groupid com.fasterxml.jackson Low Product pom name jackson-databind High Product Manifest specification-title jackson-databind Medium Product jar package name fasterxml Highest Product Manifest Bundle-Name jackson-databind Medium Product gradle artifactid jackson-databind Highest Product jar package name jackson Highest Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product pom artifactid jackson-databind Highest Product pom parent-artifactid jackson-base Medium Version Manifest Bundle-Version 2.10.1 High Version Manifest Implementation-Version 2.10.1 High Version gradle version 2.10.1 Highest Version pom version 2.10.1 Highest Version file version 2.10.1 Highest
tomcat-embed-websocket-9.0.29.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-websocket/9.0.29/57a550a531648dd665444f11d45c352a6978c7b6/tomcat-embed-websocket-9.0.29.jarMD5: 08da7687d4b7a04162cce01f9c0cef42SHA1: 57a550a531648dd665444f11d45c352a6978c7b6SHA256: e7b5626f690706c4bc38886407d0d0eb0626a95245ba6f397b3868ca194e8525Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name websocket Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-embed-websocket Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor jar package name apache Highest Vendor Manifest tstamp 1729 Low Vendor gradle groupid org.apache.tomcat.embed Highest Vendor Manifest today November 16 2019 Low Vendor jar package name websocket Low Vendor Manifest automatic-module-name org.apache.tomcat.embed.websocket Medium Vendor file name tomcat-embed-websocket High Vendor Manifest dstamp 20191116 Low Vendor jar package name apache Low Vendor Manifest originally-created-by 1.8.0_222-b10 () Low Vendor jar package name tomcat Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor Apache Software Foundation Low Vendor jar package name tomcat Highest Product jar package name websocket Highest Product Manifest bundle-symbolicname org.apache.tomcat-embed-websocket Medium Product jar package name apache Highest Product Manifest tstamp 1729 Low Product Manifest Bundle-Name tomcat-embed-websocket Medium Product Manifest today November 16 2019 Low Product jar package name websocket Low Product Manifest automatic-module-name org.apache.tomcat.embed.websocket Medium Product file name tomcat-embed-websocket High Product Manifest dstamp 20191116 Low Product Manifest originally-created-by 1.8.0_222-b10 () Low Product Manifest specification-title Apache Tomcat Medium Product jar package name tomcat Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name tomcat Highest Product gradle artifactid tomcat-embed-websocket Highest Product Manifest Implementation-Title Apache Tomcat High Version Manifest Implementation-Version 9.0.29 High Version file version 9.0.29 Highest
tomcat-embed-core-9.0.29.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/9.0.29/207dc9ca4215853d96ed695862f9873001f02a4b/tomcat-embed-core-9.0.29.jarMD5: 44be753971eba479c2b05683f570c1d2SHA1: 207dc9ca4215853d96ed695862f9873001f02a4bSHA256: eacbae5a6436e47fdcbd4e961df20bdc53a50e325ff8739b412578c0429d70eeReferenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.apache.tomcat-embed-core Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor jar package name apache Highest Vendor Manifest tstamp 1729 Low Vendor gradle groupid org.apache.tomcat.embed Highest Vendor file name tomcat-embed-core High Vendor Manifest today November 16 2019 Low Vendor Manifest automatic-module-name org.apache.tomcat.embed.core Medium Vendor Manifest dstamp 20191116 Low Vendor jar package name apache Low Vendor Manifest originally-created-by 1.8.0_222-b10 () Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor Apache Software Foundation Low Vendor jar package name tomcat Highest Vendor jar package name core Highest Product Manifest bundle-symbolicname org.apache.tomcat-embed-core Medium Product Manifest Bundle-Name tomcat-embed-core Medium Product jar package name apache Highest Product Manifest tstamp 1729 Low Product file name tomcat-embed-core High Product Manifest today November 16 2019 Low Product Manifest automatic-module-name org.apache.tomcat.embed.core Medium Product Manifest dstamp 20191116 Low Product Manifest originally-created-by 1.8.0_222-b10 () Low Product Manifest specification-title Apache Tomcat Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name filter Highest Product gradle artifactid tomcat-embed-core Highest Product jar package name tomcat Highest Product jar package name core Highest Product Manifest Implementation-Title Apache Tomcat High Version Manifest Implementation-Version 9.0.29 High Version file version 9.0.29 Highest
tomcat-embed-el-9.0.29.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-el/9.0.29/3c1186083cb613c18949ffac21d856ecf8cdfd13/tomcat-embed-el-9.0.29.jarMD5: 1d8c3ae258beaf968a6611709bfff2d8SHA1: 3c1186083cb613c18949ffac21d856ecf8cdfd13SHA256: 4957e123d0521c624315c3bf3b2385b9dc1e704eb46b65a3c01e58f3d40cf262Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor jar package name apache Highest Vendor Manifest tstamp 1729 Low Vendor gradle groupid org.apache.tomcat.embed Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-embed-jasper-el Medium Vendor Manifest today November 16 2019 Low Vendor Manifest dstamp 20191116 Low Vendor jar package name apache Low Vendor Manifest originally-created-by 1.8.0_222-b10 () Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest automatic-module-name org.apache.tomcat.embed.jasper.el Medium Vendor jar package name el Highest Vendor Manifest specification-vendor Apache Software Foundation Low Vendor jar package name el Low Vendor file name tomcat-embed-el High Product jar package name apache Highest Product Manifest tstamp 1729 Low Product Manifest Bundle-Name tomcat-embed-jasper-el Medium Product Manifest bundle-symbolicname org.apache.tomcat-embed-jasper-el Medium Product Manifest today November 16 2019 Low Product Manifest dstamp 20191116 Low Product gradle artifactid tomcat-embed-el Highest Product Manifest originally-created-by 1.8.0_222-b10 () Low Product Manifest specification-title Apache Tomcat Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest automatic-module-name org.apache.tomcat.embed.jasper.el Medium Product jar package name el Highest Product jar package name el Low Product file name tomcat-embed-el High Product Manifest Implementation-Title Apache Tomcat High Version Manifest Implementation-Version 9.0.29 High Version file version 9.0.29 Highest
jakarta.validation-api-2.0.1.jarDescription:
Bean Validation API
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/jakarta.validation/jakarta.validation-api/2.0.1/5a864a58587cd76243b8ec55dd7115c9eac25c08/jakarta.validation-api-2.0.1.jar
MD5: 14e2c4707c5a54d143f99406a7c385d0
SHA1: 5a864a58587cd76243b8ec55dd7115c9eac25c08
SHA256: cbd4097d66194f4793c59d8d145915313717caebb8bd3590ae6f716eadc8d351
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor pom name Bean Validation API High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name validation Highest Vendor gradle groupid jakarta.validation Highest Vendor Manifest bundle-symbolicname jakarta.validation.jakarta.validation-api Medium Vendor pom groupid jakarta.validation Highest Vendor file name jakarta.validation-api High Vendor pom url http://beanvalidation.org Highest Vendor Manifest automatic-module-name java.validation Medium Vendor pom artifactid jakarta.validation-api Low Product pom name Bean Validation API High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom groupid jakarta.validation Low Product jar package name validation Highest Product Manifest bundle-symbolicname jakarta.validation.jakarta.validation-api Medium Product gradle artifactid jakarta.validation-api Highest Product file name jakarta.validation-api High Product pom url http://beanvalidation.org Medium Product Manifest automatic-module-name java.validation Medium Product Manifest Bundle-Name Bean Validation API Medium Product pom artifactid jakarta.validation-api Highest Version file version 2.0.1 Highest Version Manifest Bundle-Version 2.0.1 High Version gradle version 2.0.1 Highest Version pom version 2.0.1 Highest
hibernate-validator-6.0.18.Final.jarDescription:
Hibernate's Bean Validation (JSR-380) reference implementation. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.hibernate.validator/hibernate-validator/6.0.18.Final/7fd00bcd87e14b6ba66279282ef15efa30dd2492/hibernate-validator-6.0.18.Final.jar
MD5: d3eeb4f1bf013d939b86dfc34b0c6a5d
SHA1: 7fd00bcd87e14b6ba66279282ef15efa30dd2492
SHA256: 79fb11445bc48e1ea6fb259e825d58b3c9a5fa2b7e3c9527e41e4aeda82de907
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid org.hibernate.validator Highest Vendor Manifest automatic-module-name org.hibernate.validator Medium Vendor pom groupid hibernate.validator Highest Vendor Manifest Implementation-Vendor org.hibernate.validator High Vendor Manifest bundle-symbolicname org.hibernate.validator.hibernate-validator Medium Vendor Manifest Implementation-Vendor-Id org.hibernate.validator Medium Vendor pom name Hibernate Validator Engine High Vendor jar package name hibernate Highest Vendor pom artifactid hibernate-validator Low Vendor pom parent-artifactid hibernate-validator-parent Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest implementation-url http://hibernate.org/validator/ Low Vendor file name hibernate-validator High Vendor jar package name validator Highest Vendor pom parent-groupid org.hibernate.validator Medium Vendor jar package name engine Highest Product Manifest specification-title Bean Validation Medium Product pom artifactid hibernate-validator Highest Product Manifest automatic-module-name org.hibernate.validator Medium Product pom parent-artifactid hibernate-validator-parent Medium Product Manifest Bundle-Name Hibernate Validator Engine Medium Product Manifest bundle-symbolicname org.hibernate.validator.hibernate-validator Medium Product pom name Hibernate Validator Engine High Product jar package name hibernate Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-groupid org.hibernate.validator Low Product pom groupid hibernate.validator Low Product gradle artifactid hibernate-validator Highest Product Manifest Implementation-Title hibernate-validator High Product Manifest implementation-url http://hibernate.org/validator/ Low Product file name hibernate-validator High Product jar package name validator Highest Product jar package name engine Highest Version gradle version 6.0.18.Final Highest Version Manifest Bundle-Version 6.0.18.Final High Version pom version 6.0.18.Final Highest Version Manifest Implementation-Version 6.0.18.Final High
commons-logging-1.1.1.jarDescription:
Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/commons-logging/commons-logging/1.1.1/5043bfebc3db072ed80fbd362e7caf00e885d8ae/commons-logging-1.1.1.jarMD5: ed448347fc0104034aa14c8189bf37deSHA1: 5043bfebc3db072ed80fbd362e7caf00e885d8aeSHA256: ce6f913cad1f0db3aad70186d65c5bc7ffcc9a99e3fe8e0b137312819f7c362fReferenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name commons Highest Vendor pom url http://commons.apache.org/logging Highest Vendor gradle groupid commons-logging Highest Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor file name commons-logging High Vendor pom name Commons Logging High Vendor jar package name apache Highest Vendor Manifest extension-name org.apache.commons.logging Medium Vendor pom artifactid commons-logging Low Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name logging Highest Vendor pom parent-artifactid commons-parent Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom groupid commons-logging Highest Product jar package name commons Highest Product pom url http://commons.apache.org/logging Medium Product file name commons-logging High Product pom name Commons Logging High Product jar package name apache Highest Product Manifest extension-name org.apache.commons.logging Medium Product pom parent-artifactid commons-parent Medium Product gradle artifactid commons-logging Highest Product Manifest Implementation-Title Jakarta Commons Logging High Product pom artifactid commons-logging Highest Product jar package name logging Highest Product pom parent-groupid org.apache.commons Low Product Manifest specification-title Jakarta Commons Logging Medium Product pom groupid commons-logging Low Version file version 1.1.1 Highest Version Manifest Implementation-Version 1.1.1 High Version gradle version 1.1.1 Highest Version pom parent-version 1.1.1 Low Version pom version 1.1.1 Highest
logback-classic-1.2.3.jarDescription:
logback-classic module License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.2.3/7c4f3c474fb2c041d8028740440937705ebb473a/logback-classic-1.2.3.jar
MD5: 64f7a68f931aed8e5ad8243470440f0b
SHA1: 7c4f3c474fb2c041d8028740440937705ebb473a
SHA256: fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor file name logback-classic High Vendor Manifest bundle-symbolicname ch.qos.logback.classic Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom name Logback Classic Module High Vendor jar package name qos Highest Vendor jar package name classic Highest Vendor Manifest bundle-docurl http://www.qos.ch Low Vendor pom parent-artifactid logback-parent Low Vendor jar package name logback Highest Vendor jar package name ch Highest Vendor pom groupid ch.qos.logback Highest Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom artifactid logback-classic Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor gradle groupid ch.qos.logback Highest Product file name logback-classic High Product Manifest bundle-symbolicname ch.qos.logback.classic Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom name Logback Classic Module High Product pom parent-artifactid logback-parent Medium Product Manifest Bundle-Name Logback Classic Module Medium Product jar package name qos Highest Product jar package name classic Highest Product Manifest bundle-docurl http://www.qos.ch Low Product gradle artifactid logback-classic Highest Product jar package name logback Highest Product jar package name ch Highest Product pom artifactid logback-classic Highest Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product pom groupid ch.qos.logback Low Version Manifest Bundle-Version 1.2.3 High Version pom version 1.2.3 Highest Version gradle version 1.2.3 Highest Version file version 1.2.3 Highest
log4j-to-slf4j-2.12.1.jarDescription:
The Apache Log4j binding between Log4j 2 API and SLF4J. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.apache.logging.log4j/log4j-to-slf4j/2.12.1/dfb42ea8ce1a399bcf7218efe8115a0b7ab3788a/log4j-to-slf4j-2.12.1.jar
MD5: a6fdf03c03b6f5fac5a978031a06777e
SHA1: dfb42ea8ce1a399bcf7218efe8115a0b7ab3788a
SHA256: 69d4aa504294033ea0d1236aabe81ed3f6393b6eb42e61899b197a51a3df73e9
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor pom groupid apache.logging.log4j Highest Vendor Manifest log4jreleasekey B3D8E1BA Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name apache Highest Vendor jar package name slf4j Highest Vendor pom artifactid log4j-to-slf4j Low Vendor gradle groupid org.apache.logging.log4j Highest Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.logging.log4j Medium Vendor pom name Apache Log4j to SLF4J Adapter High Vendor Manifest bundle-symbolicname org.apache.logging.log4j.to-slf4j Medium Vendor jar package name logging Highest Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest log4jreleasemanager Ralph Goers Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-to-slf4j/ Low Vendor file name log4j-to-slf4j High Vendor pom parent-artifactid log4j Low Vendor Manifest automatic-module-name org.apache.logging.slf4j Medium Product Manifest log4jreleasekey B3D8E1BA Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom artifactid log4j-to-slf4j Highest Product jar package name apache Highest Product gradle artifactid log4j-to-slf4j Highest Product jar package name slf4j Highest Product Manifest bundle-docurl https://www.apache.org/ Low Product pom name Apache Log4j to SLF4J Adapter High Product Manifest bundle-symbolicname org.apache.logging.log4j.to-slf4j Medium Product Manifest specification-title Apache Log4j to SLF4J Adapter Medium Product jar package name logging Highest Product Manifest log4jreleasemanager Ralph Goers Low Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-to-slf4j/ Low Product pom groupid apache.logging.log4j Low Product file name log4j-to-slf4j High Product Manifest Bundle-Name Apache Log4j to SLF4J Adapter Medium Product pom parent-artifactid log4j Medium Product pom parent-groupid org.apache.logging.log4j Low Product Manifest automatic-module-name org.apache.logging.slf4j Medium Product Manifest Implementation-Title Apache Log4j to SLF4J Adapter High Version gradle version 2.12.1 Highest Version pom version 2.12.1 Highest Version file version 2.12.1 Highest Version Manifest log4jreleaseversion 2.12.1 Medium Version Manifest Implementation-Version 2.12.1 High Version Manifest Bundle-Version 2.12.1 High
jul-to-slf4j-1.7.29.jarDescription:
JUL to SLF4J bridge File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.slf4j/jul-to-slf4j/1.7.29/f58dd9d8c15a1141a48de53d2d6b723ae6cf18d6/jul-to-slf4j-1.7.29.jarMD5: e98450d2de8fb9ffe4fe2f4994462fe1SHA1: f58dd9d8c15a1141a48de53d2d6b723ae6cf18d6SHA256: ac6f86a0afe572c505c88bfd8a79e86b3508926d8cca14533fbda8cb83634a26Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid org.slf4j Highest Vendor jar package name slf4j Highest Vendor Manifest bundle-symbolicname jul.to.slf4j Medium Vendor pom name JUL to SLF4J bridge High Vendor file name jul-to-slf4j High Vendor pom url http://www.slf4j.org Highest Vendor pom parent-groupid org.slf4j Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor jar package name bridge Highest Vendor pom groupid slf4j Highest Vendor pom artifactid jul-to-slf4j Low Vendor pom parent-artifactid slf4j-parent Low Product pom parent-groupid org.slf4j Low Product jar package name slf4j Highest Product Manifest Bundle-Name jul-to-slf4j Medium Product Manifest bundle-symbolicname jul.to.slf4j Medium Product pom parent-artifactid slf4j-parent Medium Product pom name JUL to SLF4J bridge High Product file name jul-to-slf4j High Product pom url http://www.slf4j.org Medium Product jar package name bridge Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom artifactid jul-to-slf4j Highest Product gradle artifactid jul-to-slf4j Highest Product pom groupid slf4j Low Version pom version 1.7.29 Highest Version gradle version 1.7.29 Highest Version file version 1.7.29 Highest Version Manifest Implementation-Version 1.7.29 High Version Manifest Bundle-Version 1.7.29 High
spring-jcl-5.2.2.RELEASE.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-jcl/5.2.2.RELEASE/35efd564bf664c0bf53bd336b583391a7f872da7/spring-jcl-5.2.2.RELEASE.jarMD5: eaccb423ee1c9f3cf57f1715393147e5SHA1: 35efd564bf664c0bf53bd336b583391a7f872da7SHA256: db6ec0aa5330ab84a78933fd2c27db83581e3f0adbc1a562013c8647b3935dbdReferenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name spring.jcl Medium Vendor file name spring-jcl High Vendor jar package name apache Low Vendor gradle groupid org.springframework Highest Vendor hint analyzer vendor pivotal software Highest Vendor jar package name logging Low Vendor jar package name commons Low Product Manifest automatic-module-name spring.jcl Medium Product file name spring-jcl High Product Manifest Implementation-Title spring-jcl High Product gradle artifactid spring-jcl Highest Product jar package name commons Low Product jar package name logging Low Version Manifest Implementation-Version 5.2.2.RELEASE High Version file name spring-jcl Medium Version gradle version 5.2.2.RELEASE Highest Version file version 5.2.2 Highest
jackson-annotations-2.10.1.jarDescription:
Core annotations used for value types, used by Jackson data binding package.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-annotations/2.10.1/54d72475c0d6819f2d0e9a09d25c3ed876a4972f/jackson-annotations-2.10.1.jar
MD5: 49683a3cf8e92c00c24262e8fac64ee5
SHA1: 54d72475c0d6819f2d0e9a09d25c3ed876a4972f
SHA256: 673f8ae16becea4fa937404b3a851417faf42df3bbc592028bbe2bfe0cc9d8cb
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid com.fasterxml.jackson.core Highest Vendor file name jackson-annotations High Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor Manifest specification-vendor FasterXML Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid jackson-annotations Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom parent-artifactid jackson-parent Low Vendor pom name Jackson-annotations High Vendor pom groupid fasterxml.jackson.core Highest Vendor jar package name fasterxml Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor jar package name jackson Highest Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor Manifest implementation-build-date 2019-11-09 22:57:59+0000 Low Vendor pom url http://github.com/FasterXML/jackson Highest Product file name jackson-annotations High Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product pom url http://github.com/FasterXML/jackson Medium Product Manifest Implementation-Title Jackson-annotations High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom groupid fasterxml.jackson.core Low Product pom artifactid jackson-annotations Highest Product Manifest Bundle-Name Jackson-annotations Medium Product Manifest specification-title Jackson-annotations Medium Product pom parent-groupid com.fasterxml.jackson Low Product pom name Jackson-annotations High Product gradle artifactid jackson-annotations Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product pom parent-artifactid jackson-parent Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product Manifest implementation-build-date 2019-11-09 22:57:59+0000 Low Version Manifest Bundle-Version 2.10.1 High Version pom parent-version 2.10.1 Low Version Manifest Implementation-Version 2.10.1 High Version gradle version 2.10.1 Highest Version pom version 2.10.1 Highest Version file version 2.10.1 Highest
jackson-core-2.10.1.jarDescription:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-core/2.10.1/2c8b5e26ba40e5f91eb37a24075a2028b402c5f9/jackson-core-2.10.1.jar
MD5: 5bc20efba282bb641e3b42de153e45bc
SHA1: 2c8b5e26ba40e5f91eb37a24075a2028b402c5f9
SHA256: 79bffbdcd349f69a5ac252e2b4096131704386af4fa14d95395ea9a0e423cf33
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid com.fasterxml.jackson.core Highest Vendor pom parent-artifactid jackson-base Low Vendor jar package name base Highest Vendor pom name Jackson-core High Vendor Manifest specification-vendor FasterXML Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor jar package name json Highest Vendor pom url FasterXML/jackson-core Highest Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor file name jackson-core High Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest implementation-build-date 2019-11-09 23:08:40+0000 Low Vendor pom groupid fasterxml.jackson.core Highest Vendor jar package name fasterxml Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor jar package name jackson Highest Vendor jar package name core Highest Vendor pom artifactid jackson-core Low Product pom url FasterXML/jackson-core High Product jar package name base Highest Product pom name Jackson-core High Product Manifest Bundle-Name Jackson-core Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom groupid fasterxml.jackson.core Low Product jar package name json Highest Product jar package name version Highest Product file name jackson-core High Product Manifest Implementation-Title Jackson-core High Product pom parent-groupid com.fasterxml.jackson Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest implementation-build-date 2019-11-09 23:08:40+0000 Low Product jar package name fasterxml Highest Product jar package name filter Highest Product gradle artifactid jackson-core Highest Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest specification-title Jackson-core Medium Product jar package name jackson Highest Product pom artifactid jackson-core Highest Product jar package name core Highest Product pom parent-artifactid jackson-base Medium Version Manifest Bundle-Version 2.10.1 High Version Manifest Implementation-Version 2.10.1 High Version gradle version 2.10.1 Highest Version pom version 2.10.1 Highest Version file version 2.10.1 Highest
jboss-logging-3.4.1.Final.jarDescription:
The JBoss Logging Framework License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.jboss.logging/jboss-logging/3.4.1.Final/40fd4d696c55793e996d1ff3c475833f836c2498/jboss-logging-3.4.1.Final.jar
MD5: 52ee373b84e39570c78c0815006375bc
SHA1: 40fd4d696c55793e996d1ff3c475833f836c2498
SHA256: 8efe877d93e5e1057a1388b2950503b88b0c28447364fde08adbec61e524eeb8
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor Manifest implementation-url http://www.jboss.org Low Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor jar package name jboss Highest Vendor Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Vendor jar package name logging Highest Vendor pom groupid jboss.logging Highest Vendor hint analyzer vendor redhat Highest Vendor pom parent-groupid org.jboss Medium Vendor file name jboss-logging High Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest os-name Linux Medium Vendor pom url http://www.jboss.org Highest Vendor gradle groupid org.jboss.logging Highest Vendor pom parent-artifactid jboss-parent Low Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor pom name JBoss Logging 3 High Vendor Manifest os-arch amd64 Low Vendor pom artifactid jboss-logging Low Vendor Manifest automatic-module-name org.jboss.logging Medium Vendor Manifest Implementation-Vendor-Id org.jboss.logging Medium Product pom parent-groupid org.jboss Low Product Manifest implementation-url http://www.jboss.org Low Product gradle artifactid jboss-logging Highest Product jar package name jboss Highest Product Manifest specification-title JBoss Logging 3 Medium Product pom parent-artifactid jboss-parent Medium Product Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Product jar package name logging Highest Product pom url http://www.jboss.org Medium Product pom groupid jboss.logging Low Product file name jboss-logging High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest os-name Linux Medium Product Manifest bundle-docurl http://www.jboss.org Low Product pom name JBoss Logging 3 High Product pom artifactid jboss-logging Highest Product Manifest os-arch amd64 Low Product Manifest Implementation-Title JBoss Logging 3 High Product Manifest Bundle-Name JBoss Logging 3 Medium Product Manifest automatic-module-name org.jboss.logging Medium Version pom version 3.4.1.Final Highest Version gradle version 3.4.1.Final Highest Version pom parent-version 3.4.1.Final Low Version Manifest Bundle-Version 3.4.1.Final High Version Manifest Implementation-Version 3.4.1.Final High
classmate-1.5.1.jarDescription:
Library for introspecting types with full generic information
including resolving of field and method types.
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/com.fasterxml/classmate/1.5.1/3fe0bed568c62df5e89f4f174c101eab25345b6c/classmate-1.5.1.jar
MD5: e91fcd30ba329fd1b0b6dc5321fd067c
SHA1: 3fe0bed568c62df5e89f4f174c101eab25345b6c
SHA256: aab4de3006808c09d25dd4ff4a3611cfb63c95463cfd99e73d2e1680d229a33b
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor pom artifactid classmate Low Vendor Manifest automatic-module-name com.fasterxml.classmate Medium Vendor pom groupid fasterxml Highest Vendor jar package name types Highest Vendor gradle groupid com.fasterxml Highest Vendor pom url FasterXML/java-classmate Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom name ClassMate High Vendor pom organization name fasterxml.com High Vendor Manifest implementation-build-date 2019-10-19 22:46:35+0000 Low Vendor pom parent-groupid com.fasterxml Medium Vendor Manifest Implementation-Vendor fasterxml.com High Vendor jar package name fasterxml Highest Vendor jar package name classmate Highest Vendor file name classmate High Vendor Manifest bundle-docurl https://github.com/FasterXML/java-classmate Low Vendor pom parent-artifactid oss-parent Low Vendor Manifest bundle-symbolicname com.fasterxml.classmate Medium Vendor Manifest specification-vendor fasterxml.com Low Vendor pom organization url https://fasterxml.com Medium Vendor Manifest Implementation-Vendor-Id com.fasterxml Medium Product Manifest automatic-module-name com.fasterxml.classmate Medium Product gradle artifactid classmate Highest Product jar package name types Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom name ClassMate High Product pom url FasterXML/java-classmate High Product Manifest specification-title ClassMate Medium Product Manifest implementation-build-date 2019-10-19 22:46:35+0000 Low Product pom parent-artifactid oss-parent Medium Product pom artifactid classmate Highest Product pom groupid fasterxml Low Product pom organization url https://fasterxml.com Low Product jar package name fasterxml Highest Product Manifest Bundle-Name ClassMate Medium Product jar package name filter Highest Product jar package name classmate Highest Product pom organization name fasterxml.com Low Product file name classmate High Product pom parent-groupid com.fasterxml Low Product Manifest bundle-docurl https://github.com/FasterXML/java-classmate Low Product Manifest Implementation-Title ClassMate High Product Manifest bundle-symbolicname com.fasterxml.classmate Medium Version Manifest Bundle-Version 1.5.1 High Version Manifest Implementation-Version 1.5.1 High Version pom version 1.5.1 Highest Version pom parent-version 1.5.1 Low Version gradle version 1.5.1 Highest Version file version 1.5.1 Highest
bcprov-jdk15on-1.51.jarFile Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.51/9ab8afcc2842d5ef06eb775a0a2b12783b99aa80/bcprov-jdk15on-1.51.jarMD5: b202b2dde200e0d1b714f6e867e29ee4SHA1: 9ab8afcc2842d5ef06eb775a0a2b12783b99aa80SHA256: 8748f0ec73895f7f18c1a9c13cf754fddddf0451cf472463ef02f93c3e7a7de7Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor Manifest codebase * Low Vendor jar package name bouncycastle Low Vendor file name bcprov-jdk15on High Vendor Manifest application-name Bouncy Castle Provider Medium Vendor jar package name bouncycastle Highest Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest bundle-symbolicname bcprov Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest permissions all-permissions Low Vendor Manifest application-library-allowable-codebase * Low Vendor gradle groupid org.bouncycastle Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 Low Vendor jar package name provider Highest Vendor Manifest originally-created-by 24.51-b03 (Oracle Corporation) Low Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest extension-name org.bouncycastle.bcprovider Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest trusted-library true Low Product Manifest codebase * Low Product file name bcprov-jdk15on High Product hint analyzer product legion-of-the-bouncy-castle-java-crytography-api High Product Manifest application-name Bouncy Castle Provider Medium Product jar package name bouncycastle Highest Product Manifest bundle-symbolicname bcprov Medium Product Manifest caller-allowable-codebase * Low Product Manifest permissions all-permissions Low Product Manifest application-library-allowable-codebase * Low Product gradle artifactid bcprov-jdk15on Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 Low Product jar package name provider Highest Product Manifest originally-created-by 24.51-b03 (Oracle Corporation) Low Product Manifest Bundle-Name bcprov Medium Product Manifest extension-name org.bouncycastle.bcprovider Medium Product Manifest trusted-library true Low Version file version 1.51 Highest Version Manifest Implementation-Version 1.51.0 High
Published Vulnerabilities CVE-2015-6644 (OSSINDEX) suppress
> An information disclosure vulnerability in Bouncy Castle could enable a local malicious application to gain access to user?s private information
>
> -- [source.android.com](https://source.android.com/security/bulletin/2016-01-01#information_disclosure_vulnerability_in_bouncy_castle) Unscored:
References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.51:*:*:*:*:*:*:* CVE-2016-1000338 suppress
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. CWE-347 Improper Verification of Cryptographic Signature
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000339 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000340 suppress
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers. CWE-19 Data Processing Errors
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000341 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well. CWE-361 7PK - Time and State
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000342 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. CWE-347 Improper Verification of Cryptographic Signature
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000343 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000344 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.4) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000345 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding. CWE-361 7PK - Time and State
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000346 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation. CWE-320 Key Management Errors
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: LOW (3.7) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2016-1000352 suppress
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.4) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2017-13098 suppress
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT." CWE-203 Information Exposure Through Discrepancy
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2018-1000613 suppress
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
logback-core-1.2.3.jarDescription:
logback-core module License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.2.3/864344400c3d4d92dfeb0a305dc87d953677c03c/logback-core-1.2.3.jar
MD5: 841fc80c6edff60d947a3872a2db4d45
SHA1: 864344400c3d4d92dfeb0a305dc87d953677c03c
SHA256: 5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor file name logback-core High Vendor pom name Logback Core Module High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor jar package name qos Highest Vendor Manifest bundle-docurl http://www.qos.ch Low Vendor pom parent-artifactid logback-parent Low Vendor jar package name logback Highest Vendor jar package name ch Highest Vendor pom groupid ch.qos.logback Highest Vendor pom artifactid logback-core Low Vendor Manifest bundle-symbolicname ch.qos.logback.core Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor jar package name core Highest Vendor gradle groupid ch.qos.logback Highest Product Manifest Bundle-Name Logback Core Module Medium Product file name logback-core High Product pom name Logback Core Module High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom parent-artifactid logback-parent Medium Product jar package name qos Highest Product Manifest bundle-docurl http://www.qos.ch Low Product jar package name logback Highest Product jar package name ch Highest Product gradle artifactid logback-core Highest Product Manifest bundle-symbolicname ch.qos.logback.core Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product pom groupid ch.qos.logback Low Product jar package name core Highest Product pom artifactid logback-core Highest Version Manifest Bundle-Version 1.2.3 High Version pom version 1.2.3 Highest Version gradle version 1.2.3 Highest Version file version 1.2.3 Highest
slf4j-api-1.7.29.jarDescription:
The slf4j API File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.slf4j/slf4j-api/1.7.29/e56bf4473a4c6b71c7dd397a833dce86d1993d9d/slf4j-api-1.7.29.jarMD5: 75191c97f2d6ef4f990cbb4b2e56a46bSHA1: e56bf4473a4c6b71c7dd397a833dce86d1993d9dSHA256: 47b624903c712f9118330ad2fb91d0780f7f666c3f22919d0fc14522c5cad9eaReferenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor gradle groupid org.slf4j Highest Vendor jar package name slf4j Highest Vendor pom name SLF4J API Module High Vendor file name slf4j-api High Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor Manifest automatic-module-name org.slf4j Medium Vendor pom url http://www.slf4j.org Highest Vendor pom parent-groupid org.slf4j Medium Vendor pom artifactid slf4j-api Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom groupid slf4j Highest Vendor pom parent-artifactid slf4j-parent Low Product pom parent-groupid org.slf4j Low Product jar package name slf4j Highest Product pom parent-artifactid slf4j-parent Medium Product pom name SLF4J API Module High Product file name slf4j-api High Product Manifest Implementation-Title slf4j-api High Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest automatic-module-name org.slf4j Medium Product pom url http://www.slf4j.org Medium Product Manifest Bundle-Name slf4j-api Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom artifactid slf4j-api Highest Product gradle artifactid slf4j-api Highest Product pom groupid slf4j Low Version pom version 1.7.29 Highest Version gradle version 1.7.29 Highest Version file version 1.7.29 Highest Version Manifest Implementation-Version 1.7.29 High Version Manifest Bundle-Version 1.7.29 High
log4j-api-2.12.1.jarDescription:
The Apache Log4j API License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.apache.logging.log4j/log4j-api/2.12.1/a55e6d987f50a515c9260b0451b4fa217dc539cb/log4j-api-2.12.1.jar
MD5: 4a6f276d4fb426c8d489343c0325bb75
SHA1: a55e6d987f50a515c9260b0451b4fa217dc539cb
SHA256: 429534d03bdb728879ab551d469e26f6f7ff4c8a8627f59ac68ab6ef26063515
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:compileClasspath spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor pom groupid apache.logging.log4j Highest Vendor Manifest log4jreleasekey B3D8E1BA Low Vendor pom artifactid log4j-api Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name apache Highest Vendor file name log4j-api High Vendor gradle groupid org.apache.logging.log4j Highest Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.logging.log4j Medium Vendor jar package name logging Highest Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Vendor pom name Apache Log4j API High Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest log4jreleasemanager Ralph Goers Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name org Highest Vendor Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Vendor pom parent-artifactid log4j Low Vendor jar package name log4j Highest Vendor Manifest multi-release true Low Product Manifest log4jreleasekey B3D8E1BA Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest Implementation-Title Apache Log4j API High Product jar package name apache Highest Product gradle artifactid log4j-api Highest Product file name log4j-api High Product Manifest bundle-docurl https://www.apache.org/ Low Product jar package name logging Highest Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Product pom artifactid log4j-api Highest Product pom name Apache Log4j API High Product Manifest log4jreleasemanager Ralph Goers Low Product pom groupid apache.logging.log4j Low Product jar package name org Highest Product Manifest specification-title Apache Log4j API Medium Product pom parent-artifactid log4j Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Product jar package name log4j Highest Product Manifest Bundle-Name Apache Log4j API Medium Product pom parent-groupid org.apache.logging.log4j Low Product Manifest multi-release true Low Version gradle version 2.12.1 Highest Version pom version 2.12.1 Highest Version file version 2.12.1 Highest Version Manifest log4jreleaseversion 2.12.1 Medium Version Manifest Implementation-Version 2.12.1 High Version Manifest Bundle-Version 2.12.1 High
postgresql-42.2.8.jarDescription:
Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database License:
BSD-2-Clause: https://jdbc.postgresql.org/about/license.html File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.postgresql/postgresql/42.2.8/6f394c7df5600d11b221f356ff020440d2ece44f/postgresql-42.2.8.jar
MD5: e6dcc1898639407bf530b7a34e870b55
SHA1: 6f394c7df5600d11b221f356ff020440d2ece44f
SHA256: 7fb81e74f5c25a5c40a997d9b83333fdd3b5d63a0b3d61cba6d562c7e3a7f3f6
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor jar package name postgresql Highest Vendor Manifest automatic-module-name org.postgresql.jdbc Medium Vendor Manifest Implementation-Vendor PostgreSQL Global Development Group High Vendor Manifest bundle-copyright Copyright (c) 2003-2015, PostgreSQL Global Development Group Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor jar package name driver Highest Vendor pom name PostgreSQL JDBC Driver - JDBC 4.2 High Vendor pom artifactid postgresql Low Vendor pom organization name PostgreSQL Global Development Group High Vendor Manifest bundle-symbolicname org.postgresql.jdbc42 Medium Vendor pom organization url https://jdbc.postgresql.org/ Medium Vendor pom groupid postgresql Highest Vendor pom parent-groupid org.postgresql Medium Vendor gradle groupid org.postgresql Highest Vendor jar package name jdbc Highest Vendor Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory" Low Vendor pom url pgjdbc/pgjdbc Highest Vendor file name postgresql High Vendor pom parent-artifactid pgjdbc-core-parent Low Vendor Manifest bundle-docurl https://jdbc.postgresql.org/ Low Vendor Manifest require-capability osgi.ee;filter:="(&(|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))" Low Vendor Manifest Implementation-Vendor-Id org.postgresql Medium Vendor jar package name core Highest Product Manifest Bundle-Name PostgreSQL JDBC Driver JDBC42 Medium Product Manifest bundle-copyright Copyright (c) 2003-2015, PostgreSQL Global Development Group Low Product pom organization url https://jdbc.postgresql.org/ Low Product pom organization name PostgreSQL Global Development Group Low Product jar package name version Highest Product pom name PostgreSQL JDBC Driver - JDBC 4.2 High Product jar package name osgi Highest Product pom parent-artifactid pgjdbc-core-parent Medium Product file name postgresql High Product Manifest require-capability osgi.ee;filter:="(&(|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))" Low Product pom groupid postgresql Low Product pom url pgjdbc/pgjdbc High Product jar package name postgresql Highest Product Manifest automatic-module-name org.postgresql.jdbc Medium Product jar package name driver Highest Product pom parent-groupid org.postgresql Low Product gradle artifactid postgresql Highest Product pom artifactid postgresql Highest Product Manifest bundle-symbolicname org.postgresql.jdbc42 Medium Product jar package name jdbc Highest Product Manifest Implementation-Title PostgreSQL JDBC Driver - JDBC 4.2 High Product Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory" Low Product Manifest specification-title JDBC Medium Product Manifest bundle-docurl https://jdbc.postgresql.org/ Low Product jar package name core Highest Version pom version 42.2.8 Highest Version gradle version 42.2.8 Highest Version file version 42.2.8 Highest Version pom parent-version 42.2.8 Low Version Manifest Bundle-Version 42.2.8 High Version Manifest Implementation-Version 42.2.8 High
snakeyaml-1.25.jarDescription:
YAML 1.1 parser and emitter for Java License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.25/8b6e01ef661d8378ae6dd7b511a7f2a33fae1421/snakeyaml-1.25.jar
MD5: 6f7d5b8f596047aae07a3bf6f23a0bf2
SHA1: 8b6e01ef661d8378ae6dd7b511a7f2a33fae1421
SHA256: b50ef33187e7dc922b26dbe4dd0fdb3a9cf349e75a08b95269901548eee546eb
Referenced In Projects/Scopes: spring-security-saml-login:default spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom groupid yaml Highest Vendor pom url http://www.snakeyaml.org Highest Vendor file name snakeyaml High Vendor jar package name parser Highest Vendor gradle groupid org.yaml Highest Vendor jar package name yaml Highest Vendor Manifest automatic-module-name org.yaml.snakeyaml Medium Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor jar package name snakeyaml Highest Vendor jar package name emitter Highest Vendor pom artifactid snakeyaml Low Vendor pom name SnakeYAML High Product gradle artifactid snakeyaml Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom groupid yaml Low Product file name snakeyaml High Product jar package name parser Highest Product jar package name yaml Highest Product Manifest automatic-module-name org.yaml.snakeyaml Medium Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product jar package name snakeyaml Highest Product Manifest Bundle-Name SnakeYAML Medium Product pom url http://www.snakeyaml.org Medium Product jar package name emitter Highest Product pom name SnakeYAML High Product pom artifactid snakeyaml Highest Version gradle version 1.25 Highest Version pom version 1.25 Highest Version file version 1.25 Highest
postgresql-42.2.8.jar (shaded: com.ongres.scram:client:2.1)File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.postgresql/postgresql/42.2.8/6f394c7df5600d11b221f356ff020440d2ece44f/postgresql-42.2.8.jar/META-INF/maven/com.ongres.scram/client/pom.xmlMD5: d44ba6611fd087ee5a71d35b7d43fc69SHA1: e16fb7eb05c6aa8f57c9537984945ca977725f25SHA256: 505139adab5a5996a1ebe7d1bba3f64464da03eced9536ee3d0d1e20a6e1c9c1Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor pom parent-groupid com.ongres.scram Medium Vendor pom parent-artifactid parent Low Vendor pom artifactid client Low Vendor pom groupid ongres.scram Highest Vendor pom name SCRAM - client High Product pom parent-artifactid parent Medium Product pom parent-groupid com.ongres.scram Low Product pom artifactid client Highest Product pom name SCRAM - client High Product pom groupid ongres.scram Low Version pom version 2.1 Highest
postgresql-42.2.8.jar (shaded: com.ongres.scram:common:2.1)File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.postgresql/postgresql/42.2.8/6f394c7df5600d11b221f356ff020440d2ece44f/postgresql-42.2.8.jar/META-INF/maven/com.ongres.scram/common/pom.xmlMD5: d9fc000bf8e0c6065fa6d8a6496c5dd9SHA1: 7f04a8f7ef939145a08b4ff4e2bda9072930b9faSHA256: 548cef1a8224ad8e6bb1c43ece93876318d6d6eee061281e2313a153167b9a50Referenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor pom parent-groupid com.ongres.scram Medium Vendor pom parent-artifactid parent Low Vendor pom groupid ongres.scram Highest Vendor pom artifactid common Low Vendor pom name SCRAM - common High Product pom parent-artifactid parent Medium Product pom parent-groupid com.ongres.scram Low Product pom groupid ongres.scram Low Product pom artifactid common Highest Product pom name SCRAM - common High Version pom version 2.1 Highest
postgresql-42.2.8.jar (shaded: com.ongres.stringprep:saslprep:1.1)File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.postgresql/postgresql/42.2.8/6f394c7df5600d11b221f356ff020440d2ece44f/postgresql-42.2.8.jar/META-INF/maven/com.ongres.stringprep/saslprep/pom.xmlMD5: a5b7df676b0475feb21ddc97db19ca85SHA1: 9e6e646a4ef8a03984c527f03b83b428423ea193SHA256: c2bc2501a0e0e58d8a406a8a28d0992c525f1cb62cb32e4cc65764920066222aReferenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor pom parent-artifactid parent Low Vendor pom artifactid saslprep Low Vendor pom groupid ongres.stringprep Highest Vendor pom parent-groupid com.ongres.stringprep Medium Product pom parent-artifactid parent Medium Product pom artifactid saslprep Highest Product pom parent-groupid com.ongres.stringprep Low Product pom groupid ongres.stringprep Low Version pom version 1.1 Highest
postgresql-42.2.8.jar (shaded: com.ongres.stringprep:stringprep:1.1)File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.postgresql/postgresql/42.2.8/6f394c7df5600d11b221f356ff020440d2ece44f/postgresql-42.2.8.jar/META-INF/maven/com.ongres.stringprep/stringprep/pom.xmlMD5: ab9b0c129a755f957339d7cdc4114ef8SHA1: 7c137f886ac3a0bf416a0b989727ad940c96fac6SHA256: 5f39c886ea463198bccb7e8db48f9f53055f67d917adc0f5c8e299ed1bd1002dReferenced In Projects/Scopes:
spring-security-saml-login:default spring-security-saml-login:runtimeClasspath Evidence Type Source Name Value Confidence Vendor pom parent-artifactid parent Low Vendor pom groupid ongres.stringprep Highest Vendor pom parent-groupid com.ongres.stringprep Medium Vendor pom artifactid stringprep Low Product pom parent-artifactid parent Medium Product pom parent-groupid com.ongres.stringprep Low Product pom artifactid stringprep Highest Product pom groupid ongres.stringprep Low Version pom version 1.1 Highest