Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

Project: root project 'spring-security-saml-login'

com.example:spring-security-saml-login:0.0.1-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
spring-security-saml2-service-provider-5.3.0.BUILD-SNAPSHOT.jarcpe:2.3:a:pivotal_software:spring_security:5.3.0:*:*:*:*:*:*:*HIGH1Highest20
spring-boot-starter-security-2.2.2.RELEASE.jarpkg:maven/org.springframework.boot/spring-boot-starter-security@2.2.2.RELEASE 014
spring-boot-starter-web-2.2.2.RELEASE.jarpkg:maven/org.springframework.boot/spring-boot-starter-web@2.2.2.RELEASE 014
opensaml-2.6.4.jarcpe:2.3:a:shibboleth:opensaml:2.6.4:*:*:*:*:*:*:*pkg:maven/org.opensaml/opensaml@2.6.4MEDIUM1Highest39
spring-boot-starter-json-2.2.2.RELEASE.jarpkg:maven/org.springframework.boot/spring-boot-starter-json@2.2.2.RELEASE 014
spring-boot-starter-validation-2.2.2.RELEASE.jarpkg:maven/org.springframework.boot/spring-boot-starter-validation@2.2.2.RELEASE 014
spring-boot-starter-2.2.2.RELEASE.jarpkg:maven/org.springframework.boot/spring-boot-starter@2.2.2.RELEASE 014
spring-security-config-5.2.1.RELEASE.jarcpe:2.3:a:pivotal_software:spring_security:5.2.1:*:*:*:*:*:*:*pkg:maven/org.springframework.security/spring-security-config@5.2.1.RELEASEHIGH1Low22
spring-security-web-5.2.1.RELEASE.jarcpe:2.3:a:pivotal_software:spring_security:5.2.1:*:*:*:*:*:*:*pkg:maven/org.springframework.security/spring-security-web@5.2.1.RELEASEHIGH1Low21
spring-webmvc-5.2.2.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.2.2:*:*:*:*:*:*:*pkg:maven/org.springframework/spring-webmvc@5.2.2.RELEASE 0Low17
spring-security-core-5.2.1.RELEASE.jarcpe:2.3:a:pivotal_software:spring_security:5.2.1:*:*:*:*:*:*:*pkg:maven/org.springframework.security/spring-security-core@5.2.1.RELEASEHIGH1Low19
spring-boot-autoconfigure-2.2.2.RELEASE.jarpkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.2.2.RELEASE 023
spring-boot-2.2.2.RELEASE.jarpkg:maven/org.springframework.boot/spring-boot@2.2.2.RELEASE 019
spring-context-5.2.2.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.2.2:*:*:*:*:*:*:*pkg:maven/org.springframework/spring-context@5.2.2.RELEASE 0Low15
spring-aop-5.2.2.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.2.2:*:*:*:*:*:*:*pkg:maven/org.springframework/spring-aop@5.2.2.RELEASE 0Low17
spring-boot-starter-tomcat-2.2.2.RELEASE.jarpkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.2.2.RELEASE 014
spring-web-5.2.2.RELEASE.jarpkg:maven/org.springframework/spring-web@5.2.2.RELEASE 017
openws-1.5.4.jarpkg:maven/org.opensaml/openws@1.5.4 036
xmltooling-1.4.4.jarcpe:2.3:a:xmltooling_project:xmltooling:1.4.4:*:*:*:*:*:*:*pkg:maven/org.opensaml/xmltooling@1.4.4 0High30
not-yet-commons-ssl-0.3.9.jarcpe:2.3:a:not_yet_commons_ssl_project:not_yet_commons_ssl:0.3.9:*:*:*:*:*:*:*pkg:maven/ca.juliusdavies/not-yet-commons-ssl@0.3.9MEDIUM1Highest27
commons-httpclient-3.1.jarcpe:2.3:a:apache:commons-httpclient:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:3.1:*:*:*:*:*:*:*		pkg:maven/commons-httpclient/commons-httpclient@3.1 0Low21
commons-codec-1.13.jarpkg:maven/commons-codec/commons-codec@1.13 045
velocity-1.7.jarpkg:maven/org.apache.velocity/velocity@1.7 026
commons-collections-3.2.1.jarcpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.1CRITICAL3Highest38
commons-lang-2.6.jarpkg:maven/commons-lang/commons-lang@2.6 038
esapi-2.0.1.jarpkg:maven/org.owasp.esapi/esapi@2.0.1MEDIUM229
joda-time-2.10.5.jarpkg:maven/joda-time/joda-time@2.10.5 041
xmlsec-1.5.7.jarcpe:2.3:a:apache:santuario_xml_security_for_java:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:xml_security_for_java:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:xml_security_for_java:1.5.7:*:*:*:*:*:*:*		pkg:maven/org.apache.santuario/xmlsec@1.5.7 0Low46
spring-boot-starter-logging-2.2.2.RELEASE.jarpkg:maven/org.springframework.boot/spring-boot-starter-logging@2.2.2.RELEASE 014
jakarta.annotation-api-1.3.5.jarpkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5 035
spring-beans-5.2.2.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.2.2:*:*:*:*:*:*:*pkg:maven/org.springframework/spring-beans@5.2.2.RELEASE 0Low19
spring-expression-5.2.2.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.2.2:*:*:*:*:*:*:*pkg:maven/org.springframework/spring-expression@5.2.2.RELEASE 0Low19
spring-core-5.2.2.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_framework:5.2.2:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@5.2.2.RELEASE 0Low20
jackson-datatype-jdk8-2.10.1.jarcpe:2.3:a:fasterxml:jackson:2.10.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.10.1 0Highest41
jackson-datatype-jsr310-2.10.1.jarcpe:2.3:a:fasterxml:jackson:2.10.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.10.1 0Highest41
jackson-module-parameter-names-2.10.1.jarcpe:2.3:a:fasterxml:jackson:2.10.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.10.1 0Highest39
jackson-databind-2.10.1.jarcpe:2.3:a:fasterxml:jackson:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.10.1:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.1 0Highest41
tomcat-embed-websocket-9.0.29.jarcpe:2.3:a:apache:tomcat:9.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.29:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@9.0.29 0Highest36
tomcat-embed-core-9.0.29.jarcpe:2.3:a:apache:tomcat:9.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.29:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.29 0Highest33
tomcat-embed-el-9.0.29.jarpkg:maven/org.apache.tomcat.embed/tomcat-embed-el@9.0.29 032
jakarta.validation-api-2.0.1.jarpkg:maven/jakarta.validation/jakarta.validation-api@2.0.1 025
hibernate-validator-6.0.18.Final.jarcpe:2.3:a:hibernate:hibernate-validator:6.0.18:*:*:*:*:*:*:*pkg:maven/org.hibernate.validator/hibernate-validator@6.0.18.Final 0Highest37
commons-logging-1.1.1.jarpkg:maven/commons-logging/commons-logging@1.1.1 034
logback-classic-1.2.3.jarcpe:2.3:a:logback:logback:1.2.3:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-classic@1.2.3 0Highest35
log4j-to-slf4j-2.12.1.jarcpe:2.3:a:apache:log4j:2.12.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.12.1 0Highest46
jul-to-slf4j-1.7.29.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.29 030
spring-jcl-5.2.2.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.2.2:*:*:*:*:*:*:*pkg:maven/org.springframework/spring-jcl@5.2.2.RELEASE 0Low17
jackson-annotations-2.10.1.jarcpe:2.3:a:fasterxml:jackson:2.10.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.10.1 0Highest40
jackson-core-2.10.1.jarcpe:2.3:a:fasterxml:jackson:2.10.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.10.1 0Highest47
jboss-logging-3.4.1.Final.jarpkg:maven/org.jboss.logging/jboss-logging@3.4.1.Final 047
classmate-1.5.1.jarpkg:maven/com.fasterxml/classmate@1.5.1 049
bcprov-jdk15on-1.51.jarcpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.51:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/bcprov-jdk15on@1.510.013Highest36
logback-core-1.2.3.jarcpe:2.3:a:logback:logback:1.2.3:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.2.3 0Highest35
slf4j-api-1.7.29.jarpkg:maven/org.slf4j/slf4j-api@1.7.29 031
log4j-api-2.12.1.jarcpe:2.3:a:apache:log4j:2.12.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-api@2.12.1 0Highest48
postgresql-42.2.8.jarcpe:2.3:a:postgresql:postgresql:42.2.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.8:*:*:*:*:*:*:*		pkg:maven/org.postgresql/postgresql@42.2.8 0Highest54
snakeyaml-1.25.jarcpe:2.3:a:snakeyaml_project:snakeyaml:1.25:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@1.25 0Highest30
postgresql-42.2.8.jar (shaded: com.ongres.scram:client:2.1)pkg:maven/com.ongres.scram/client@2.1 011
postgresql-42.2.8.jar (shaded: com.ongres.scram:common:2.1)pkg:maven/com.ongres.scram/common@2.1 011
postgresql-42.2.8.jar (shaded: com.ongres.stringprep:saslprep:1.1)pkg:maven/com.ongres.stringprep/saslprep@1.1 09
postgresql-42.2.8.jar (shaded: com.ongres.stringprep:stringprep:1.1)pkg:maven/com.ongres.stringprep/stringprep@1.1 09

Dependencies

spring-security-saml2-service-provider-5.3.0.BUILD-SNAPSHOT.jar

File Path: /Users/yito/spring-security-saml-login/libs/org/springframework/security/spring-security-saml2-service-provider/5.3.0.BUILD-SNAPSHOT/spring-security-saml2-service-provider-5.3.0.BUILD-SNAPSHOT.jar
MD5: 72147b1c623e02c269ed236a7f417019
SHA1: 74176ae5f6da5483c78f0ac8cf2023869320062c
SHA256:66655f4bbb174c5eaf65d2616e6af605f6bc993a7c3190e91372f5dc7db63870
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:runtime
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:compile
  • spring-security-saml-login:runtimeClasspath

Identifiers

CVE-2018-1258  

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CWE-863 Incorrect Authorization

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

spring-boot-starter-security-2.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-security/2.2.2.RELEASE/4644039ba9ff9e74b41d92a715d7e7640ba0e7f5/spring-boot-starter-security-2.2.2.RELEASE.jar
MD5: 507e99f480548dec814fdc459b2dfe33
SHA1: 4644039ba9ff9e74b41d92a715d7e7640ba0e7f5
SHA256:02e14f254d801a662d0e83490a4e38a137775b217a8350a766cede0f7f7212bc
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

spring-boot-starter-web-2.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-web/2.2.2.RELEASE/3e15f18a4dafd499b900082f3cc25bb11ea91821/spring-boot-starter-web-2.2.2.RELEASE.jar
MD5: f574939a264f4270037579e8228f7606
SHA1: 3e15f18a4dafd499b900082f3cc25bb11ea91821
SHA256:005f7c156eb9216c2d814fe3429f89ca0307bd3a7e8c70ce2c9c456ca1279962
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

opensaml-2.6.4.jar

Description:

        The OpenSAML-J library provides tools to support developers working with the Security Assertion Markup Language
        (SAML).

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.opensaml/opensaml/2.6.4/de2c742b770bd58328fd05ebd9d9efc85f79d88c/opensaml-2.6.4.jar
MD5: 70e20154abc9a94e230b5679e3603e5a
SHA1: de2c742b770bd58328fd05ebd9d9efc85f79d88c
SHA256:b8297a0b783113a5e0113ee69683addf99194b3ff981c0c90b85dda492f30064
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

CVE-2015-1796 (OSSINDEX)  

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.opensaml:opensaml:2.6.4:*:*:*:*:*:*:*

spring-boot-starter-json-2.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-json/2.2.2.RELEASE/7ef93e43938abf3064cce9b7317bdb8278060437/spring-boot-starter-json-2.2.2.RELEASE.jar
MD5: 38ea724b60ed821b3de68250063b70cc
SHA1: 7ef93e43938abf3064cce9b7317bdb8278060437
SHA256:bd393d66fe5fa969e2cc39e8f62539ab73dd6e06f1b5bec79d7f5dfd2ef260b2
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

spring-boot-starter-validation-2.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-validation/2.2.2.RELEASE/ef3ac3571ae518f22117e8bce826970b358f3cdf/spring-boot-starter-validation-2.2.2.RELEASE.jar
MD5: 29007604e0e73f74ecc893a69479c5ea
SHA1: ef3ac3571ae518f22117e8bce826970b358f3cdf
SHA256:cfaabe379dccb0ff3c1bd97a7046f956e6b65573c7a809295d5716a4863aa9d9
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

spring-boot-starter-2.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter/2.2.2.RELEASE/1f8bb1e33a900c95dc31011e0998b70929d05a68/spring-boot-starter-2.2.2.RELEASE.jar
MD5: 2871f29bf58317e77907f49c9913b82c
SHA1: 1f8bb1e33a900c95dc31011e0998b70929d05a68
SHA256:1a42d8e35c2f00b7ce751e8a6e11a059a58176c5a97ba76a11673485d7e16812
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

spring-security-config-5.2.1.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-config/5.2.1.RELEASE/8f49e12035d0357b5f35e254334ea06d4585cf01/spring-security-config-5.2.1.RELEASE.jar
MD5: cf21988164811c34c25c5d512d6d34e2
SHA1: 8f49e12035d0357b5f35e254334ea06d4585cf01
SHA256:83478f549c82c1ba9b3aa7f042e19c43b05cce6dbc0084755003b53b79ee8be7
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

CVE-2018-1258  

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CWE-863 Incorrect Authorization

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

spring-security-web-5.2.1.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-web/5.2.1.RELEASE/9e43c2d8d2dffc60bfba8ac95a106d30e9593106/spring-security-web-5.2.1.RELEASE.jar
MD5: f771efbaf1e50b4def5f3e019df021be
SHA1: 9e43c2d8d2dffc60bfba8ac95a106d30e9593106
SHA256:816e4fa4dce2e782b1e5eee5fd6d8ae75290ca92b894b5c504bda25a111a26b9
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

CVE-2018-1258  

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CWE-863 Incorrect Authorization

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

spring-webmvc-5.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-webmvc/5.2.2.RELEASE/a0e9e88a296c09850f92318872f4dee9f62c8c13/spring-webmvc-5.2.2.RELEASE.jar
MD5: ac88114f687d16d181769ad5d1a49ff0
SHA1: a0e9e88a296c09850f92318872f4dee9f62c8c13
SHA256:e3da078986c603697551349f84c062c0322d7a564a2f4cddf8fcf324ebbd6a08
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

spring-security-core-5.2.1.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-core/5.2.1.RELEASE/f1265ecdd4636a2038768c2ab9da4b79961a3465/spring-security-core-5.2.1.RELEASE.jar
MD5: 8dad6a85f53ab899d210ed36994528de
SHA1: f1265ecdd4636a2038768c2ab9da4b79961a3465
SHA256:97e138c645df205b15e044a2e7fe6ebad0b5ce5ff9d9d4aacc689bd1ce828c77
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

CVE-2018-1258  

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CWE-863 Incorrect Authorization

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

spring-boot-autoconfigure-2.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-autoconfigure/2.2.2.RELEASE/2e7876e237097d36bfffd5ce3416930f6d6b579c/spring-boot-autoconfigure-2.2.2.RELEASE.jar
MD5: dd29905d16e949abb5c2218249f7664f
SHA1: 2e7876e237097d36bfffd5ce3416930f6d6b579c
SHA256:4a7c5e6a0c58f329aeedda17f2c2b6b750d9c77c3300b03d807f750818f7a2c5
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

spring-boot-2.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot/2.2.2.RELEASE/cc636f24a5ebbfb21f1c8c30ed9c3b13512c16ec/spring-boot-2.2.2.RELEASE.jar
MD5: 92d78e26ff34c5b508f82fda173e3b17
SHA1: cc636f24a5ebbfb21f1c8c30ed9c3b13512c16ec
SHA256:17c61775a96aa2e3b0e9da79ee194f60828c45678f161a68e32e8b60e2d7009a
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

spring-context-5.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-context/5.2.2.RELEASE/a77a18fa425eba9c55447fa0711e2dbfbf71907b/spring-context-5.2.2.RELEASE.jar
MD5: 6e8cd67b25cd9796d4b193cbddf24261
SHA1: a77a18fa425eba9c55447fa0711e2dbfbf71907b
SHA256:bb9ed510c61e44b4d39b4e27eb6dfa1737914ee10e4d915a9d757114dbd01fd0
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

spring-aop-5.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-aop/5.2.2.RELEASE/899739cf7f338f6297aa9eb25ea8b16338fe4e6d/spring-aop-5.2.2.RELEASE.jar
MD5: 312eecf5bee066739670e2648e5d3cd9
SHA1: 899739cf7f338f6297aa9eb25ea8b16338fe4e6d
SHA256:fdd91ca946d7e8afd33edbdab99fe04cb5a62988fc6d95d60fdf1444b48b9c21
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

spring-boot-starter-tomcat-2.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-tomcat/2.2.2.RELEASE/cd343e40e4de11f78d6d70f3f35f4ca93ea9de9f/spring-boot-starter-tomcat-2.2.2.RELEASE.jar
MD5: d30abc7e924870caef0262b07ac62228
SHA1: cd343e40e4de11f78d6d70f3f35f4ca93ea9de9f
SHA256:6d87066a8dae2a8d48efd7a781843bb0e53ac010ff113bbdfaac2df9d771a086
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

spring-web-5.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-web/5.2.2.RELEASE/d9b0a8079b7d604f134e3054127a7aeba65949a5/spring-web-5.2.2.RELEASE.jar
MD5: 8c1caecd2cd2a8e8c116f44d862e1daa
SHA1: d9b0a8079b7d604f134e3054127a7aeba65949a5
SHA256:b99203146edecf0c28d0c930f91526e1237cd4048ad5022cabaeab5ac4e4bb83
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

openws-1.5.4.jar

Description:

        The OpenWS library provides a growing set of tools to work with web services at a low level. These tools include
        classes for creating and reading SOAP messages, transport-independent clients for connecting to web services,
        and various transports for use with those clients.

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.opensaml/openws/1.5.4/942bd987e5956fcdf1eaa56cde87112ea871d0e8/openws-1.5.4.jar
MD5: 5b5f0fbe27277f2d119d4c4feab48a12
SHA1: 942bd987e5956fcdf1eaa56cde87112ea871d0e8
SHA256:6bb7ed759c3c5318ee44cfe1cf483a91e31688df78b9501fcebd05dca559df76
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

xmltooling-1.4.4.jar

Description:

XMLTooling-J is a low-level library that may be used to construct libraries that allow developers to work with XML in a Java beans manner.

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.opensaml/xmltooling/1.4.4/8cf44998d4b9cca5f9eeb47cc95d95cea9f86714/xmltooling-1.4.4.jar
MD5: 03e3929084aabe1b2a91a191a6932a57
SHA1: 8cf44998d4b9cca5f9eeb47cc95d95cea9f86714
SHA256:b2fb3f2b0c0c62b3aae6d83ccc127b972a0fd64b494fb435fdb4bbbaf329ddbd
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

not-yet-commons-ssl-0.3.9.jar

Description:

A Java SSL component library

License:

Apache License v2: http://juliusdavies.ca/commons-ssl/LICENSE.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/ca.juliusdavies/not-yet-commons-ssl/0.3.9/e20f0960c000681c91d00de846a43cf2051b8f69/not-yet-commons-ssl-0.3.9.jar
MD5: 478a6177330a0098435828a8409f49c1
SHA1: e20f0960c000681c91d00de846a43cf2051b8f69
SHA256:198100753dbc631c97a8e86422c12630a0c3d89d06b33313a3c2550af651c174
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

CVE-2014-3604  

Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

commons-httpclient-3.1.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/commons-httpclient/commons-httpclient/3.1/964cd74171f427720480efdec40a7c7f6e58426a/commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
SHA256:dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

commons-codec-1.13.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/commons-codec/commons-codec/1.13/3f18e1aa31031d89db6f01ba05d501258ce69d2c/commons-codec-1.13.jar
MD5: 5085f186156822fa3a02e55bcd5584a8
SHA1: 3f18e1aa31031d89db6f01ba05d501258ce69d2c
SHA256:61f7a3079e92b9fdd605238d0295af5fd11ac411a0a0af48deace1f6c5ffa072
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

velocity-1.7.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.apache.velocity/velocity/1.7/2ceb567b8f3f21118ecdec129fe1271dbc09aa7a/velocity-1.7.jar
MD5: 3692dd72f8367cb35fb6280dc2916725
SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7a
SHA256:ec92dae810034f4b46dbb16ef4364a4013b0efb24a8c5dd67435cae46a290d8e
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

commons-collections-3.2.1.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/commons-collections/commons-collections/3.2.1/761ea405b9b37ced573d2df0d1e3a4e0f9edc668/commons-collections-3.2.1.jar
MD5: 13bc641afd7fd95e09b260f69c1e4c91
SHA1: 761ea405b9b37ced573d2df0d1e3a4e0f9edc668
SHA256:87363a4c94eaabeefd8b930cb059f66b64c9f7d632862f23de3012da7660047b
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

CVE-2015-6420  

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-15708  

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

Remote code execution (OSSINDEX)  

> It was found that a flaw in commons-collection library allowed remote code execution wherever deserialization occurs. While JBoss doesnt expose the JMXInvokerServlet by default, other interfaces where deserialization occur might be vulnerable.
> 
> -- [redhat.com](https://bugzilla.redhat.com/show_bug.cgi?id=1279330)
Unscored:
  • Severity: 0.0

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:commons-collections:commons-collections:3.2.1:*:*:*:*:*:*:*

commons-lang-2.6.jar

Description:

        Commons Lang, a package of Java utility classes for the
        classes that are in java.lang's hierarchy, or are considered to be so
        standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/commons-lang/commons-lang/2.6/ce1edb914c94ebc388f086c6827e8bdeec71ac2/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256:50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

esapi-2.0.1.jar

Description:

The Enterprise Security API (ESAPI) project is an OWASP project
        to create simple strong security controls for every web platform.
        Security controls are not simple to build. You can read about the
        hundreds of pitfalls for unwary developers on the OWASP website. By
        providing developers with a set of strong controls, we aim to
        eliminate some of the complexity of creating secure web applications.
        This can result in significant cost savings across the SDLC.

License:

BSD: http://www.opensource.org/licenses/bsd-license.php
Creative Commons 3.0 BY-SA: http://creativecommons.org/licenses/by-sa/3.0/
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.owasp.esapi/esapi/2.0.1/2ea3b87c948dbc0c77a17fe24fda961ecc38c6f2/esapi-2.0.1.jar
MD5: 90c61b27a98c1e0940381b47efe93852
SHA1: 2ea3b87c948dbc0c77a17fe24fda961ecc38c6f2
SHA256:337ce7afc69ebed3851ba512060615e77ad488252cab210803b1e129da506302
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

CVE-2013-5679 (OSSINDEX)  

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length.
CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:L/AC:H/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.owasp.esapi:esapi:2.0.1:*:*:*:*:*:*:*

CVE-2013-5960 (OSSINDEX)  

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679.
CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.owasp.esapi:esapi:2.0.1:*:*:*:*:*:*:*

joda-time-2.10.5.jar

Description:

Date and time library to replace JDK date handling

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/joda-time/joda-time/2.10.5/7f1d89817cd20a32444d5ab4160f035ab9b864e7/joda-time-2.10.5.jar
MD5: a64a54718846cf874324c0967f74e57e
SHA1: 7f1d89817cd20a32444d5ab4160f035ab9b864e7
SHA256:4ee73e7ff8e2df0d4e3408cf1a1527a59f265dd9fb43fb9b2eb818d87f93759e
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

xmlsec-1.5.7.jar

Description:

        Apache XML Security for Java supports XML-Signature Syntax and Processing,
        W3C Recommendation 12 February 2002, and XML Encryption Syntax and
        Processing, W3C Recommendation 10 December 2002. As of version 1.4,
        the library supports the standard Java API JSR-105: XML Digital Signature APIs.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.apache.santuario/xmlsec/1.5.7/89f0e0cd84243a9e48253dcbf8a360e5bdba2de/xmlsec-1.5.7.jar
MD5: 6581ee28bca500739d14eb8119ff3a40
SHA1: 089f0e0cd84243a9e48253dcbf8a360e5bdba2de
SHA256:392617e40d961d3910a924d7d4ee893912e860a4d55e8f2b0e18cd4cc60b243f
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

spring-boot-starter-logging-2.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-logging/2.2.2.RELEASE/dd6b1771f1b3288b332cd41705aadcb2aebda221/spring-boot-starter-logging-2.2.2.RELEASE.jar
MD5: 29bc9ee23dd7ce947c40dc8887f72369
SHA1: dd6b1771f1b3288b332cd41705aadcb2aebda221
SHA256:0735cdc388c6cad4e19596f9b110addf87c75fe908115fc12566c0df53dd69cd
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

jakarta.annotation-api-1.3.5.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/jakarta.annotation/jakarta.annotation-api/1.3.5/59eb84ee0d616332ff44aba065f3888cf002cd2d/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256:85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

spring-beans-5.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-beans/5.2.2.RELEASE/81e4d9cc2e8fac88ab4eb7325c4521bd07c6389c/spring-beans-5.2.2.RELEASE.jar
MD5: a9d90d08943a10cb063ca121b228b3c4
SHA1: 81e4d9cc2e8fac88ab4eb7325c4521bd07c6389c
SHA256:58f16fa6718d9e2a456036b681b68dc38802c0da6c90feaf1e63a160b3b74cac
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

spring-expression-5.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-expression/5.2.2.RELEASE/eb93bc4d4eb8e0bee60ea910e0fd615869336643/spring-expression-5.2.2.RELEASE.jar
MD5: 2beb78ccde56444dd683d7ddeb23a949
SHA1: eb93bc4d4eb8e0bee60ea910e0fd615869336643
SHA256:8e7c7de72ca95ee5c4adeb5d07f37f20e5607e2ef606c34a244ea8f94f5bbe33
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

spring-core-5.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.2.2.RELEASE/bfcf2f6d0494d89db63ae170b8491223c93a88dc/spring-core-5.2.2.RELEASE.jar
MD5: af31f2ae937e45b71fa038cc0c010019
SHA1: bfcf2f6d0494d89db63ae170b8491223c93a88dc
SHA256:94459936895f669c8bdd794be79850b73a9b980cc01a4aec88f373f150002b70
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

jackson-datatype-jdk8-2.10.1.jar

Description:

Add-on module for Jackson (http://jackson.codehaus.org) to support
JDK 8 data types.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.datatype/jackson-datatype-jdk8/2.10.1/db9247b3eb6f07520ff6ff6d1070439edd6803c3/jackson-datatype-jdk8-2.10.1.jar
MD5: 5ed821ec4bb9f16056a74c228f5a0788
SHA1: db9247b3eb6f07520ff6ff6d1070439edd6803c3
SHA256:05c45b1441e74ea5e4b0c7a20823d2c7cfded946108902b5691a129e78f60515
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

jackson-datatype-jsr310-2.10.1.jar

Description:

Add-on module to support JSR-310 (Java 8 Date & Time API) data types.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.10.1/52ee272b0181a1c0df5c931235c494b1e0e022d0/jackson-datatype-jsr310-2.10.1.jar
MD5: f84efaf51bbfc3c8a783168dcb24c99a
SHA1: 52ee272b0181a1c0df5c931235c494b1e0e022d0
SHA256:5e7d0363068e3d42ac7f6234c88ade8867174009866e6f00f496edb5b295b56f
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

jackson-module-parameter-names-2.10.1.jar

Description:

Add-on module for Jackson (http://jackson.codehaus.org) to support
introspection of method/constructor parameter names, without having to add explicit property name annotation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.module/jackson-module-parameter-names/2.10.1/6643b48d7dab2fb8c874526bea13ce4cd1a76cb9/jackson-module-parameter-names-2.10.1.jar
MD5: 423bbff0e614dd71733ac716416cf4d8
SHA1: 6643b48d7dab2fb8c874526bea13ce4cd1a76cb9
SHA256:e8083b8aef3704fd8a1032454d1d80ad5e250a678fbb3bc8ac89c0f0567badf3
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

jackson-databind-2.10.1.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.10.1/18eee15ffc662d27538d5b6ee84e4c92c0a9d03e/jackson-databind-2.10.1.jar
MD5: 5be002ede268ddc0a2ea1b9bc5baceb8
SHA1: 18eee15ffc662d27538d5b6ee84e4c92c0a9d03e
SHA256:2d23f47001492233565adf5a34f225f2ae89564cee08024873ec36b7842ede46
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

tomcat-embed-websocket-9.0.29.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-websocket/9.0.29/57a550a531648dd665444f11d45c352a6978c7b6/tomcat-embed-websocket-9.0.29.jar
MD5: 08da7687d4b7a04162cce01f9c0cef42
SHA1: 57a550a531648dd665444f11d45c352a6978c7b6
SHA256:e7b5626f690706c4bc38886407d0d0eb0626a95245ba6f397b3868ca194e8525
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

tomcat-embed-core-9.0.29.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/9.0.29/207dc9ca4215853d96ed695862f9873001f02a4b/tomcat-embed-core-9.0.29.jar
MD5: 44be753971eba479c2b05683f570c1d2
SHA1: 207dc9ca4215853d96ed695862f9873001f02a4b
SHA256:eacbae5a6436e47fdcbd4e961df20bdc53a50e325ff8739b412578c0429d70ee
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

tomcat-embed-el-9.0.29.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-el/9.0.29/3c1186083cb613c18949ffac21d856ecf8cdfd13/tomcat-embed-el-9.0.29.jar
MD5: 1d8c3ae258beaf968a6611709bfff2d8
SHA1: 3c1186083cb613c18949ffac21d856ecf8cdfd13
SHA256:4957e123d0521c624315c3bf3b2385b9dc1e704eb46b65a3c01e58f3d40cf262
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

jakarta.validation-api-2.0.1.jar

Description:

        Bean Validation API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/jakarta.validation/jakarta.validation-api/2.0.1/5a864a58587cd76243b8ec55dd7115c9eac25c08/jakarta.validation-api-2.0.1.jar
MD5: 14e2c4707c5a54d143f99406a7c385d0
SHA1: 5a864a58587cd76243b8ec55dd7115c9eac25c08
SHA256:cbd4097d66194f4793c59d8d145915313717caebb8bd3590ae6f716eadc8d351
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

hibernate-validator-6.0.18.Final.jar

Description:

Hibernate's Bean Validation (JSR-380) reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.hibernate.validator/hibernate-validator/6.0.18.Final/7fd00bcd87e14b6ba66279282ef15efa30dd2492/hibernate-validator-6.0.18.Final.jar
MD5: d3eeb4f1bf013d939b86dfc34b0c6a5d
SHA1: 7fd00bcd87e14b6ba66279282ef15efa30dd2492
SHA256:79fb11445bc48e1ea6fb259e825d58b3c9a5fa2b7e3c9527e41e4aeda82de907
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

commons-logging-1.1.1.jar

Description:

Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/commons-logging/commons-logging/1.1.1/5043bfebc3db072ed80fbd362e7caf00e885d8ae/commons-logging-1.1.1.jar
MD5: ed448347fc0104034aa14c8189bf37de
SHA1: 5043bfebc3db072ed80fbd362e7caf00e885d8ae
SHA256:ce6f913cad1f0db3aad70186d65c5bc7ffcc9a99e3fe8e0b137312819f7c362f
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

logback-classic-1.2.3.jar

Description:

logback-classic module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.2.3/7c4f3c474fb2c041d8028740440937705ebb473a/logback-classic-1.2.3.jar
MD5: 64f7a68f931aed8e5ad8243470440f0b
SHA1: 7c4f3c474fb2c041d8028740440937705ebb473a
SHA256:fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

log4j-to-slf4j-2.12.1.jar

Description:

The Apache Log4j binding between Log4j 2 API and SLF4J.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.apache.logging.log4j/log4j-to-slf4j/2.12.1/dfb42ea8ce1a399bcf7218efe8115a0b7ab3788a/log4j-to-slf4j-2.12.1.jar
MD5: a6fdf03c03b6f5fac5a978031a06777e
SHA1: dfb42ea8ce1a399bcf7218efe8115a0b7ab3788a
SHA256:69d4aa504294033ea0d1236aabe81ed3f6393b6eb42e61899b197a51a3df73e9
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

jul-to-slf4j-1.7.29.jar

Description:

JUL to SLF4J bridge

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.slf4j/jul-to-slf4j/1.7.29/f58dd9d8c15a1141a48de53d2d6b723ae6cf18d6/jul-to-slf4j-1.7.29.jar
MD5: e98450d2de8fb9ffe4fe2f4994462fe1
SHA1: f58dd9d8c15a1141a48de53d2d6b723ae6cf18d6
SHA256:ac6f86a0afe572c505c88bfd8a79e86b3508926d8cca14533fbda8cb83634a26
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

spring-jcl-5.2.2.RELEASE.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.springframework/spring-jcl/5.2.2.RELEASE/35efd564bf664c0bf53bd336b583391a7f872da7/spring-jcl-5.2.2.RELEASE.jar
MD5: eaccb423ee1c9f3cf57f1715393147e5
SHA1: 35efd564bf664c0bf53bd336b583391a7f872da7
SHA256:db6ec0aa5330ab84a78933fd2c27db83581e3f0adbc1a562013c8647b3935dbd
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

jackson-annotations-2.10.1.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-annotations/2.10.1/54d72475c0d6819f2d0e9a09d25c3ed876a4972f/jackson-annotations-2.10.1.jar
MD5: 49683a3cf8e92c00c24262e8fac64ee5
SHA1: 54d72475c0d6819f2d0e9a09d25c3ed876a4972f
SHA256:673f8ae16becea4fa937404b3a851417faf42df3bbc592028bbe2bfe0cc9d8cb
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

jackson-core-2.10.1.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-core/2.10.1/2c8b5e26ba40e5f91eb37a24075a2028b402c5f9/jackson-core-2.10.1.jar
MD5: 5bc20efba282bb641e3b42de153e45bc
SHA1: 2c8b5e26ba40e5f91eb37a24075a2028b402c5f9
SHA256:79bffbdcd349f69a5ac252e2b4096131704386af4fa14d95395ea9a0e423cf33
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

jboss-logging-3.4.1.Final.jar

Description:

The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.jboss.logging/jboss-logging/3.4.1.Final/40fd4d696c55793e996d1ff3c475833f836c2498/jboss-logging-3.4.1.Final.jar
MD5: 52ee373b84e39570c78c0815006375bc
SHA1: 40fd4d696c55793e996d1ff3c475833f836c2498
SHA256:8efe877d93e5e1057a1388b2950503b88b0c28447364fde08adbec61e524eeb8
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

classmate-1.5.1.jar

Description:

Library for introspecting types with full generic information
        including resolving of field and method types.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/com.fasterxml/classmate/1.5.1/3fe0bed568c62df5e89f4f174c101eab25345b6c/classmate-1.5.1.jar
MD5: e91fcd30ba329fd1b0b6dc5321fd067c
SHA1: 3fe0bed568c62df5e89f4f174c101eab25345b6c
SHA256:aab4de3006808c09d25dd4ff4a3611cfb63c95463cfd99e73d2e1680d229a33b
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

bcprov-jdk15on-1.51.jar

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.51/9ab8afcc2842d5ef06eb775a0a2b12783b99aa80/bcprov-jdk15on-1.51.jar
MD5: b202b2dde200e0d1b714f6e867e29ee4
SHA1: 9ab8afcc2842d5ef06eb775a0a2b12783b99aa80
SHA256:8748f0ec73895f7f18c1a9c13cf754fddddf0451cf472463ef02f93c3e7a7de7
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

CVE-2015-6644 (OSSINDEX)  

> An information disclosure vulnerability in Bouncy Castle could enable a local malicious application to gain access to user?s private information
> 
> -- [source.android.com](https://source.android.com/security/bulletin/2016-01-01#information_disclosure_vulnerability_in_bouncy_castle)
Unscored:
  • Severity: 0.0

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.51:*:*:*:*:*:*:*

CVE-2016-1000338  

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
CWE-347 Improper Verification of Cryptographic Signature

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000339  

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000340  

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.
CWE-19 Data Processing Errors

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000341  

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.
CWE-361 7PK - Time and State

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000342  

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
CWE-347 Improper Verification of Cryptographic Signature

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000343  

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000344  

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000345  

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.
CWE-361 7PK - Time and State

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000346  

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.
CWE-320 Key Management Errors

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: LOW (3.7)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000352  

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

CVE-2017-13098  

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."
CWE-203 Information Exposure Through Discrepancy

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2018-1000613  

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

logback-core-1.2.3.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.2.3/864344400c3d4d92dfeb0a305dc87d953677c03c/logback-core-1.2.3.jar
MD5: 841fc80c6edff60d947a3872a2db4d45
SHA1: 864344400c3d4d92dfeb0a305dc87d953677c03c
SHA256:5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

slf4j-api-1.7.29.jar

Description:

The slf4j API

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.slf4j/slf4j-api/1.7.29/e56bf4473a4c6b71c7dd397a833dce86d1993d9d/slf4j-api-1.7.29.jar
MD5: 75191c97f2d6ef4f990cbb4b2e56a46b
SHA1: e56bf4473a4c6b71c7dd397a833dce86d1993d9d
SHA256:47b624903c712f9118330ad2fb91d0780f7f666c3f22919d0fc14522c5cad9ea
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

log4j-api-2.12.1.jar

Description:

The Apache Log4j API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.apache.logging.log4j/log4j-api/2.12.1/a55e6d987f50a515c9260b0451b4fa217dc539cb/log4j-api-2.12.1.jar
MD5: 4a6f276d4fb426c8d489343c0325bb75
SHA1: a55e6d987f50a515c9260b0451b4fa217dc539cb
SHA256:429534d03bdb728879ab551d469e26f6f7ff4c8a8627f59ac68ab6ef26063515
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:compileClasspath
  • spring-security-saml-login:runtimeClasspath

Identifiers

postgresql-42.2.8.jar

Description:

Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.postgresql/postgresql/42.2.8/6f394c7df5600d11b221f356ff020440d2ece44f/postgresql-42.2.8.jar
MD5: e6dcc1898639407bf530b7a34e870b55
SHA1: 6f394c7df5600d11b221f356ff020440d2ece44f
SHA256:7fb81e74f5c25a5c40a997d9b83333fdd3b5d63a0b3d61cba6d562c7e3a7f3f6
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:runtimeClasspath

Identifiers

snakeyaml-1.25.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.25/8b6e01ef661d8378ae6dd7b511a7f2a33fae1421/snakeyaml-1.25.jar
MD5: 6f7d5b8f596047aae07a3bf6f23a0bf2
SHA1: 8b6e01ef661d8378ae6dd7b511a7f2a33fae1421
SHA256:b50ef33187e7dc922b26dbe4dd0fdb3a9cf349e75a08b95269901548eee546eb
Referenced In Projects/Scopes:
  • spring-security-saml-login:default
  • spring-security-saml-login:runtimeClasspath

Identifiers

postgresql-42.2.8.jar (shaded: com.ongres.scram:client:2.1)

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.postgresql/postgresql/42.2.8/6f394c7df5600d11b221f356ff020440d2ece44f/postgresql-42.2.8.jar/META-INF/maven/com.ongres.scram/client/pom.xml
MD5: d44ba6611fd087ee5a71d35b7d43fc69
SHA1: e16fb7eb05c6aa8f57c9537984945ca977725f25
SHA256:505139adab5a5996a1ebe7d1bba3f64464da03eced9536ee3d0d1e20a6e1c9c1
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:runtimeClasspath

Identifiers

postgresql-42.2.8.jar (shaded: com.ongres.scram:common:2.1)

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.postgresql/postgresql/42.2.8/6f394c7df5600d11b221f356ff020440d2ece44f/postgresql-42.2.8.jar/META-INF/maven/com.ongres.scram/common/pom.xml
MD5: d9fc000bf8e0c6065fa6d8a6496c5dd9
SHA1: 7f04a8f7ef939145a08b4ff4e2bda9072930b9fa
SHA256:548cef1a8224ad8e6bb1c43ece93876318d6d6eee061281e2313a153167b9a50
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:runtimeClasspath

Identifiers

postgresql-42.2.8.jar (shaded: com.ongres.stringprep:saslprep:1.1)

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.postgresql/postgresql/42.2.8/6f394c7df5600d11b221f356ff020440d2ece44f/postgresql-42.2.8.jar/META-INF/maven/com.ongres.stringprep/saslprep/pom.xml
MD5: a5b7df676b0475feb21ddc97db19ca85
SHA1: 9e6e646a4ef8a03984c527f03b83b428423ea193
SHA256:c2bc2501a0e0e58d8a406a8a28d0992c525f1cb62cb32e4cc65764920066222a
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:runtimeClasspath

Identifiers

postgresql-42.2.8.jar (shaded: com.ongres.stringprep:stringprep:1.1)

File Path: /Users/yito/.gradle/caches/modules-2/files-2.1/org.postgresql/postgresql/42.2.8/6f394c7df5600d11b221f356ff020440d2ece44f/postgresql-42.2.8.jar/META-INF/maven/com.ongres.stringprep/stringprep/pom.xml
MD5: ab9b0c129a755f957339d7cdc4114ef8
SHA1: 7c137f886ac3a0bf416a0b989727ad940c96fac6
SHA256:5f39c886ea463198bccb7e8db48f9f53055f67d917adc0f5c8e299ed1bd1002d
Referenced In Projects/Scopes:

  • spring-security-saml-login:default
  • spring-security-saml-login:runtimeClasspath

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.