Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Waarp Password Management GUI and Console

Waarp:WaarpPassword:3.6.2-jre8

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
checker-qual-3.12.0.jarpkg:maven/org.checkerframework/checker-qual@3.12.0 048
commons-beanutils-1.9.4.jarcpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.4 0Highest170
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest86
commons-collections4-4.4.jarcpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.4 0Highest107
commons-compress-1.21.jarcpe:2.3:a:apache:commons_compress:1.21:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.21 0Highest107
commons-daemon-1.3.1.jarcpe:2.3:a:apache:apache_commons_daemon:1.3.1:*:*:*:*:*:*:*pkg:maven/commons-daemon/commons-daemon@1.3.1 0Low80
commons-dbcp-1.4.jarpkg:maven/commons-dbcp/commons-dbcp@1.4 096
commons-dbcp2-2.9.0.jarpkg:maven/org.apache.commons/commons-dbcp2@2.9.0 0112
commons-io-2.11.0.jarcpe:2.3:a:apache:commons_io:2.11.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.11.0 0Highest125
commons-logging-1.2.jarpkg:maven/commons-logging/commons-logging@1.2 0117
commons-pool-1.6.jarpkg:maven/commons-pool/commons-pool@1.6 075
commons-pool2-2.11.1.jarpkg:maven/org.apache.commons/commons-pool2@2.11.1 092
dom4j-2.1.3.jarcpe:2.3:a:dom4j_project:dom4j:2.1.3:*:*:*:*:*:*:*pkg:maven/org.dom4j/dom4j@2.1.3 0Highest20
error_prone_annotations-2.11.0.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.11.0 023
failureaccess-1.0.1.jarpkg:maven/com.google.guava/failureaccess@1.0.1 030
guava-31.1-jre.jarcpe:2.3:a:google:guava:31.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@31.1-jre 0Highest27
h2-1.4.200.jarcpe:2.3:a:h2database:h2:1.4.200:*:*:*:*:*:*:*pkg:maven/com.h2database/h2@1.4.200CRITICAL3Highest44
h2-1.4.200.jar: data.zip: table.js 00
h2-1.4.200.jar: data.zip: tree.js 00
j2objc-annotations-1.3.jarpkg:maven/com.google.j2objc/j2objc-annotations@1.3 024
jackson-core-2.13.3.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.13.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.13.3 0Low51
jackson-databind-2.13.3.jarcpe:2.3:a:fasterxml:jackson-databind:2.13.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.3:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.3 0Highest45
jackson-dataformat-smile-2.13.3.jarcpe:2.3:a:fasterxml:jackson-dataformats-binary:2.13.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-smile@2.13.3 0Low43
javax.ws.rs-api-2.1.1.jarcpe:2.3:a:eclipse:eclipse_ide:2.1.1:*:*:*:*:*:*:*pkg:maven/javax.ws.rs/javax.ws.rs-api@2.1.1MEDIUM2Highest44
jaxen-1.2.0.jarpkg:maven/jaxen/jaxen@1.2.0 0117
jcl-over-slf4j-1.7.36.jarpkg:maven/org.slf4j/jcl-over-slf4j@1.7.36 033
joda-time-2.10.14.jarcpe:2.3:a:time_project:time:2.10.14:*:*:*:*:*:*:*pkg:maven/joda-time/joda-time@2.10.14 0Highest47
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
jul-to-slf4j-1.7.36.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.36 028
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarpkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava 013
log4j-core-2.18.0.jarcpe:2.3:a:apache:log4j:2.18.0:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-core@2.18.0 0Highest50
log4j-over-slf4j-1.7.36.jarpkg:maven/org.slf4j/log4j-over-slf4j@1.7.36 029
log4j-to-slf4j-2.18.0.jarpkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.18.0 046
logback-core-1.2.11.jarcpe:2.3:a:qos:logback:1.2.11:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.2.11 0Highest35
mariadb-java-client-3.0.6.jarcpe:2.3:a:mariadb:mariadb:3.0.6:*:*:*:*:*:*:*pkg:maven/org.mariadb.jdbc/mariadb-java-client@3.0.6HIGH14Highest47
mysql-connector-java-8.0.20.jarcpe:2.3:a:mysql:mysql:8.0.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_connector\/j:8.0.20:*:*:*:*:*:*:*		pkg:maven/mysql/mysql-connector-java@8.0.20MEDIUM2Highest44
netty-common-4.1.78.Final.jar (shaded: org.jctools:jctools-core:3.1.0)pkg:maven/org.jctools/jctools-core@3.1.0 09
netty-http-java6-1.5.0.jarpkg:maven/Waarp/netty-http-java6@1.5.0 030
netty-tcnative-classes-2.0.53.Final.jarcpe:2.3:a:openssl:openssl:2.0.53:*:*:*:*:*:*:*pkg:maven/io.netty/netty-tcnative-classes@2.0.53.Final 0Low36
netty-transport-4.1.78.Final.jarcpe:2.3:a:netty:netty:4.1.78:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport@4.1.78.Final 0Highest32
postgresql-42.4.0.jarcpe:2.3:a:postgresql:postgresql_jdbc_driver:42.4.0:*:*:*:*:*:*:*pkg:maven/org.postgresql/postgresql@42.4.0 0Low71
protobuf-java-3.6.1.jarcpe:2.3:a:google:protobuf-java:3.6.1:*:*:*:*:*:*:*pkg:maven/com.google.protobuf/protobuf-java@3.6.1MEDIUM1Highest25
slf4j-api-1.7.36.jarpkg:maven/org.slf4j/slf4j-api@1.7.36 029
xercesImpl-2.12.2.jarcpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:*pkg:maven/xerces/xercesImpl@2.12.2MEDIUM1Low83
zjsonpatch-0.4.12.jarpkg:maven/com.flipkart.zjsonpatch/zjsonpatch@0.4.12 026

Dependencies

checker-qual-3.12.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /home/frederic/.m2/repository/org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.jar
MD5: ab1ae0e2f2f63601597a5a96fca8a54f
SHA1: d5692f0526415fcc6de94bb5bfbd3afd9dd3b3e5
SHA256:ff10785ac2a357ec5de9c293cb982a2cbb605c0309ea4cc1cb9b9bc6dbe7f3cb
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

commons-compress-1.21.jar

Description:

Apache Commons Compress software defines an API for working with
compression and archive formats.  These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar
MD5: 2a713d10331bc4e13459a3dc0463f16f
SHA1: 4ec95b60d4e86b5c95a0e919cb172a0af98011ef
SHA256:6aecfd5459728a595601cfa07258d131972ffc39b492eb48bdd596577a2f244a
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

commons-daemon-1.3.1.jar

Description:

    Apache Commons Daemon software is a set of utilities and Java support
    classes for running Java applications as server processes. These are
    commonly known as 'daemon' processes in Unix terminology (hence the
    name). On Windows they are called 'services'.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-daemon/commons-daemon/1.3.1/commons-daemon-1.3.1.jar
MD5: 5db8f0303a00c958ac9b007488ef9a66
SHA1: b6b9b8de9c24344f2fa99eaa4f9309b8073cb1fe
SHA256:281fbc13a45c4494bf2933030940de0b9fe6e61bb228620be5a9a7e0866b9fb4
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

commons-dbcp-1.4.jar

Description:

Commons Database Connection Pooling

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-dbcp/commons-dbcp/1.4/commons-dbcp-1.4.jar
MD5: b004158fab904f37f5831860898b3cd9
SHA1: 30be73c965cc990b153a100aaaaafcf239f82d39
SHA256:a6e2d83551d0e5b59aa942359f3010d35e79365e6552ad3dbaa6776e4851e4f6
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

commons-dbcp2-2.9.0.jar

Description:

Apache Commons DBCP software implements Database Connection Pooling

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/apache/commons/commons-dbcp2/2.9.0/commons-dbcp2-2.9.0.jar
MD5: c2a72212a55d105b0eaeaab26557e6e7
SHA1: 16d808749cf3dac900c073dd834b5e288562a59c
SHA256:887720912c5cbbcdff6e0e21d5034937555f8ffc597381eff8fa77f33ce6d64e
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

commons-io-2.11.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar
MD5: 3b4b7ccfaeceeac240b804839ee1a1ca
SHA1: a2503f302b11ebde7ebc3df41daebe0e4eea3689
SHA256:961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

commons-logging-1.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

commons-pool-1.6.jar

Description:

Commons Object Pooling Library

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6.jar
MD5: 5ca02245c829422176d23fa530e919cc
SHA1: 4572d589699f09d866a226a14b7f4323c6d8f040
SHA256:46c42b4a38dc6b2db53a9ee5c92c63db103665d56694e2cfce2c95d51a6860cc
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

commons-pool2-2.11.1.jar

Description:

The Apache Commons Object Pooling Library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/apache/commons/commons-pool2/2.11.1/commons-pool2-2.11.1.jar
MD5: 2210a041929e7c94485d5402458340b9
SHA1: 8970fd110c965f285ed4c6e40be7630c62db6f68
SHA256:ea0505ee7515e58b1ac0e686e4d1a5d9f7d808e251a61bc371aa0595b9963f83
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

dom4j-2.1.3.jar

Description:

flexible XML framework for Java

License:

BSD 3-clause New License: https://github.com/dom4j/dom4j/blob/master/LICENSE
File Path: /home/frederic/.m2/repository/org/dom4j/dom4j/2.1.3/dom4j-2.1.3.jar
MD5: 41efcf234c5a05a8c590f9b51d53ca66
SHA1: a75914155a9f5808963170ec20653668a2ffd2fd
SHA256:549f3007c6290f6a901e57d1d331b4ed0e6bf7384f78bf10316ffceeca834de6
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

error_prone_annotations-2.11.0.jar

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar
MD5: 656ad66261b7e7ea472ed0ffeea773ea
SHA1: c5a0ace696d3f8b1c1d8cc036d8c03cc0cbe6b69
SHA256:721cb91842b46fa056847d104d5225c8b8e1e8b62263b993051e1e5a0137b7ec
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

failureaccess-1.0.1.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes is conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar
MD5: 091883993ef5bfa91da01dcc8fc52236
SHA1: 1dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

guava-31.1-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/google/guava/guava/31.1-jre/guava-31.1-jre.jar
MD5: e37782d974104aa3b0a7bee9927c8042
SHA1: 60458f877d055d0c9114d9e1a2efb737b4bc282c
SHA256:a42edc9cab792e39fe39bb94f3fca655ed157ff87a8af78e1d6ba5b07c4a00ab
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

h2-1.4.200.jar

Description:

H2 Database Engine

License:

MPL 2.0 or EPL 1.0: https://h2database.com/html/license.html
File Path: /home/frederic/.m2/repository/com/h2database/h2/1.4.200/h2-1.4.200.jar
MD5: 18c05829a03b92c0880f22a3c4d1d11d
SHA1: f7533fe7cb8e99c87a43d325a77b4b678ad9031a
SHA256:3ad9ac4b6aae9cd9d3ac1c447465e1ed06019b851b893dd6a8d76ddb6d85bca6
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

CVE-2021-23463  

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2021-42392  

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (10.0)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

CVE-2022-23221  

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:
  • Base Score: HIGH (10.0)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

h2-1.4.200.jar: data.zip: table.js

File Path: /home/frederic/.m2/repository/com/h2database/h2/1.4.200/h2-1.4.200.jar/org/h2/util/data.zip/org/h2/server/web/res/table.js
MD5: 0e4b062032d1a5ea21b7ad0d878d3c31
SHA1: c5efb4c787ace5210d545d68742f415d28a61bdc
SHA256:0e1bf9d8833063242e13836bd0fca607763676308acf8b6e6992e7d7d8008d45
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

  • None

h2-1.4.200.jar: data.zip: tree.js

File Path: /home/frederic/.m2/repository/com/h2database/h2/1.4.200/h2-1.4.200.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js
MD5: 98225c0658feee5efb09b28c76e25884
SHA1: 6b84951f0a2febfbb1046e768d12f784047ce48c
SHA256:e9ee4656df4c1db81dcf20b7dcdcf08701c3b63f929ae8d8af69c334212c169e
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

  • None

j2objc-annotations-1.3.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar
MD5: 5fa4ec4ec0c5aa70af8a7d4922df1931
SHA1: ba035118bc8bac37d7eff77700720999acd9986d
SHA256:21af30c92267bd6122c0e0b4d20cccb6641a37eaf956c6540ec471d584e64a7b
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

jackson-core-2.13.3.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.3/jackson-core-2.13.3.jar
MD5: 9a6679e6a2f7d601a9f212576fda550c
SHA1: a27014716e4421684416e5fa83d896ddb87002da
SHA256:ab119a8ea3cc69472ebc0e870b849bfbbe536ad57d613dc38453ccd592ca6a3d
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

jackson-databind-2.13.3.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.3/jackson-databind-2.13.3.jar
MD5: e35e2adf33b2eed8e9f538a911244175
SHA1: 56deb9ea2c93a7a556b3afbedd616d342963464e
SHA256:6444bf08d8cd4629740afc3db1276938f494728deb663ce585c4e91f6b45eb84
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

jackson-dataformat-smile-2.13.3.jar

Description:

Support for reading and writing Smile ("binary JSON")
encoded data using Jackson abstractions (streaming API, data binding,
tree model)

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-smile/2.13.3/jackson-dataformat-smile-2.13.3.jar
MD5: 7212ca980fa8a552a9bed9eb4a3e64dc
SHA1: b4e03e361e2388e3a8a0b68e3b9988d3a07ee3f3
SHA256:32d4ff882ce88d8f0ac87a04710d60bc2ec1f90ad80da53f0d80fd9477879fb4
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

javax.ws.rs-api-2.1.1.jar

Description:

Java API for RESTful Web Services

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/frederic/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.1.1/javax.ws.rs-api-2.1.1.jar
MD5: 23b81452f9e2076ffefede649975b0d1
SHA1: d3466bc9321fe84f268a1adb3b90373fc14b0eb5
SHA256:2c309eb2c9455ffee9da8518c70a3b6d46be2a269b2e2a101c806a537efe79a4
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

CVE-2008-7271  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2010-4647  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

jaxen-1.2.0.jar

Description:

Jaxen is a universal XPath engine for Java.

License:

BSD License 2.0: https://raw.githubusercontent.com/jaxen-xpath/jaxen/master/LICENSE.txt
File Path: /home/frederic/.m2/repository/jaxen/jaxen/1.2.0/jaxen-1.2.0.jar
MD5: c32cf69356254b8f5050fce6e86358e9
SHA1: c10535a925bd35129a4329bc75065cc6b5293f2c
SHA256:70feef9dd75ad064def05a3ce8975aeba515ee7d1be146d12199c8828a64174c
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

jcl-over-slf4j-1.7.36.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.36/jcl-over-slf4j-1.7.36.jar
MD5: 8065610cde33ed9fd5d34367912c1938
SHA1: d877e195a05aca4a2f1ad2ff14bfec1393af4b5e
SHA256:ab57ca8fd223772c17365d121f59e94ecbf0ae59d08c03a3cb5b81071c019195
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

joda-time-2.10.14.jar

Description:

Date and time library to replace JDK date handling

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/joda-time/joda-time/2.10.14/joda-time-2.10.14.jar
MD5: fce26984e39110b9a3db5ad86caf5811
SHA1: e021f98e50c99ac21796c7ee35eb62a737489127
SHA256:d65b4f127d36cf52b9b7b439552db22f3de92b892014512870cb3c98a3cf505e
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

jul-to-slf4j-1.7.36.jar

Description:

JUL to SLF4J bridge

File Path: /home/frederic/.m2/repository/org/slf4j/jul-to-slf4j/1.7.36/jul-to-slf4j-1.7.36.jar
MD5: 2a3fe73e6cafe8f102facaf2dd65353f
SHA1: ed46d81cef9c412a88caef405b58f93a678ff2ca
SHA256:9e641fb142c5f0b0623d6222c09ea87523a41bf6bed48ac79940724010b989de
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar

Description:

    An empty artifact that Guava depends on to signal that it is providing
    ListenableFuture -- but is also available in a second "version" that
    contains com.google.common.util.concurrent.ListenableFuture class, without
    any other Guava classes. The idea is:

    - If users want only ListenableFuture, they depend on listenablefuture-1.0.

    - If users want all of Guava, they depend on guava, which, as of Guava
    27.0, depends on
    listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
    version number is enough for some build systems (notably, Gradle) to select
    that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....

File Path: /home/frederic/.m2/repository/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
MD5: d094c22570d65e132c19cea5d352e381
SHA1: b421526c5f297295adef1c886e5246c39d4ac629
SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

log4j-core-2.18.0.jar

Description:

The Apache Log4j Implementation

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/apache/logging/log4j/log4j-core/2.18.0/log4j-core-2.18.0.jar
MD5: 8869945da3b66916542b9fdd2e2605f2
SHA1: 07c1882ede137548925eadb750615edab2f6e13c
SHA256:ec7a23bfaf4d8ddf3394671561dd4a0f35b69d6fa6918734e3e8bc4066f741c4
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

log4j-over-slf4j-1.7.36.jar

Description:

Log4j implemented over SLF4J

License:

Apache Software Licenses: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/slf4j/log4j-over-slf4j/1.7.36/log4j-over-slf4j-1.7.36.jar
MD5: 84f330e9fc7173791d253773b3575a63
SHA1: 2a753acda077203a4794f106871bb237501c9a53
SHA256:0a7e032bf5bcdd5b2bf8bf2e5cf02c5646f2aa6fee66933b8150dbe84e651e8a
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

log4j-to-slf4j-2.18.0.jar

Description:

The Apache Log4j binding between Log4j 2 API and SLF4J.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.18.0/log4j-to-slf4j-2.18.0.jar
MD5: d0baa808c10f8220aa8be828eabd8e33
SHA1: 8a38109b74e2ad2b827aa4a93e2f3517d7f4f785
SHA256:bd32d0de5cc4aad2c69886921d16416f8d5f28344bbbd6bfcd21ac3a22387686
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

logback-core-1.2.11.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/frederic/.m2/repository/ch/qos/logback/logback-core/1.2.11/logback-core-1.2.11.jar
MD5: 115da115b5e66ef64e774ec35af1fb1a
SHA1: a01230df5ca5c34540cdaa3ad5efb012f1f1f792
SHA256:6ce1e9397be8298a2e99029f55f955c6fa3cef255171c554d0b9c201cffd0159
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

mariadb-java-client-3.0.6.jar

Description:

JDBC driver for MariaDB and MySQL

License:

LGPL-2.1
File Path: /home/frederic/.m2/repository/org/mariadb/jdbc/mariadb-java-client/3.0.6/mariadb-java-client-3.0.6.jar
MD5: 8510ca8e59707e55b8d0db37066ef7a6
SHA1: d1814fe919474634fdac22749bc87120a2178629
SHA256:977ca7980b777b5aa8d32678204296a108f3eacbc4f210887e39b19869fad0d3
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

CVE-2020-28912  

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.4)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.0)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-46666  

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
CWE-617 Reachable Assertion

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-46667  

MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.
CWE-190 Integer Overflow or Wraparound

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-46669  

MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
CWE-416 Use After Free

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-27382  

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.
CWE-617 Reachable Assertion

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-27385  

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-27444  

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-27446  

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-27449  

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-27452  

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-31621  

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
CWE-667 Improper Locking

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-31622  

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
CWE-404 Improper Resource Shutdown or Release

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-31623  

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
CWE-667 Improper Locking

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-31624  

MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
CWE-404 Improper Resource Shutdown or Release

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

mysql-connector-java-8.0.20.jar

Description:

JDBC Type 4 driver for MySQL

License:

The GNU General Public License, v2 with FOSS exception
File Path: /home/frederic/.m2/repository/mysql/mysql-connector-java/8.0.20/mysql-connector-java-8.0.20.jar
MD5: 48d69b9a82cbe275af9e45cb80f6b15f
SHA1: d8d388e71c823570662a45dd33f4284141921280
SHA256:56a42553b516660ae0bcd08f7f4f5f375294afbd62200d6c0c88a8c61c668ede
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

CVE-2021-2471 (OSSINDEX)  

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/Au:/C:H/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:mysql:mysql-connector-java:8.0.20:*:*:*:*:*:*:*

CVE-2022-21363 (OSSINDEX)  

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: MEDIUM (6.6)
  • Vector: /AV:N/AC:H/Au:/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:mysql:mysql-connector-java:8.0.20:*:*:*:*:*:*:*

netty-common-4.1.78.Final.jar (shaded: org.jctools:jctools-core:3.1.0)

Description:

Java Concurrency Tools Core Library

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/io/netty/netty-common/4.1.78.Final/netty-common-4.1.78.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: 08e7326c64d7fd6ae4ea32e7eb4e5b79
SHA1: 9deceaba814dea198202b04fe0eec0d2dbf69ea9
SHA256:acaf1b4c366f6794a734288a2c003f16af90a9c479cf4d7daade689764e4fb47
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

netty-http-java6-1.5.0.jar

Description:

Waarp shaded jar for Netty HTTP Router for Java 6

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/Waarp/netty-http-java6/1.5.0/netty-http-java6-1.5.0.jar
MD5: 8bd4625251bc07afb2c7f92155a44133
SHA1: 0ef8c8a06368b232560bbaf03a7c4bac6b6247da
SHA256:62d74c6de08685ce0817b4db1cde6b2c17cd99364413df648dca137b80e6231c
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

netty-tcnative-classes-2.0.53.Final.jar

Description:

    A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is dynamically linked
    to OpenSSL and Apache APR.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/io/netty/netty-tcnative-classes/2.0.53.Final/netty-tcnative-classes-2.0.53.Final.jar
MD5: 2e30cfe846ce7c86a4a15aa0b5d6c65d
SHA1: eee53d9a6e6bd582752d7a5e287c7888679b9f98
SHA256:9990404beb0b70d97d2bd90a95ef755cea6436ebe0cb7b7cd5c913b994c57aab
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

netty-transport-4.1.78.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/frederic/.m2/repository/io/netty/netty-transport/4.1.78.Final/netty-transport-4.1.78.Final.jar
MD5: c73f2c40376739f857be3da776ca7b40
SHA1: b1639d431e43622d6cbfdd45c30d3fb810fa9101
SHA256:153ee99931f6d6ba8a6d66d74cbb73371bd46c546b0707d7d37af1264a3deaf2
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

postgresql-42.4.0.jar

Description:

PostgreSQL JDBC Driver Postgresql

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html
File Path: /home/frederic/.m2/repository/org/postgresql/postgresql/42.4.0/postgresql-42.4.0.jar
MD5: c422ffa6eb00ea92d11cbff4a7ce27b2
SHA1: 21ff952426bbfe4a041c175407333d4a07c70931
SHA256:fe25b9c0a2c59458504ec88862853df522ee87f8a02564835d537c29ae4cb125
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

protobuf-java-3.6.1.jar

Description:

    Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
    efficient yet extensible format.

License:

https://opensource.org/licenses/BSD-3-Clause
File Path: /home/frederic/.m2/repository/com/google/protobuf/protobuf-java/3.6.1/protobuf-java-3.6.1.jar
MD5: 17b60a7d277343a16fe881d18adecc0b
SHA1: 0d06d46ecfd92ec6d0f3b423b4cd81cb38d8b924
SHA256:fb66d913ff0578553b2e28a3338cbbbe2657e6cfe0e98d939f23aea219daf508
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

CVE-2021-22569  

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

slf4j-api-1.7.36.jar

Description:

The slf4j API

File Path: /home/frederic/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

xercesImpl-2.12.2.jar

Description:

      Xerces2 provides high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces continues to build upon the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.

      The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.

      Xerces2 provides fully conforming XML Schema 1.0 and 1.1 processors. An experimental implementation of the "XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010)" is also provided for evaluation. For more information, refer to the XML Schema page.

      Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.

      Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/xerces/xercesImpl/2.12.2/xercesImpl-2.12.2.jar
MD5: 40e4f2d5aacfbf51a9a1572d77a0e5e9
SHA1: f051f988aa2c9b4d25d05f95742ab0cc3ed789e2
SHA256:6fc991829af1708d15aea50c66f0beadcd2cfeb6968e0b2f55c1b0909883fe16
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers

CVE-2017-10355 (OSSINDEX)  

sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS)

The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.
CWE-833 Deadlock

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:xerces:xercesImpl:2.12.2:*:*:*:*:*:*:*

zjsonpatch-0.4.12.jar

Description:

Java Library to find / apply JSON Patches according to RFC 6902

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/flipkart/zjsonpatch/zjsonpatch/0.4.12/zjsonpatch-0.4.12.jar
MD5: 13538432fe75a02d5549ccd6d730cb83
SHA1: 9783037290ba3b7e95e2e7b57183f159d6256271
SHA256:4958706ebdd8cc6250b16393ee20ff9e5c8bdc5820b5dee73f7f4fa70866d23c
Referenced In Project/Scope:Waarp Password Management GUI and Console:compile

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.