Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Login2 SSO Project

org.flasby.login:login2:1.0-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
angus-activation-2.0.0.jarcpe:2.3:a:service_project:service:2.0.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.angus/angus-activation@2.0.0 0Low37
annotations-13.0.jarpkg:maven/org.jetbrains/annotations@13.0 032
antlr4-runtime-4.13.0.jarpkg:maven/org.antlr/antlr4-runtime@4.13.0 030
attoparser-2.0.7.RELEASE.jarpkg:maven/org.attoparser/attoparser@2.0.7.RELEASE 042
auth.js 00
bootstrap-5.3.3.jarpkg:maven/org.webjars/bootstrap@5.3.3MEDIUM121
bootstrap-5.3.3.jar: bootstrap.bundle.js 00
bootstrap-5.3.3.jar: bootstrap.bundle.min.js 00
bootstrap-5.3.3.jar: bootstrap.esm.js 00
bootstrap-5.3.3.jar: bootstrap.esm.min.js 00
bootstrap-5.3.3.jar: bootstrap.js 00
bootstrap-5.3.3.jar: bootstrap.min.js 00
bootstrap-5.3.3.jar: jasmine.js 00
bootstrap-5.3.3.jar: register.js 00
bootstrap-5.3.3.jar: runner.js 00
byte-buddy-1.17.2.jarpkg:maven/net.bytebuddy/byte-buddy@1.17.2 029
classgraph-4.8.173.jarpkg:maven/io.github.classgraph/classgraph@4.8.173 042
classmate-1.5.1.jarpkg:maven/com.fasterxml/classmate@1.5.1 054
commons-lang3-3.16.0.jarpkg:maven/org.apache.commons/commons-lang3@3.16.0 0145
derby-10.17.1.0.jarcpe:2.3:a:apache:derby:10.17.1.0:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derby@10.17.1.0 0Highest28
derbyshared-10.17.1.0.jarcpe:2.3:a:apache:derby:10.17.1.0:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derbyshared@10.17.1.0 0Highest27
derbytools-10.17.1.0.jarcpe:2.3:a:apache:derby:10.17.1.0:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derbytools@10.17.1.0 0Highest33
eventbus.js 00
h2-2.3.232.jarcpe:2.3:a:h2database:h2:2.3.232:*:*:*:*:*:*:*pkg:maven/com.h2database/h2@2.3.232MEDIUM1Highest44
h2-2.3.232.jar: data.zip: table.js 00
h2-2.3.232.jar: data.zip: tree.js 00
hibernate-commons-annotations-7.0.1.Final.jarpkg:maven/org.hibernate.common/hibernate-commons-annotations@7.0.1.Final 038
hibernate-core-6.6.0.Final.jarcpe:2.3:a:hibernate:hibernate_orm:6.6.0:*:*:*:*:*:*:*pkg:maven/org.hibernate.orm/hibernate-core@6.6.0.Final 0Highest43
istack-commons-runtime-4.1.1.jarpkg:maven/com.sun.istack/istack-commons-runtime@4.1.1 029
jackson-annotations-2.17.2.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.17.2:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.17.2 0Low38
jackson-core-2.18.3.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.18.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.18.3 0Low47
jackson-databind-2.17.2.jarcpe:2.3:a:fasterxml:jackson-databind:2.17.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.2:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.2 0Highest41
jakarta.activation-api-2.1.3.jarpkg:maven/jakarta.activation/jakarta.activation-api@2.1.3 045
jakarta.annotation-api-2.1.0.jarcpe:2.3:a:oracle:projects:2.1.0:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@2.1.0 0Low42
jakarta.data-api-1.0.0.jarpkg:maven/jakarta.data/jakarta.data-api@1.0.0 019
jakarta.el-api-5.0.1.jarcpe:2.3:a:eclipse:jakarta_expression_language:5.0.1:*:*:*:*:*:*:*pkg:maven/jakarta.el/jakarta.el-api@5.0.1 0Low45
jakarta.enterprise.cdi-api-4.0.1.jarcpe:2.3:a:redhat:enterprise_ipa:4.0.1:*:*:*:*:*:*:*pkg:maven/jakarta.enterprise/jakarta.enterprise.cdi-api@4.0.1 0Low79
jakarta.enterprise.lang-model-4.0.1.jarpkg:maven/jakarta.enterprise/jakarta.enterprise.lang-model@4.0.1 029
jakarta.inject-api-2.0.1.jarpkg:maven/jakarta.inject/jakarta.inject-api@2.0.1 056
jakarta.interceptor-api-2.1.0.jarpkg:maven/jakarta.interceptor/jakarta.interceptor-api@2.1.0 046
jakarta.persistence-api-3.1.0.jarpkg:maven/jakarta.persistence/jakarta.persistence-api@3.1.0 040
jakarta.servlet-api-6.0.0.jarcpe:2.3:a:oracle:projects:6.0.0:*:*:*:*:*:*:*pkg:maven/jakarta.servlet/jakarta.servlet-api@6.0.0 0Low44
jakarta.transaction-api-2.0.1.jarcpe:2.3:a:oracle:projects:2.0.1:*:*:*:*:*:*:*pkg:maven/jakarta.transaction/jakarta.transaction-api@2.0.1 0Low50
jakarta.xml.bind-api-4.0.2.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.2 031
jandex-3.2.0.jarpkg:maven/io.smallrye/jandex@3.2.0 027
java-jwt-4.4.0.jarpkg:maven/com.auth0/java-jwt@4.4.0 039
javalin-6.1.6.jarpkg:maven/io.javalin/javalin@6.1.6 021
javalin-rendering-6.1.6.jarpkg:maven/io.javalin/javalin-rendering@6.1.6 023
javassist-3.29.0-GA.jarpkg:maven/org.javassist/javassist@3.29.0-GA 056
jaxb-core-4.0.2.jarpkg:maven/org.glassfish.jaxb/jaxb-core@4.0.2 040
jaxb-runtime-4.0.2.jarpkg:maven/org.glassfish.jaxb/jaxb-runtime@4.0.2 040
jboss-classfilewriter-1.3.0.Final.jarpkg:maven/org.jboss.classfilewriter/jboss-classfilewriter@1.3.0.Final 044
jboss-logging-3.5.0.Final.jarpkg:maven/org.jboss.logging/jboss-logging@3.5.0.Final 043
jboss-logging-annotations-2.2.1.Final.jarpkg:maven/org.jboss.logging/jboss-logging-annotations@2.2.1.Final 031
jboss-logging-processor-2.2.1.Final.jarpkg:maven/org.jboss.logging/jboss-logging-processor@2.2.1.Final 031
jdeparser-2.0.3.Final.jarpkg:maven/org.jboss.jdeparser/jdeparser@2.0.3.Final 030
jetty-io-11.0.20.jarcpe:2.3:a:eclipse:jetty:11.0.20:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:11.0.20:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:11.0.20:*:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-io@11.0.20MEDIUM2Highest35
jetty-jakarta-servlet-api-5.0.2.jarpkg:maven/org.eclipse.jetty.toolchain/jetty-jakarta-servlet-api@5.0.2 028
jetty-server-11.0.20.jarcpe:2.3:a:eclipse:jetty:11.0.20:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:11.0.20:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:11.0.20:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:11.0.20:*:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-server@11.0.20MEDIUM2Highest35
kotlin-stdlib-1.9.23.jarcpe:2.3:a:jetbrains:kotlin:1.9.23:*:*:*:*:*:*:*pkg:maven/org.jetbrains.kotlin/kotlin-stdlib@1.9.23 0Highest27
log4j-core-2.24.3.jarcpe:2.3:a:apache:log4j:2.24.3:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-core@2.24.3 0Highest40
log4j-slf4j2-impl-2.23.1.jarcpe:2.3:a:apache:log4j:2.23.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.23.1 0Highest37
lombok-1.18.34.jarpkg:maven/org.projectlombok/lombok@1.18.34 036
lombok-1.18.34.jar: mavenEcjBootstrapAgent.jar 07
main.js 00
ognl-3.3.4.jarcpe:2.3:a:ognl_project:ognl:3.3.4:*:*:*:*:*:*:*pkg:maven/ognl/ognl@3.3.4 0Highest27
passay-1.6.4.jarpkg:maven/org.passay/passay@1.6.4 037
scrypt-1.4.0.jarpkg:maven/com.lambdaworks/scrypt@1.4.0 024
sender.js 00
slf4j-api-2.0.17.jarpkg:maven/org.slf4j/slf4j-api@2.0.17 029
thymeleaf-3.1.2.RELEASE.jarcpe:2.3:a:thymeleaf:thymeleaf:3.1.2:release:*:*:*:*:*:*pkg:maven/org.thymeleaf/thymeleaf@3.1.2.RELEASE 0Highest23
thymeleaf-extras-java8time-3.0.4.RELEASE.jarcpe:2.3:a:time_project:time:3.0.4:release:*:*:*:*:*:*pkg:maven/org.thymeleaf.extras/thymeleaf-extras-java8time@3.0.4.RELEASE 0Highest50
txw2-4.0.2.jarpkg:maven/org.glassfish.jaxb/txw2@4.0.2 034
unbescape-1.1.6.RELEASE.jarpkg:maven/org.unbescape/unbescape@1.1.6.RELEASE 042
webjars-locator-core-0.59.jarpkg:maven/org.webjars/webjars-locator-core@0.59 023
websocket-core-server-11.0.20.jarcpe:2.3:a:eclipse:jetty:11.0.20:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:11.0.20:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:11.0.20:*:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty.websocket/websocket-core-server@11.0.20MEDIUM2Highest37
websocket-jetty-server-11.0.20.jarcpe:2.3:a:eclipse:jetty:11.0.20:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:11.0.20:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:11.0.20:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:11.0.20:*:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty.websocket/websocket-jetty-server@11.0.20MEDIUM2Highest39
weld-api-5.0.SP3.jarpkg:maven/org.jboss.weld/weld-api@5.0.SP3 032
weld-core-impl-5.1.2.Final.jarpkg:maven/org.jboss.weld/weld-core-impl@5.1.2.Final 033
weld-environment-common-5.1.2.Final.jarpkg:maven/org.jboss.weld.environment/weld-environment-common@5.1.2.Final 035
weld-lite-extension-translator-5.1.2.Final.jarpkg:maven/org.jboss.weld/weld-lite-extension-translator@5.1.2.Final 033
weld-se-core-5.1.2.Final.jarpkg:maven/org.jboss.weld.se/weld-se-core@5.1.2.Final 035
weld-spi-5.0.SP3.jarpkg:maven/org.jboss.weld/weld-spi@5.0.SP3 035
zxcvbn-1.9.0.jarpkg:maven/com.nulab-inc/zxcvbn@1.9.0 027

Dependencies (vulnerable)

angus-activation-2.0.0.jar

Description:

 Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/lib/jenkins/.m2/repository/org/eclipse/angus/angus-activation/2.0.0/angus-activation-2.0.0.jar
MD5: 834539f269d476663784d8571048f3c4
SHA1: 72369f4e2314d38de2dcbb277141ef0226f73151
SHA256:3a12d321a0f35aa9458ff9b6ee93a3de76b78e3f18b077c81721473d83079147
Referenced In Project/Scope: Login2 SSO Project:runtime
angus-activation-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-core@6.6.0.Final

Identifiers

annotations-13.0.jar

Description:

A set of annotations used for code inspection support and code documentation.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/org/jetbrains/annotations/13.0/annotations-13.0.jar
MD5: f4fb462172517b46b6cd90003508515a
SHA1: 919f0dfe192fb4e063e7dacadee7f8bb9a2672a9
SHA256:ace2a10dc8e2d5fd34925ecac03e4988b2c0f851650c94b8cef49ba1bd111478
Referenced In Project/Scope: Login2 SSO Project:compile
annotations-13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.javalin/javalin@6.1.6

Identifiers

antlr4-runtime-4.13.0.jar

Description:

The ANTLR 4 Runtime

License:

https://www.antlr.org/license.html
File Path: /var/lib/jenkins/.m2/repository/org/antlr/antlr4-runtime/4.13.0/antlr4-runtime-4.13.0.jar
MD5: bff95723c494b332b14575d713a65df4
SHA1: 5a02e48521624faaf5ff4d99afc88b01686af655
SHA256:bd7f7b5d07bc0b047f10915b32ca4bb1de9e57d8049098882e4453c88c076a5d
Referenced In Project/Scope: Login2 SSO Project:runtime
antlr4-runtime-4.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-core@6.6.0.Final

Identifiers

attoparser-2.0.7.RELEASE.jar

Description:

Powerful, fast and easy to use HTML and XML parser for Java

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/org/attoparser/attoparser/2.0.7.RELEASE/attoparser-2.0.7.RELEASE.jar
MD5: fd09ceba7061e05460e74e0e1e64f233
SHA1: e5d0e988d9124139d645bb5872b24dfa23e283cc
SHA256:75dd1c045492bff8e1963aabb28bfe903c2064e11e27fe2f0f0aff1ad3d84476
Referenced In Project/Scope: Login2 SSO Project:compile
attoparser-2.0.7.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.thymeleaf/thymeleaf@3.1.2.RELEASE

Identifiers

auth.js

File Path: /var/lib/jenkins/workspace/Login2/src/main/resources/resources/public/js/auth.js
MD5: 4c5d92fae42235660ff9070ea05fa7e6
SHA1: 17557331ca25ae991c08d7b4b901d070c473094a
SHA256:8c5c46c82dd3203573f62133feceef534c1e859f11af5d69c887c25e943933a6
Referenced In Project/Scope: Login2 SSO Project

Identifiers

  • None

bootstrap-5.3.3.jar

Description:

WebJar for Bootstrap

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/lib/jenkins/.m2/repository/org/webjars/bootstrap/5.3.3/bootstrap-5.3.3.jar
MD5: 3cb084b342036f0584ac603f443af553
SHA1: 3cba7ec0bf83f3bb02f15ba6ccb5177c714791f7
SHA256:7cd698a335b16b0c55d901aa0c0657b1e1165163197c6139458b4e758df8c7f9
Referenced In Project/Scope: Login2 SSO Project:compile
bootstrap-5.3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

CVE-2024-6484 (OSSINDEX)  

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-6484 for details
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.099999904632568)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.webjars:bootstrap:5.3.3:*:*:*:*:*:*:*

bootstrap-5.3.3.jar: bootstrap.bundle.js

File Path: /var/lib/jenkins/.m2/repository/org/webjars/bootstrap/5.3.3/bootstrap-5.3.3.jar/META-INF/resources/webjars/bootstrap/5.3.3/js/bootstrap.bundle.js
MD5: 4d456e43291a691699c12a9027f1f13a
SHA1: e2e691b338e64a94e68be7f4d2aded08fcca0759
SHA256:9a4a11a15db88d5fab08f59c1c34796b03f1f15bb3cc928dd226e1c59f7f59a3
Referenced In Project/Scope: Login2 SSO Project:compile

Identifiers

  • None

bootstrap-5.3.3.jar: bootstrap.bundle.min.js

File Path: /var/lib/jenkins/.m2/repository/org/webjars/bootstrap/5.3.3/bootstrap-5.3.3.jar/META-INF/resources/webjars/bootstrap/5.3.3/js/bootstrap.bundle.min.js
MD5: 2e477967e482f32e65d4ea9b2fd8e106
SHA1: ddc6e9ead6d16ae9237399ce41e8c1620cc59c36
SHA256:0833b2e9c3a26c258476c46266e6877fc75218625162e0460be9a3a098a61c6c
Referenced In Project/Scope: Login2 SSO Project:compile

Identifiers

  • None

bootstrap-5.3.3.jar: bootstrap.esm.js

File Path: /var/lib/jenkins/.m2/repository/org/webjars/bootstrap/5.3.3/bootstrap-5.3.3.jar/META-INF/resources/webjars/bootstrap/5.3.3/js/bootstrap.esm.js
MD5: f14504e2c0e05140757627e666864fb6
SHA1: 4fe324af19ae1152de4ef7217fe7a1ae9c2a023a
SHA256:7b189764d243c2e7177ee8dedc26d73dbb92ebe12bcb7cfdb0ffa9826be1f270
Referenced In Project/Scope: Login2 SSO Project:compile

Identifiers

  • None

bootstrap-5.3.3.jar: bootstrap.esm.min.js

File Path: /var/lib/jenkins/.m2/repository/org/webjars/bootstrap/5.3.3/bootstrap-5.3.3.jar/META-INF/resources/webjars/bootstrap/5.3.3/js/bootstrap.esm.min.js
MD5: 282d10561eec8cfe0cb2f70143050541
SHA1: 08e269b0c90bdf391e981584726cfe4db643f90c
SHA256:4197454f564d765cb8ae681406d5e65c54bd054d454dafac3deea1efde2c1514
Referenced In Project/Scope: Login2 SSO Project:compile

Identifiers

  • None

bootstrap-5.3.3.jar: bootstrap.js

File Path: /var/lib/jenkins/.m2/repository/org/webjars/bootstrap/5.3.3/bootstrap-5.3.3.jar/META-INF/resources/webjars/bootstrap/5.3.3/js/bootstrap.js
MD5: a6e5e71549018c2dfd424c493f074340
SHA1: 0f43271223c74d330702ce94a39ed70d04e8fd36
SHA256:f945bcd36c2055f9e36926ddc321cb954ec056995bd164e83a5bcdd429f321a7
Referenced In Project/Scope: Login2 SSO Project:compile

Identifiers

  • None

bootstrap-5.3.3.jar: bootstrap.min.js

File Path: /var/lib/jenkins/.m2/repository/org/webjars/bootstrap/5.3.3/bootstrap-5.3.3.jar/META-INF/resources/webjars/bootstrap/5.3.3/js/bootstrap.min.js
MD5: 4800bcc26467d999f49b472f02906b8d
SHA1: 2c6c0a58345a09d3761230af823a4e4852b12643
SHA256:de040986d9a3ed89d5d5f9ad6d5727015e9e238c2cd13af8f1b55909386d0864
Referenced In Project/Scope: Login2 SSO Project:compile

Identifiers

  • None

bootstrap-5.3.3.jar: jasmine.js

File Path: /var/lib/jenkins/.m2/repository/org/webjars/bootstrap/5.3.3/bootstrap-5.3.3.jar/META-INF/resources/webjars/bootstrap/5.3.3/scss/tests/jasmine.js
MD5: 6d4914ef46ff7f1b03d4eac1750f69b9
SHA1: df3ffb00d04e1b2c46f5ec043edea18dfe16c172
SHA256:4d16d58d67229931067ea16b19d7efe6f645cb991b84e754e35b60c70e7ab2c8
Referenced In Project/Scope: Login2 SSO Project:compile

Identifiers

  • None

bootstrap-5.3.3.jar: register.js

File Path: /var/lib/jenkins/.m2/repository/org/webjars/bootstrap/5.3.3/bootstrap-5.3.3.jar/META-INF/resources/webjars/bootstrap/5.3.3/scss/tests/sass-true/register.js
MD5: 9595c18a6d2d4fc8b80b48930eb7a663
SHA1: 722b49413a792685d5b0f1e508ccd60d2b95f511
SHA256:432ed8e7c99b3440086f0ed3d98592937015ff83d494eeee2b89e959d1228fba
Referenced In Project/Scope: Login2 SSO Project:compile

Identifiers

  • None

bootstrap-5.3.3.jar: runner.js

File Path: /var/lib/jenkins/.m2/repository/org/webjars/bootstrap/5.3.3/bootstrap-5.3.3.jar/META-INF/resources/webjars/bootstrap/5.3.3/scss/tests/sass-true/runner.js
MD5: 7df83f25a7395cb3d5c3e63fc087561f
SHA1: 63a585ca6db6458a53d1e1918016c946397f5b04
SHA256:536c05c004abded6b802be4650fcfa6f093f01178231e375bf2ed69db0cf9efb
Referenced In Project/Scope: Login2 SSO Project:compile

Identifiers

  • None

byte-buddy-1.17.2.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/net/bytebuddy/byte-buddy/1.17.2/byte-buddy-1.17.2.jar
MD5: fdb9cdac0b2257b96a2f7d3da67ccfb4
SHA1: 6fe75b66ba1a6ae30e373d696c3bbe34cd851e49
SHA256:b37d7fab7236a275900402ddd72819411e71ae01b6695f287e5dce5446570068
Referenced In Project/Scope: Login2 SSO Project:runtime
byte-buddy-1.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-core@6.6.0.Final

Identifiers

classgraph-4.8.173.jar

Description:

The uber-fast, ultra-lightweight classpath and module scanner for JVM languages.

License:

The MIT License (MIT): http://opensource.org/licenses/MIT
File Path: /var/lib/jenkins/.m2/repository/io/github/classgraph/classgraph/4.8.173/classgraph-4.8.173.jar
MD5: 8e98dcc3eb5d91bd92a03415d64caa2a
SHA1: 236e1b4360bf078142902c6c3ca80a03bfa95d5d
SHA256:699841fd9028af0124e9b66067e0e543211611971a8a066ae212690888a5aaee
Referenced In Project/Scope: Login2 SSO Project:compile
classgraph-4.8.173.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.webjars/webjars-locator-core@0.59

Identifiers

classmate-1.5.1.jar

Description:

Library for introspecting types with full generic information
        including resolving of field and method types.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/com/fasterxml/classmate/1.5.1/classmate-1.5.1.jar
MD5: e91fcd30ba329fd1b0b6dc5321fd067c
SHA1: 3fe0bed568c62df5e89f4f174c101eab25345b6c
SHA256:aab4de3006808c09d25dd4ff4a3611cfb63c95463cfd99e73d2e1680d229a33b
Referenced In Project/Scope: Login2 SSO Project:runtime
classmate-1.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-core@6.6.0.Final

Identifiers

commons-lang3-3.16.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

  The code is tested using the latest revision of the JDK for supported
  LTS releases: 8, 11, 17 and 21 currently.
  See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
  
  Please ensure your build environment is up-to-date and kindly report any build issues.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/org/apache/commons/commons-lang3/3.16.0/commons-lang3-3.16.0.jar
MD5: 67bc6dbd753fc276d69aeb4cfa205e15
SHA1: 3eb54effe40946dfb06dc5cd6c7ce4116cd51ea4
SHA256:08709dd74d602b705ce4017d26544210056a4ba583d5b20c09373406fe7a00f8
Referenced In Project/Scope: Login2 SSO Project:compile
commons-lang3-3.16.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

derby-10.17.1.0.jar

Description:

Contains the core Apache Derby database engine, which also includes the embedded JDBC driver.

File Path: /var/lib/jenkins/.m2/repository/org/apache/derby/derby/10.17.1.0/derby-10.17.1.0.jar
MD5: 0665c8f3365fca01eb639e41f7685991
SHA1: e90e61e8ee731614a9bafd3d81155e09fff5e80c
SHA256:764e4c133f860a8876e835ef2306efecad27a742d27f05bc4bce669432c6b397
Referenced In Project/Scope: Login2 SSO Project:compile
derby-10.17.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

derbyshared-10.17.1.0.jar

Description:

The code which is shared across all Derby configurations.

File Path: /var/lib/jenkins/.m2/repository/org/apache/derby/derbyshared/10.17.1.0/derbyshared-10.17.1.0.jar
MD5: ce2d7164d5cda8ac3a1ede81023814d4
SHA1: e6eac60d1b80b3781dff97ccef88fa131043f2a5
SHA256:fb68bab30785375c1f8cb5e9583b349750f8904d6f7ee15ce8e1c30b6be30ef4
Referenced In Project/Scope: Login2 SSO Project:compile
derbyshared-10.17.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.derby/derby@10.17.1.0

Identifiers

derbytools-10.17.1.0.jar

Description:

Contains Apache Derby tools like ij, sysinfo, and dblook.

File Path: /var/lib/jenkins/.m2/repository/org/apache/derby/derbytools/10.17.1.0/derbytools-10.17.1.0.jar
MD5: ea7b7cba09a4056219e888bcdc1a3bb7
SHA1: 6d1a4e5e0f5c26516abbba85ece081506b9ad2e1
SHA256:c1e24e47d944a7c4c6fa88ad1a0989d7cf37e4108dc2fbde8cb07e758087996e
Referenced In Project/Scope: Login2 SSO Project:compile
derbytools-10.17.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

eventbus.js

File Path: /var/lib/jenkins/workspace/Login2/src/main/resources/resources/public/js/eventbus.js
MD5: 89a4fdfb7cc5fbf91b091d249c807849
SHA1: 64ed682121b39b0847cc3da7d43ca80628b828c1
SHA256:f9d0507e5f60f12f50c4839d90ac4c10b3b388eb22cfa9c1b46fe920c432dd7b
Referenced In Project/Scope: Login2 SSO Project

Identifiers

  • None

h2-2.3.232.jar

Description:

H2 Database Engine

License:

MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/
EPL 1.0: https://opensource.org/licenses/eclipse-1.0.php
File Path: /var/lib/jenkins/.m2/repository/com/h2database/h2/2.3.232/h2-2.3.232.jar
MD5: 756154ae197457f2995b89c11bc9b2c3
SHA1: 4fcc05d966ccdb2812ae8b9a718f69226c0cf4e2
SHA256:8dae62d22db8982c3dcb3826edb9c727c5d302063a67eef7d63d82de401f07d3
Referenced In Project/Scope: Login2 SSO Project:compile
h2-2.3.232.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

CVE-2018-14335 (OSSINDEX)  

h2database - Improper Link Resolution Before File Access

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv3:
  • Base Score: MEDIUM (6.0)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.h2database:h2:2.3.232:*:*:*:*:*:*:*

h2-2.3.232.jar: data.zip: table.js

File Path: /var/lib/jenkins/.m2/repository/com/h2database/h2/2.3.232/h2-2.3.232.jar/org/h2/util/data.zip/org/h2/server/web/res/table.js
MD5: 8973a8c183f3455d8c4fe07a9a963429
SHA1: 4b32bb0b435151f899abdc8a98dab8f844b10b94
SHA256:807d50c7d28cc022b174774cfaff3d1c8b39ea04c1e260ddb6265e7fc0660910
Referenced In Project/Scope: Login2 SSO Project:compile

Identifiers

  • None

h2-2.3.232.jar: data.zip: tree.js

File Path: /var/lib/jenkins/.m2/repository/com/h2database/h2/2.3.232/h2-2.3.232.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js
MD5: 8105bba99dd1db86cb1cf23b2556a620
SHA1: 1c00b802f6cb1013cb0ed40eec6a98b5ba4cd0e7
SHA256:c5602b0b3488bb7d61959228a224a5f806f2749d67f9cdc182327fe069b94238
Referenced In Project/Scope: Login2 SSO Project:compile

Identifiers

  • None

hibernate-commons-annotations-7.0.1.Final.jar

Description:

Common reflection code used in support of annotation processing

License:

Apache License Version 2.0: https://opensource.org/licenses/Apache-2.0
File Path: /var/lib/jenkins/.m2/repository/org/hibernate/common/hibernate-commons-annotations/7.0.1.Final/hibernate-commons-annotations-7.0.1.Final.jar
MD5: 825afccbb1ecd84884649ca422c0d57b
SHA1: c21c8b84ab6c56b181014df3df2ed1467a7a7e88
SHA256:0a690967ef2ef3e2bcec3c7871869ff64d1269904d58d22d7aaf46e3e5bb0483
Referenced In Project/Scope: Login2 SSO Project:runtime
hibernate-commons-annotations-7.0.1.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-core@6.6.0.Final

Identifiers

hibernate-core-6.6.0.Final.jar

Description:

Hibernate's core ORM functionality

License:

GNU Library General Public License v2.1 or later: https://www.opensource.org/licenses/LGPL-2.1
File Path: /var/lib/jenkins/.m2/repository/org/hibernate/orm/hibernate-core/6.6.0.Final/hibernate-core-6.6.0.Final.jar
MD5: b8c1f21f08b4aed738f02af7322f879b
SHA1: f7f410bfcc65c1d2644c978df35f871160db3214
SHA256:b410b6d0a7ce05f2d5315fd93732d3c6d2c3f016faf01ae6ea3e5a8160ddeb5d
Referenced In Project/Scope: Login2 SSO Project:compile
hibernate-core-6.6.0.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

istack-commons-runtime-4.1.1.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/lib/jenkins/.m2/repository/com/sun/istack/istack-commons-runtime/4.1.1/istack-commons-runtime-4.1.1.jar
MD5: 8a0b5fe40f96b22dbf7a2d971bf21964
SHA1: 9b3769c76235bc283b060da4fae2318c6d53f07e
SHA256:7e8148c5bf5d5ae6f8c4534c1873f82e80bf7f9164fd09ee573df0013918dcd3
Referenced In Project/Scope: Login2 SSO Project:runtime
istack-commons-runtime-4.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-core@6.6.0.Final

Identifiers

jackson-annotations-2.17.2.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.17.2/jackson-annotations-2.17.2.jar
MD5: e68e7e593ae47e106421688707683297
SHA1: 147b7b9412ffff24339f8aba080b292448e08698
SHA256:873a606e23507969f9bbbea939d5e19274a88775ea5a169ba7e2d795aa5156e1
Referenced In Project/Scope: Login2 SSO Project:compile
jackson-annotations-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

jackson-core-2.18.3.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.18.3/jackson-core-2.18.3.jar
MD5: b36e17ef5ba214242b700f8e621e6f12
SHA1: 78f80c259268200e588aa204dd97ecf09b76916e
SHA256:056bc4d3e5e53ce821450fa97b3f9e0f8dde125cf6da6884353bb1f09582e1d9
Referenced In Project/Scope: Login2 SSO Project:compile
jackson-core-2.18.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.2

Identifiers

jackson-databind-2.17.2.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.17.2/jackson-databind-2.17.2.jar
MD5: 3e1ff7c1f0fda885946619a47ef9d5de
SHA1: e6deb029e5901e027c129341fac39e515066b68c
SHA256:c04993f33c0f845342653784f14f38373d005280e6359db5f808701cfae73c0c
Referenced In Project/Scope: Login2 SSO Project:compile
jackson-databind-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

jakarta.activation-api-2.1.3.jar

Description:

  Specification

License:

EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/lib/jenkins/.m2/repository/jakarta/activation/jakarta.activation-api/2.1.3/jakarta.activation-api-2.1.3.jar
MD5: 76e7b680375ea9f40f3ddbd702efcd25
SHA1: fa165bd70cda600368eee31555222776a46b881f
SHA256:01b176d718a169263e78290691fc479977186bcc6b333487325084d6586f4627
Referenced In Project/Scope: Login2 SSO Project:compile
jakarta.activation-api-2.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.2

Identifiers

jakarta.annotation-api-2.1.0.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /var/lib/jenkins/.m2/repository/jakarta/annotation/jakarta.annotation-api/2.1.0/jakarta.annotation-api-2.1.0.jar
MD5: 740bc4e6204ccfafa1b05e7402a6d3d1
SHA1: 4f1cf660cde3a75a0ac3d12ee8afd2d798ec322d
SHA256:448f2abf53b0fb3e96eedc8fe0dafb6284af1252dd1aa4bd3e6774e91fd41a6a
Referenced In Project/Scope: Login2 SSO Project:compile
jakarta.annotation-api-2.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.jboss.weld.se/weld-se-core@5.1.2.Final

Identifiers

jakarta.data-api-1.0.0.jar

Description:

Jakarta Data :: API

File Path: /var/lib/jenkins/.m2/repository/jakarta/data/jakarta.data-api/1.0.0/jakarta.data-api-1.0.0.jar
MD5: 2f0753b6ef350bb2c9db59027a8cb6be
SHA1: 8df25608e558ceae6cc3abfc05d59ec1796fe5fd
SHA256:2a9464dba6b7a0cb71c5be4f20830c3a1eb129ac61c23dca6321397f127cc096
Referenced In Project/Scope: Login2 SSO Project:compile
jakarta.data-api-1.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

jakarta.el-api-5.0.1.jar

Description:

        Jakarta Expression Language defines an expression language for Java applications

License:

https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt, https://www.gnu.org/software/classpath/license.html
File Path: /var/lib/jenkins/.m2/repository/jakarta/el/jakarta.el-api/5.0.1/jakarta.el-api-5.0.1.jar
MD5: fcc2c22f90c0d8d80ca73b171d695539
SHA1: 6f46fb9143b18b7956806a657275fc41376d1a50
SHA256:90432d18281717b363b819978c6a172433a2654b77eb87c863c22fc19c20eced
Referenced In Project/Scope: Login2 SSO Project:compile
jakarta.el-api-5.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.jboss.weld.se/weld-se-core@5.1.2.Final

Identifiers

jakarta.enterprise.cdi-api-4.0.1.jar

Description:

APIs for CDI (Contexts and Dependency Injection for Java)

License:

Apache License 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/lib/jenkins/.m2/repository/jakarta/enterprise/jakarta.enterprise.cdi-api/4.0.1/jakarta.enterprise.cdi-api-4.0.1.jar
MD5: 4ddecd5a6280ef5f222e693ce9d29898
SHA1: 2012f388c6de83e29101cbf82c3ed2bd37931c64
SHA256:beaf74c4f2618189309e3f4a09c43effab633dd96aa1f6dc58a6ba7ee0042717
Referenced In Project/Scope: Login2 SSO Project:compile
jakarta.enterprise.cdi-api-4.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.jboss.weld.se/weld-se-core@5.1.2.Final

Identifiers

jakarta.enterprise.lang-model-4.0.1.jar

Description:

Build Compatible (Reflection-Free) Java Language Model for CDI

License:

Apache License 2.0: https://repository.jboss.org/licenses/apache-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/jakarta/enterprise/jakarta.enterprise.lang-model/4.0.1/jakarta.enterprise.lang-model-4.0.1.jar
MD5: fe02deb673794ba67c5e423bcca3d229
SHA1: 2b195781faad31c1724d8122136909c34c3ae79e
SHA256:53acafe65b6ef0195fa1b8a0ef2650e5aa024c32cb4059c4df372d6b32089cd3
Referenced In Project/Scope: Login2 SSO Project:compile
jakarta.enterprise.lang-model-4.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.jboss.weld.se/weld-se-core@5.1.2.Final

Identifiers

jakarta.inject-api-2.0.1.jar

Description:

Jakarta Dependency Injection

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/jakarta/inject/jakarta.inject-api/2.0.1/jakarta.inject-api-2.0.1.jar
MD5: 72003bf6efcc8455d414bbd7da86c11c
SHA1: 4c28afe1991a941d7702fe1362c365f0a8641d1e
SHA256:f7dc98062fccf14126abb751b64fab12c312566e8cbdc8483598bffcea93af7c
Referenced In Project/Scope: Login2 SSO Project:compile
jakarta.inject-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

jakarta.interceptor-api-2.1.0.jar

Description:

        Jakarta Interceptors defines a means of interposing on business method invocations
        and specific events—such as lifecycle events and timeout events—that occur on instances
        of Jakarta EE components and other managed classes.

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /var/lib/jenkins/.m2/repository/jakarta/interceptor/jakarta.interceptor-api/2.1.0/jakarta.interceptor-api-2.1.0.jar
MD5: c68f893a96a6ddbcd08c09d508ae0040
SHA1: 1d06a662708601400af4556577ee514c4ad01549
SHA256:ef787d3f713fc6ff4f02cd4b0dbed08f93d8af3400c90cbb43fb4b5c0583710b
Referenced In Project/Scope: Login2 SSO Project:compile
jakarta.interceptor-api-2.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.jboss.weld.se/weld-se-core@5.1.2.Final

Identifiers

jakarta.persistence-api-3.1.0.jar

Description:

Jakarta Persistence 3.1 API jar

License:

Eclipse Public License v. 2.0: http://www.eclipse.org/legal/epl-2.0
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/lib/jenkins/.m2/repository/jakarta/persistence/jakarta.persistence-api/3.1.0/jakarta.persistence-api-3.1.0.jar
MD5: 35a1b7dfb38cf44ff795be607b0e6b5b
SHA1: 66901fa1c373c6aff65c13791cc11da72060a8d6
SHA256:475389446d35c6f46c565728b756dc508c284644ea2690644e0d8e7e339d42fd
Referenced In Project/Scope: Login2 SSO Project:compile
jakarta.persistence-api-3.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

jakarta.servlet-api-6.0.0.jar

Description:

Jakarta Servlet 6.0

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /var/lib/jenkins/.m2/repository/jakarta/servlet/jakarta.servlet-api/6.0.0/jakarta.servlet-api-6.0.0.jar
MD5: 4bcb3175ed9b7aa3f038d082879ec2a8
SHA1: abecc699286e65035ebba9844c03931357a6a963
SHA256:c034eb1afb158987dbb53a5fea0cadf611c8dae8daadd59c44d9d5ab70129cef
Referenced In Project/Scope: Login2 SSO Project:provided
jakarta.servlet-api-6.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

jakarta.transaction-api-2.0.1.jar

Description:

Jakarta Transactions

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /var/lib/jenkins/.m2/repository/jakarta/transaction/jakarta.transaction-api/2.0.1/jakarta.transaction-api-2.0.1.jar
MD5: 5315974a3935e342b40849478e1c9966
SHA1: 51a520e3fae406abb84e2e1148e6746ce3f80a1a
SHA256:50c0a7c760c13ae6c042acf182b28f0047413db95b4636fb8879bcffab5ba875
Referenced In Project/Scope: Login2 SSO Project:compile
jakarta.transaction-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-core@6.6.0.Final

Identifiers

jakarta.xml.bind-api-4.0.2.jar

Description:

Jakarta XML Binding API 4.0 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/lib/jenkins/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/4.0.2/jakarta.xml.bind-api-4.0.2.jar
MD5: 0c8f9991081def819435c3ff36e4d93f
SHA1: 6cd5a999b834b63238005b7144136379dc36cad2
SHA256:0d6bcfe47763e85047acf7c398336dc84ff85ebcad0a7cb6f3b9d3e981245406
Referenced In Project/Scope: Login2 SSO Project:compile
jakarta.xml.bind-api-4.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

jandex-3.2.0.jar

Description:

SmallRye Build Parent POM

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/io/smallrye/jandex/3.2.0/jandex-3.2.0.jar
MD5: 703254a1bd4c37efeebdc0a283c65565
SHA1: f17ad860f62a08487b9edabde608f8ac55c62fa7
SHA256:6da3e9ce8d0c0a433f3e7ce610a3c66accb00c71fee67aa0ff3e5a841395ac15
Referenced In Project/Scope: Login2 SSO Project:runtime
jandex-3.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-core@6.6.0.Final

Identifiers

java-jwt-4.4.0.jar

Description:

Java implementation of JSON Web Token (JWT)

License:

The MIT License (MIT): https://raw.githubusercontent.com/auth0/java-jwt/master/LICENSE
File Path: /var/lib/jenkins/.m2/repository/com/auth0/java-jwt/4.4.0/java-jwt-4.4.0.jar
MD5: 7fe567995099e1ee3f45adbc2f3c18c5
SHA1: 0e02407d19971bfa241441212901dd327a37722b
SHA256:173aab2a30727e5586e13055fb6c4e27112453f5d8cf1136b3369c674cbe011f
Referenced In Project/Scope: Login2 SSO Project:compile
java-jwt-4.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

javalin-6.1.6.jar

File Path: /var/lib/jenkins/.m2/repository/io/javalin/javalin/6.1.6/javalin-6.1.6.jar
MD5: 15a246964f03f0c46ebe31b1a4209d7b
SHA1: 3410da381c9d8410a3d228068684e8c32135ec1b
SHA256:0c0993b74a2ab8fe7fcfe71465975f046f9b49c7f735ed18ef655d7e596b6bfd
Referenced In Project/Scope: Login2 SSO Project:compile
javalin-6.1.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

javalin-rendering-6.1.6.jar

File Path: /var/lib/jenkins/.m2/repository/io/javalin/javalin-rendering/6.1.6/javalin-rendering-6.1.6.jar
MD5: 9124e72158daa259421dde5fc9cfc8b4
SHA1: 60fcb0691e3a6de1dcbefc644cc6c88877422704
SHA256:ad4fc986aa3d087831d33a2f411ab8e0f508c98807108f9d5d87f33a54fb4130
Referenced In Project/Scope: Login2 SSO Project:compile
javalin-rendering-6.1.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

javassist-3.29.0-GA.jar

Description:

  	Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
    simple.  It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/lib/jenkins/.m2/repository/org/javassist/javassist/3.29.0-GA/javassist-3.29.0-GA.jar
MD5: aefc94eda66e54b96825ffc807cfbafd
SHA1: d3959fa7e00bf04dbe519228a23213d2afb625d8
SHA256:62d4065362e8969ce654f2b5541de1efb5b5bca6c146dbd38a595ea4df64cd31
Referenced In Project/Scope: Login2 SSO Project:compile
javassist-3.29.0-GA.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.thymeleaf/thymeleaf@3.1.2.RELEASE

Identifiers

jaxb-core-4.0.2.jar

Description:

JAXB Core module. Contains sources required by XJC, JXC and Runtime modules.

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/lib/jenkins/.m2/repository/org/glassfish/jaxb/jaxb-core/4.0.2/jaxb-core-4.0.2.jar
MD5: f47f53ebb68dd97dea880a6eeb49814e
SHA1: 08c29249f6c10f4ee08967783831580b0f5c5360
SHA256:d7ff2954ad78480bbab9391cccff3a22f42a82b6e09aeca1c7d502411c470ccd
Referenced In Project/Scope: Login2 SSO Project:runtime
jaxb-core-4.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-core@6.6.0.Final

Identifiers

jaxb-runtime-4.0.2.jar

Description:

JAXB (JSR 222) Reference Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/lib/jenkins/.m2/repository/org/glassfish/jaxb/jaxb-runtime/4.0.2/jaxb-runtime-4.0.2.jar
MD5: b7fa25f7058a49fe29ad39619efb4022
SHA1: e4e4e0c5b0d42054d00dc4023901572a60d368c7
SHA256:1bc271e61b71ca4bd89eb053f3d2c91d478211b02a8982cb520f216fe0e9a939
Referenced In Project/Scope: Login2 SSO Project:runtime
jaxb-runtime-4.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-core@6.6.0.Final

Identifiers

jboss-classfilewriter-1.3.0.Final.jar

Description:

A bytecode writer that creates .class files at runtime

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/org/jboss/classfilewriter/jboss-classfilewriter/1.3.0.Final/jboss-classfilewriter-1.3.0.Final.jar
MD5: 9846f4a725f1c7dc72db64d6323cac4b
SHA1: 57355ee654223e3a7595b2656a4fa04d6c858988
SHA256:2190c0db43e0126a23d77fd5ad96d24473c7df7606eeeb07bf3d0d501c101456
Referenced In Project/Scope: Login2 SSO Project:compile
jboss-classfilewriter-1.3.0.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.jboss.weld.se/weld-se-core@5.1.2.Final

Identifiers

jboss-logging-3.5.0.Final.jar

Description:

The JBoss Logging Framework

License:

Apache License, version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/org/jboss/logging/jboss-logging/3.5.0.Final/jboss-logging-3.5.0.Final.jar
MD5: bdb57db05e9905e02dbbf1cbedf26469
SHA1: c19307cc11f28f5e2679347e633a3294d865334d
SHA256:7bb135b081952f6d32d83374619ae5201b05ca3bf862a28dd111016ce19b2c07
Referenced In Project/Scope: Login2 SSO Project:compile
jboss-logging-3.5.0.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-core@6.6.0.Final

Identifiers

jboss-logging-annotations-2.2.1.Final.jar

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/org/jboss/logging/jboss-logging-annotations/2.2.1.Final/jboss-logging-annotations-2.2.1.Final.jar
MD5: 65ea45ee652a89f43a9a06bd8f0e5139
SHA1: ee3db82d956ee22c4f1f2df9c611e048e79a4a43
SHA256:f1524fc9d7ed3afc87d365ab0d280ef260c8dd1836435689e8300fd5a51ed178
Referenced In Project/Scope: Login2 SSO Project:compile
jboss-logging-annotations-2.2.1.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.jboss.weld.se/weld-se-core@5.1.2.Final

Identifiers

jboss-logging-processor-2.2.1.Final.jar

File Path: /var/lib/jenkins/.m2/repository/org/jboss/logging/jboss-logging-processor/2.2.1.Final/jboss-logging-processor-2.2.1.Final.jar
MD5: 892d7183feef6ac2ec0fc22ae3771ea7
SHA1: 271a8e01caec4017d7a5104ef0b24390b4b06711
SHA256:33a34f022d8eda8f768ed10a8eaf815c10e90854ca2f409a3fe5f2b3dc137102
Referenced In Project/Scope: Login2 SSO Project:compile
jboss-logging-processor-2.2.1.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.jboss.weld.se/weld-se-core@5.1.2.Final

Identifiers

jdeparser-2.0.3.Final.jar

File Path: /var/lib/jenkins/.m2/repository/org/jboss/jdeparser/jdeparser/2.0.3.Final/jdeparser-2.0.3.Final.jar
MD5: 1a9cd8093e720b54b2e88ed90cf4b69e
SHA1: f1982f9caa0ed8a2663d4c648aaa9a82d14eb962
SHA256:aec3ed49b47cb7531e2f88c603eecdc5f5b46ae976d72624162d23ee7fca3803
Referenced In Project/Scope: Login2 SSO Project:compile
jdeparser-2.0.3.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.jboss.weld.se/weld-se-core@5.1.2.Final

Identifiers

jetty-io-11.0.20.jar

Description:

Jetty module for Jetty :: IO Utility

License:

https://www.eclipse.org/legal/epl-2.0/, https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/lib/jenkins/.m2/repository/org/eclipse/jetty/jetty-io/11.0.20/jetty-io-11.0.20.jar
MD5: 69edc0f6fb44ad9cd341f15d086859d7
SHA1: 2095d70a6089a6af5ad22d3c8ea0887e3d56f776
SHA256:af6bbb9c64f5c2612a74524d1954864b6fec97dd854b3b84a6abd8f8198a476c
Referenced In Project/Scope: Login2 SSO Project:compile
jetty-io-11.0.20.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.javalin/javalin@6.1.6

Identifiers

CVE-2024-8184  

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack.  By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2024-6763  

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.

The HttpURI class does insufficient validation on the authority segment of a URI.  However the behaviour of HttpURI
 differs from the common browsers in how it handles a URI that would be 
considered invalid if fully validated against the RRC.  Specifically HttpURI
 and the browser may differ on the value of the host extracted from an 
invalid URI and thus a combination of Jetty and a vulnerable browser may
 be vulnerable to a open redirect attack or to a SSRF attack if the URI 
is used after passing validation checks.
CWE-1286 Improper Validation of Syntactic Correctness of Input, NVD-CWE-Other

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

jetty-jakarta-servlet-api-5.0.2.jar

Description:

Combined servlet api and schemas for use in JPMS and OSGi environments

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /var/lib/jenkins/.m2/repository/org/eclipse/jetty/toolchain/jetty-jakarta-servlet-api/5.0.2/jetty-jakarta-servlet-api-5.0.2.jar
MD5: 7de826f76a829dc9dfb41e437ff4bd01
SHA1: 027fce6d666a203526236d33d00e202a4136230f
SHA256:efb20997729f32bfa6c8a8319037c353f7ad460d5d49f336bf232998ea2358db
Referenced In Project/Scope: Login2 SSO Project:compile
jetty-jakarta-servlet-api-5.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.javalin/javalin@6.1.6

Identifiers

jetty-server-11.0.20.jar

Description:

The core jetty server artifact.

License:

https://www.eclipse.org/legal/epl-2.0/, https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/lib/jenkins/.m2/repository/org/eclipse/jetty/jetty-server/11.0.20/jetty-server-11.0.20.jar
MD5: b6d93046e20136bfca140d4f68cd9c8a
SHA1: 4b42686cc172c2dc68014ae62800ba49cef1fc68
SHA256:7757201614b4014c0992d981b6327a7fa0bc86b6dc07b47a75389633506583aa
Referenced In Project/Scope: Login2 SSO Project:compile
jetty-server-11.0.20.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.javalin/javalin@6.1.6

Identifiers

CVE-2024-8184  

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack.  By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2024-6763  

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.

The HttpURI class does insufficient validation on the authority segment of a URI.  However the behaviour of HttpURI
 differs from the common browsers in how it handles a URI that would be 
considered invalid if fully validated against the RRC.  Specifically HttpURI
 and the browser may differ on the value of the host extracted from an 
invalid URI and thus a combination of Jetty and a vulnerable browser may
 be vulnerable to a open redirect attack or to a SSRF attack if the URI 
is used after passing validation checks.
CWE-1286 Improper Validation of Syntactic Correctness of Input, NVD-CWE-Other

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

kotlin-stdlib-1.9.23.jar

Description:

Kotlin Standard Library

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib/1.9.23/kotlin-stdlib-1.9.23.jar
MD5: cb64a3d7f5b6f2ac37fe1532a3c1b2ef
SHA1: dbaadea1f5e68f790d242a91a38355a83ec38747
SHA256:8910cc238807d86ef550cb1f0b10dd5ed40b35a4ec1a52525f760aede84ead37
Referenced In Project/Scope: Login2 SSO Project:compile
kotlin-stdlib-1.9.23.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.javalin/javalin@6.1.6

Identifiers

log4j-core-2.24.3.jar

Description:

A versatile, industrial-grade, and reference implementation of the Log4j API.
    It bundles a rich set of components to assist various use cases:
    Appenders targeting files, network sockets, databases, SMTP servers;
    Layouts that can render CSV, HTML, JSON, Syslog, etc. formatted outputs;
    Filters that can be configured using log event rates, regular expressions, scripts, time, etc.
    It contains several extension points to introduce custom components, if needed.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/org/apache/logging/log4j/log4j-core/2.24.3/log4j-core-2.24.3.jar
MD5: 3f52ab7782fdd1349bd872b5dcf48bed
SHA1: 7f6a261243ca767c7f38fd4b542bcde626c8894e
SHA256:7eb4084596ae25bd3c61698e48e8d0ab65a9260758884ed5cbb9c6e55c44a56a
Referenced In Project/Scope: Login2 SSO Project:runtime
log4j-core-2.24.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.23.1

Identifiers

log4j-slf4j2-impl-2.23.1.jar

Description:

The Apache Log4j SLF4J 2.0 API binding to Log4j 2 Core

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/org/apache/logging/log4j/log4j-slf4j2-impl/2.23.1/log4j-slf4j2-impl-2.23.1.jar
MD5: 62d4accc4524bc50ae07bff09dbebf24
SHA1: c3ffee33404c3a178f026fd8c7ef0e058b01b01c
SHA256:fcc0f68d71152112ce7ca9bf2388dc6d735beee9b699da230a94deef7f4c81c8
Referenced In Project/Scope: Login2 SSO Project:compile
log4j-slf4j2-impl-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

lombok-1.18.34.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: /var/lib/jenkins/.m2/repository/org/projectlombok/lombok/1.18.34/lombok-1.18.34.jar
MD5: 91ce91dbfa7694bff4ddc1e51643f8b2
SHA1: ec547ef414ab1d2c040118fb9c1c265ada63af14
SHA256:c27d6b2aff56241d1b07fcbcc6b183709e6b432c80f7374eeb1d823e86d4b81a
Referenced In Project/Scope: Login2 SSO Project:provided
lombok-1.18.34.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

lombok-1.18.34.jar: mavenEcjBootstrapAgent.jar

File Path: /var/lib/jenkins/.m2/repository/org/projectlombok/lombok/1.18.34/lombok-1.18.34.jar/lombok/launch/mavenEcjBootstrapAgent.jar
MD5: e5552f93605e20eb4039662ee38ee41a
SHA1: 257946794d3fbaff9023c991de99d6b7a7be8c8d
SHA256:7f93cde1d476e8d84f51213c52d70eb596fcde669fbd30fbd5a6745346fdde9d
Referenced In Project/Scope: Login2 SSO Project:provided

Identifiers

  • None

main.js

File Path: /var/lib/jenkins/workspace/Login2/src/main/resources/resources/public/js/main.js
MD5: 7b0868df8995fd9342c944115c3f0611
SHA1: 9d74ee83b70d1a5b12c5f2e8eba529f1d74d94c6
SHA256:8247f36afe124d7b35237f3ac0109896c10a656fa6ffffe6067b24a53e137611
Referenced In Project/Scope: Login2 SSO Project

Identifiers

  • None

ognl-3.3.4.jar

Description:

OGNL - Object Graph Navigation Library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/ognl/ognl/3.3.4/ognl-3.3.4.jar
MD5: 1893dad14f3e7ddd95d211e1d3ca1a0f
SHA1: 1904789bdd96f226ad252a02f230be1015f4462b
SHA256:47fdd450407ff09b57df02f466f9b4c7d32818962d65f9d98e445c8b4d047603
Referenced In Project/Scope: Login2 SSO Project:compile
ognl-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.thymeleaf/thymeleaf@3.1.2.RELEASE

Identifiers

passay-1.6.4.jar

Description:

Library for checking that a password complies with a custom set of rules

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-3.0.txt
File Path: /var/lib/jenkins/.m2/repository/org/passay/passay/1.6.4/passay-1.6.4.jar
MD5: c93f0aa06cecc9052475c507323801c4
SHA1: 527e998bc625b5853260b7058c1ed36098b7c7fd
SHA256:25addc3be29e488f824f0c04d2cb89bc146ae6bfbf9ab11ebca0515945875d48
Referenced In Project/Scope: Login2 SSO Project:compile
passay-1.6.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

scrypt-1.4.0.jar

Description:

Java implementation of scrypt

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/com/lambdaworks/scrypt/1.4.0/scrypt-1.4.0.jar
MD5: 7bf2cf8c7b88f715e68ebf6afaa0ca58
SHA1: 906506b74f30c8c20bccd9ed4a11112d8941fe87
SHA256:9a82d218099fb14c10c0e86e7eefeebd8c104de920acdc47b8b4b7a686fb73b4
Referenced In Project/Scope: Login2 SSO Project:compile
scrypt-1.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

sender.js

File Path: /var/lib/jenkins/workspace/Login2/src/main/resources/resources/public/js/sender.js
MD5: a2b920f0c1253b1b3940c6f742abdedb
SHA1: b1b8d0dbdd16d4b7091e62aabfd6e8dc685bbdb6
SHA256:aff255bd9f5f8031fd29f0598cf628ee11b848a5bfa0839569d35382126cad3a
Referenced In Project/Scope: Login2 SSO Project

Identifiers

  • None

slf4j-api-2.0.17.jar

Description:

The slf4j API

License:

https://opensource.org/license/mit
File Path: /var/lib/jenkins/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832
Referenced In Project/Scope: Login2 SSO Project:compile
slf4j-api-2.0.17.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.javalin/javalin@6.1.6

Identifiers

thymeleaf-3.1.2.RELEASE.jar

File Path: /var/lib/jenkins/.m2/repository/org/thymeleaf/thymeleaf/3.1.2.RELEASE/thymeleaf-3.1.2.RELEASE.jar
MD5: 4a9b2210cb35b43fb0b8499e17b9c880
SHA1: 273997509a4c7aef86cee0521750140c587d9be2
SHA256:2b3a714be2de349ccb60c65603ae5e8bd7060c7a4f8833485707671e9a862a24
Referenced In Project/Scope: Login2 SSO Project:compile
thymeleaf-3.1.2.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

thymeleaf-extras-java8time-3.0.4.RELEASE.jar

Description:

Modern server-side Java template engine for both web and standalone environments

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/org/thymeleaf/extras/thymeleaf-extras-java8time/3.0.4.RELEASE/thymeleaf-extras-java8time-3.0.4.RELEASE.jar
MD5: 01420fcda7481663f967836c440f9bc5
SHA1: 36e7175ddce36c486fff4578b5af7bb32f54f5df
SHA256:c07690c764329afd148a4134980d636911390a3fda45f6c6ae46517e4b4444d3
Referenced In Project/Scope: Login2 SSO Project:compile
thymeleaf-extras-java8time-3.0.4.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

txw2-4.0.2.jar

Description:

        TXW is a library that allows you to write XML documents.

File Path: /var/lib/jenkins/.m2/repository/org/glassfish/jaxb/txw2/4.0.2/txw2-4.0.2.jar
MD5: d6f9cea932f006bad4ac3fd48dc8c799
SHA1: 24e167be69c29ebb7ee0a3b1f9b546f1dfd111fc
SHA256:ea71912e4f0a42530f77c9840ae90019c46402dedfdf007cff03797429a0cf0c
Referenced In Project/Scope: Login2 SSO Project:runtime
txw2-4.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate.orm/hibernate-core@6.6.0.Final

Identifiers

unbescape-1.1.6.RELEASE.jar

Description:

Advanced yet easy-to-use escape/unescape library for Java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/lib/jenkins/.m2/repository/org/unbescape/unbescape/1.1.6.RELEASE/unbescape-1.1.6.RELEASE.jar
MD5: d95ed94e1624e307a1958ee105ccbf39
SHA1: 7b90360afb2b860e09e8347112800d12c12b2a13
SHA256:597cf87d5b1a4f385b9d1cec974b7b483abb3ee85fc5b3f8b62af8e4bec95c2c
Referenced In Project/Scope: Login2 SSO Project:compile
unbescape-1.1.6.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.thymeleaf/thymeleaf@3.1.2.RELEASE

Identifiers

webjars-locator-core-0.59.jar

Description:

WebJar Locator Core functionality

License:

MIT: https://github.com/webjars/webjars-locator-core/blob/master/LICENSE.md
File Path: /var/lib/jenkins/.m2/repository/org/webjars/webjars-locator-core/0.59/webjars-locator-core-0.59.jar
MD5: 3138e5b870eddc24595a2c658fa1d648
SHA1: a25e04cb0437d88eb177af1dface14edcd0cd767
SHA256:86e89c3504205ecfbc169cffcbc220bb2f4a68077acc5a95692d1129bf0e53fb
Referenced In Project/Scope: Login2 SSO Project:compile
webjars-locator-core-0.59.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

websocket-core-server-11.0.20.jar

Description:

Jetty module for Jetty :: Websocket :: Core :: Server

License:

https://www.eclipse.org/legal/epl-2.0/, https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/lib/jenkins/.m2/repository/org/eclipse/jetty/websocket/websocket-core-server/11.0.20/websocket-core-server-11.0.20.jar
MD5: 7fc2bbe5d0f49ec2caae91cb79c4839b
SHA1: e36ce1405f083a4aef306af965389716bbc4565f
SHA256:abd18764b2c679fd18f0ee4a0cb0b486bb9abecde29a0b904e5c6ae91f59558d
Referenced In Project/Scope: Login2 SSO Project:compile
websocket-core-server-11.0.20.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.javalin/javalin@6.1.6

Identifiers

CVE-2024-8184  

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack.  By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2024-6763  

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.

The HttpURI class does insufficient validation on the authority segment of a URI.  However the behaviour of HttpURI
 differs from the common browsers in how it handles a URI that would be 
considered invalid if fully validated against the RRC.  Specifically HttpURI
 and the browser may differ on the value of the host extracted from an 
invalid URI and thus a combination of Jetty and a vulnerable browser may
 be vulnerable to a open redirect attack or to a SSRF attack if the URI 
is used after passing validation checks.
CWE-1286 Improper Validation of Syntactic Correctness of Input, NVD-CWE-Other

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

websocket-jetty-server-11.0.20.jar

Description:

Jetty Websocket Server

License:

https://www.eclipse.org/legal/epl-2.0/, https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/lib/jenkins/.m2/repository/org/eclipse/jetty/websocket/websocket-jetty-server/11.0.20/websocket-jetty-server-11.0.20.jar
MD5: b52cbb4e3267f0efef35342a368a8873
SHA1: db8c847c95d5b4bf88def60f6b59059ae39195bb
SHA256:490d7f5bccd05b097c5554e8cbc17287670df870630f6f07e247a392cce9eb75
Referenced In Project/Scope: Login2 SSO Project:compile
websocket-jetty-server-11.0.20.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.javalin/javalin@6.1.6

Identifiers

CVE-2024-8184  

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack.  By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2024-6763  

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.

The HttpURI class does insufficient validation on the authority segment of a URI.  However the behaviour of HttpURI
 differs from the common browsers in how it handles a URI that would be 
considered invalid if fully validated against the RRC.  Specifically HttpURI
 and the browser may differ on the value of the host extracted from an 
invalid URI and thus a combination of Jetty and a vulnerable browser may
 be vulnerable to a open redirect attack or to a SSRF attack if the URI 
is used after passing validation checks.
CWE-1286 Improper Validation of Syntactic Correctness of Input, NVD-CWE-Other

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

weld-api-5.0.SP3.jar

Description:

Weld specifc extensions to the CDI API

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/lib/jenkins/.m2/repository/org/jboss/weld/weld-api/5.0.SP3/weld-api-5.0.SP3.jar
MD5: abd5bcee9d149e33bf50a94aadc8c212
SHA1: d912a98b3753c170efdb929b21a0b34f535063e9
SHA256:a9700024cf13c4c00e6967517db71fe97542d56a8f493498c4873ca96782417c
Referenced In Project/Scope: Login2 SSO Project:compile
weld-api-5.0.SP3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.jboss.weld.se/weld-se-core@5.1.2.Final

Identifiers

weld-core-impl-5.1.2.Final.jar

Description:

Weld's implementation of CDI

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/lib/jenkins/.m2/repository/org/jboss/weld/weld-core-impl/5.1.2.Final/weld-core-impl-5.1.2.Final.jar
MD5: 12e2500ea81369c77a08d4267081b137
SHA1: de67df376572677be4a7e3316bf922f714bd493f
SHA256:bacbdb887b2cc9223f625e966554dd8ac5dac2fa4bdad89e9fbdfc0f8af9095d
Referenced In Project/Scope: Login2 SSO Project:compile
weld-core-impl-5.1.2.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.jboss.weld.se/weld-se-core@5.1.2.Final

Identifiers

weld-environment-common-5.1.2.Final.jar

Description:

Common tools for non-standard Weld environments (SE, Servlet containers)

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/lib/jenkins/.m2/repository/org/jboss/weld/environment/weld-environment-common/5.1.2.Final/weld-environment-common-5.1.2.Final.jar
MD5: 8f0439f88caf166f9e57827276cba32b
SHA1: 9f68111322c7627261ee89525e81cf7bf8488aae
SHA256:89ed7263a81dfaf1737d8cc9d2bbc4fde057966ae055103b1a69efe93d40885a
Referenced In Project/Scope: Login2 SSO Project:compile
weld-environment-common-5.1.2.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.jboss.weld.se/weld-se-core@5.1.2.Final

Identifiers

weld-lite-extension-translator-5.1.2.Final.jar

File Path: /var/lib/jenkins/.m2/repository/org/jboss/weld/weld-lite-extension-translator/5.1.2.Final/weld-lite-extension-translator-5.1.2.Final.jar
MD5: b9b8f4aeea6cbf78cb3bace90c6b21bc
SHA1: 706be38a497306b0878c1cf30e0bf643066f4971
SHA256:a3e1236b17f0dd250a406ad34e0649da6246faedafe940cc6531b0ad93e6e2e5
Referenced In Project/Scope: Login2 SSO Project:compile
weld-lite-extension-translator-5.1.2.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.jboss.weld.se/weld-se-core@5.1.2.Final

Identifiers

weld-se-core-5.1.2.Final.jar

Description:

Weld support for Java SE

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/lib/jenkins/.m2/repository/org/jboss/weld/se/weld-se-core/5.1.2.Final/weld-se-core-5.1.2.Final.jar
MD5: 0ec449dfc4c6a902f5119ba71ceb4ec9
SHA1: 17834ef49ec6d975fc4898c65187605a7d6e7cd3
SHA256:accf6e204d289d12bd43c2734bd32a101066bf12127d965234aa6764ff95348c
Referenced In Project/Scope: Login2 SSO Project:compile
weld-se-core-5.1.2.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers

weld-spi-5.0.SP3.jar

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/lib/jenkins/.m2/repository/org/jboss/weld/weld-spi/5.0.SP3/weld-spi-5.0.SP3.jar
MD5: a42ada46d447dce78c0b7b282ffb903b
SHA1: e24b5f540396d389849088e7c29c5cf6c345bdf7
SHA256:31a94fddbcb11be2279546c5ff812fc29e407af72d49e6723df74f00409f8c72
Referenced In Project/Scope: Login2 SSO Project:compile
weld-spi-5.0.SP3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.jboss.weld.se/weld-se-core@5.1.2.Final

Identifiers

zxcvbn-1.9.0.jar

Description:

This is a java port of zxcvbn, which is a JavaScript password strength generator.

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/lib/jenkins/.m2/repository/com/nulab-inc/zxcvbn/1.9.0/zxcvbn-1.9.0.jar
MD5: c049283df99508f4a3fec73f52ceea7b
SHA1: 47e0b80099d6109ef199072aaab326325aca5e44
SHA256:38efaebab09144eb1f4d4c9ff650e79df875a8d6c4539c105b079a606bb7db34
Referenced In Project/Scope: Login2 SSO Project:compile
zxcvbn-1.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.flasby.login/login2@1.0-SNAPSHOT

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.