Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 7.4.1Report Generated On : Fri, 16 Dec 2022 16:41:33 +0100Dependencies Scanned : 30 (25 unique)Vulnerable Dependencies : 2 Vulnerabilities Found : 2Vulnerabilities Suppressed : 3... NVD CVE Checked : 2022-12-16T15:27:25NVD CVE Modified : 2022-12-16T14:00:03VersionCheckOn : 2022-12-16T15:27:33Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies Description:
A set of annotations used for code inspection support and code documentation. License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/konradwindszus/.m2/repository/org/jetbrains/annotations/23.0.0/annotations-23.0.0.jar
MD5: 8484cd17d040d837983323f760b2c660
SHA1: 8cc20c07506ec18e0834947b84a864bfc094484e
SHA256: 7b0f19724082cbfcbc66e5abea2b9bc92cf08a1ea11e191933ed43801eb3cd05
Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name annotations High Vendor jar package name annotations Highest Vendor jar package name jetbrains Highest Vendor Manifest multi-release true Low Vendor pom artifactid annotations Highest Vendor pom artifactid annotations Low Vendor pom developer id JetBrains Medium Vendor pom developer name JetBrains Team Medium Vendor pom developer org JetBrains Medium Vendor pom developer org URL https://www.jetbrains.com Medium Vendor pom groupid org.jetbrains Highest Vendor pom name JetBrains Java Annotations High Vendor pom url JetBrains/java-annotations Highest Product file name annotations High Product jar package name annotations Highest Product jar package name jetbrains Highest Product Manifest multi-release true Low Product pom artifactid annotations Highest Product pom developer id JetBrains Low Product pom developer name JetBrains Team Low Product pom developer org JetBrains Low Product pom developer org URL https://www.jetbrains.com Low Product pom groupid org.jetbrains Highest Product pom name JetBrains Java Annotations High Product pom url JetBrains/java-annotations High Version file version 23.0.0 High Version pom version 23.0.0 Highest
Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/konradwindszus/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
SHA256: 4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569
Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name commons-codec High Vendor jar package name apache Highest Vendor jar package name codec Highest Vendor jar package name commons Highest Vendor jar package name encoder Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low Vendor Manifest bundle-symbolicname org.apache.commons.codec Medium Vendor Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-codec Highest Vendor pom artifactid commons-codec Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dgraham@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jon@collab.net Low Vendor pom developer email julius@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@totalsync.com Low Vendor pom developer email tn@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dgraham Medium Vendor pom developer id dlr Medium Vendor pom developer id ggregory Medium Vendor pom developer id jon Medium Vendor pom developer id julius Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id tn Medium Vendor pom developer id tobrien Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name David Graham Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jon S. Stevens Medium Vendor pom developer name Julius Davies Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer name Tim OBrien Medium Vendor pom developer org URL http://juliusdavies.ca/ Medium Vendor pom groupid commons-codec Highest Vendor pom name Apache Commons Codec High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-codec/ Highest Product file name commons-codec High Product jar package name apache Highest Product jar package name codec Highest Product jar package name commons Highest Product jar package name encoder Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low Product Manifest Bundle-Name Apache Commons Codec Medium Product Manifest bundle-symbolicname org.apache.commons.codec Medium Product Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low Product Manifest Implementation-Title Apache Commons Codec High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Apache Commons Codec Medium Product pom artifactid commons-codec Highest Product pom developer email bayard@apache.org Low Product pom developer email dgraham@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@apache.org Low Product pom developer email jon@collab.net Low Product pom developer email julius@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@totalsync.com Low Product pom developer email tn@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer id bayard Low Product pom developer id dgraham Low Product pom developer id dlr Low Product pom developer id ggregory Low Product pom developer id jon Low Product pom developer id julius Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id tn Low Product pom developer id tobrien Low Product pom developer name Daniel Rall Low Product pom developer name David Graham Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jon S. Stevens Low Product pom developer name Julius Davies Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Thomas Neidhart Low Product pom developer name Tim OBrien Low Product pom developer org URL http://juliusdavies.ca/ Low Product pom groupid commons-codec Highest Product pom name Apache Commons Codec High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-codec/ Medium Version file version 1.10 High Version Manifest Implementation-Version 1.10 High Version pom parent-version 1.10 Low Version pom version 1.10 Highest
Description:
Types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/konradwindszus/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name commons-collections High Vendor jar package name apache Highest Vendor jar package name collections Highest Vendor jar package name commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/collections/ Low Vendor Manifest bundle-symbolicname org.apache.commons.collections Medium Vendor Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Vendor Manifest implementation-url http://commons.apache.org/collections/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-collections Highest Vendor pom artifactid commons-collections Low Vendor pom developer id amamment Medium Vendor pom developer id bayard Medium Vendor pom developer id craigmcc Medium Vendor pom developer id geirm Medium Vendor pom developer id jcarman Medium Vendor pom developer id matth Medium Vendor pom developer id morgand Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Arun M. Thomas Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom groupid commons-collections Highest Vendor pom name Apache Commons Collections High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/collections/ Highest Product file name commons-collections High Product jar package name apache Highest Product jar package name collections Highest Product jar package name commons Highest Product Manifest bundle-docurl http://commons.apache.org/collections/ Low Product Manifest Bundle-Name Apache Commons Collections Medium Product Manifest bundle-symbolicname org.apache.commons.collections Medium Product Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Product Manifest Implementation-Title Apache Commons Collections High Product Manifest implementation-url http://commons.apache.org/collections/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Product Manifest specification-title Apache Commons Collections Medium Product pom artifactid commons-collections Highest Product pom developer id amamment Low Product pom developer id bayard Low Product pom developer id craigmcc Low Product pom developer id geirm Low Product pom developer id jcarman Low Product pom developer id matth Low Product pom developer id morgand Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id scolebourne Low Product pom developer name Arun M. Thomas Low Product pom developer name Craig McClanahan Low Product pom developer name Geir Magnusson Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Matthew Hawthorne Low Product pom developer name Morgan Delagrange Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Stephen Colebourne Low Product pom groupid commons-collections Highest Product pom name Apache Commons Collections High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/collections/ Medium Version file version 3.2.2 High Version Manifest Bundle-Version 3.2.2 High Version Manifest Implementation-Version 3.2.2 High Version pom parent-version 3.2.2 Low Version pom version 3.2.2 Highest
Description:
H2 Database Engine License:
MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/
EPL 1.0: https://opensource.org/licenses/eclipse-1.0.php File Path: /Users/konradwindszus/.m2/repository/com/h2database/h2/2.1.212/h2-2.1.212.jar
MD5: 7c75f03eead676ec375981653b380d5d
SHA1: f3187885395bd0c0e0e83f96641bb630f368ee2f
SHA256: db9284c6ff9bf3bc0087851edbd34563f1180df3ae87c67c5fe2203c0e67a536
Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name h2 High Vendor jar package name database Highest Vendor jar package name engine Highest Vendor jar package name h2 Highest Vendor Manifest automatic-module-name com.h2database Medium Vendor Manifest bundle-category jdbc Low Vendor Manifest bundle-symbolicname com.h2database Medium Vendor Manifest implementation-url https://h2database.com Low Vendor Manifest multi-release true Low Vendor Manifest provide-capability osgi.service;objectClass:List=org.osgi.service.jdbc.DataSourceFactory Low Vendor pom artifactid h2 Highest Vendor pom artifactid h2 Low Vendor pom developer email thomas.tom.mueller at gmail dot com Low Vendor pom developer id thomas.tom.mueller Medium Vendor pom developer name Thomas Mueller Medium Vendor pom groupid com.h2database Highest Vendor pom name H2 Database Engine High Vendor pom url https://h2database.com Highest Product file name h2 High Product jar package name database Highest Product jar package name engine Highest Product jar package name h2 Highest Product jar package name jdbc Highest Product jar package name org Highest Product jar package name service Highest Product Manifest automatic-module-name com.h2database Medium Product Manifest bundle-category jdbc Low Product Manifest Bundle-Name H2 Database Engine Medium Product Manifest bundle-symbolicname com.h2database Medium Product Manifest Implementation-Title H2 Database Engine High Product Manifest implementation-url https://h2database.com Low Product Manifest multi-release true Low Product Manifest provide-capability osgi.service;objectClass:List=org.osgi.service.jdbc.DataSourceFactory Low Product pom artifactid h2 Highest Product pom developer email thomas.tom.mueller at gmail dot com Low Product pom developer id thomas.tom.mueller Low Product pom developer name Thomas Mueller Low Product pom groupid com.h2database Highest Product pom name H2 Database Engine High Product pom url https://h2database.com Medium Version file version 2.1.212 High Version Manifest Bundle-Version 2.1.212 High Version Manifest Implementation-Version 2.1.212 High Version pom version 2.1.212 Highest
CVE-2022-45868 suppress
The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that." CWE-312 Cleartext Storage of Sensitive Information
CVSSv3:
Base Score: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
File Path: /Users/konradwindszus/.m2/repository/com/h2database/h2/2.1.212/h2-2.1.212.jar/org/h2/util/data.zip/org/h2/server/web/res/table.jsMD5: 1c37e9e03787c821410ce684efa8feb7SHA1: 3377bc4afb4fa0aeaa4fff9098ebb4446fa5be99SHA256: 07e1b3fc6feb8a8713b6659fc047cd9177d85b22f4bb0fa857be1c81786db701Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence
File Path: /Users/konradwindszus/.m2/repository/com/h2database/h2/2.1.212/h2-2.1.212.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.jsMD5: 4303428a5a49c1ae6c87a5dde9b4c9c3SHA1: 9bca06117ddee5657dbe89eea197372128fe56e9SHA256: 1d5c4ba3b1a5dfcfe250fba716b55a9a7d0ffe624fc480713ff782c4d671836fReferenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence
Description:
Apache HttpComponents Core (blocking I/O)
File Path: /Users/konradwindszus/.m2/repository/org/apache/httpcomponents/httpcore/4.4.15/httpcore-4.4.15.jarMD5: be7c67929df007fcac6c8eff5322d3a0SHA1: 7f2e0c573eaa7a74bac2e89b359e1f73d92a0a1dSHA256: 3cbaed088c499a10f96dde58f39dc0e7985171abd88138ca1655a872011bb142Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name httpcore High Vendor jar package name apache Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Vendor Manifest implementation-build ${scmBranch}@r${buildNumber}; 2021-12-03 08:31:58+0000 Low Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low Vendor pom artifactid httpcore Highest Vendor pom artifactid httpcore Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpCore High Vendor pom parent-artifactid httpcomponents-core Low Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Product file name httpcore High Product jar package name apache Highest Product jar package name http Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Product Manifest implementation-build ${scmBranch}@r${buildNumber}; 2021-12-03 08:31:58+0000 Low Product Manifest Implementation-Title HttpComponents Apache HttpCore High Product Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Product Manifest specification-title HttpComponents Apache HttpCore Medium Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low Product pom artifactid httpcore Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpCore High Product pom parent-artifactid httpcomponents-core Medium Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Version file version 4.4.15 High Version Manifest Implementation-Version 4.4.15 High Version pom version 4.4.15 Highest
Description:
Apache HttpComponents HttpClient - MIME coded entities
File Path: /Users/konradwindszus/.m2/repository/org/apache/httpcomponents/httpmime/4.5.8/httpmime-4.5.8.jarMD5: 19302e1a687081659f576fa029c48f66SHA1: f5bd81aa5b2d091398199e6ee234bf7094889f1dSHA256: 6605f21f081581d558cfecd6c48f2cbc6ae09a0839f208c622b2bea66b1fc4d0Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name httpmime High Vendor jar package name apache Highest Vendor jar package name mime Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpmime Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpmime Highest Vendor pom artifactid httpmime Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpClient Mime High Vendor pom parent-artifactid httpcomponents-client Low Vendor pom url http://hc.apache.org/httpcomponents-client Highest Product file name httpmime High Product jar package name apache Highest Product jar package name http Highest Product jar package name mime Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpmime Medium Product Manifest Implementation-Title Apache HttpClient Mime High Product Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Product Manifest specification-title Apache HttpClient Mime Medium Product pom artifactid httpmime Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpClient Mime High Product pom parent-artifactid httpcomponents-client Medium Product pom url http://hc.apache.org/httpcomponents-client Medium Version file version 4.5.8 High Version Manifest Implementation-Version 4.5.8 High Version pom version 4.5.8 Highest
Description:
The Apache Jackrabbit™ content repository is a fully conforming implementation of the Content Repository for Java Technology API (JCR, specified in JSR 170 and 283). A content repository is a hierarchical content store with support for structured and unstructured content, full text search, versioning, transactions, observation, and more. Apache Jackrabbit is a project of the Apache Software Foundation. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/konradwindszus/.m2/repository/org/apache/jackrabbit/jackrabbit-spi/2.20.7/jackrabbit-spi-2.20.7.jar
MD5: abe6aa9d35083ba78f2d29e32d483a75
SHA1: f9ed8807f09966361494f35a94377944d1fe2aaa
SHA256: e1e3cf0a075f7efcde4053cff64322bcc8d0cc25fe570ba194806705c0196f12
Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name jackrabbit-spi High Vendor jar package name apache Highest Vendor jar package name jackrabbit Highest Vendor jar package name spi Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl http://jackrabbit.apache.org Low Vendor Manifest bundle-symbolicname org.apache.jackrabbit.jackrabbit-spi Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid jackrabbit-spi Highest Vendor pom artifactid jackrabbit-spi Low Vendor pom groupid org.apache.jackrabbit Highest Vendor pom name Jackrabbit SPI High Vendor pom parent-artifactid jackrabbit-parent Low Product file name jackrabbit-spi High Product jar package name apache Highest Product jar package name jackrabbit Highest Product jar package name spi Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl http://jackrabbit.apache.org Low Product Manifest Bundle-Name Jackrabbit SPI Medium Product Manifest bundle-symbolicname org.apache.jackrabbit.jackrabbit-spi Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jackrabbit-spi Highest Product pom groupid org.apache.jackrabbit Highest Product pom name Jackrabbit SPI High Product pom parent-artifactid jackrabbit-parent Medium Version file version 2.20.7 High Version Manifest Bundle-Version 2.20.7 High Version pom version 2.20.7 Highest
Related Dependencies jackrabbit-jcr-commons-2.20.7.jarFile Path: /Users/konradwindszus/.m2/repository/org/apache/jackrabbit/jackrabbit-jcr-commons/2.20.7/jackrabbit-jcr-commons-2.20.7.jar MD5: 85dfe63d666633c9ae2a79473c34ad46 SHA1: 2a90ed4f8fd7b9df9e9006b6066b6f5ad49555cc SHA256: 7319ee71b6aeed17d239063275a8e70d27c41bc064b9c5e1f6322f3a7245c977 pkg:maven/org.apache.jackrabbit/jackrabbit-jcr-commons@2.20.7 jackrabbit-jcr2spi-2.20.7.jarFile Path: /Users/konradwindszus/.m2/repository/org/apache/jackrabbit/jackrabbit-jcr2spi/2.20.7/jackrabbit-jcr2spi-2.20.7.jar MD5: bad230965c4adf1b45e40d444fd3f3de SHA1: 2d702a216282005b38225347954c40d2f72288b4 SHA256: 696d4edbfda51b3d883e0fa0412c72175122011b52b66ec8b460634f06c32080 pkg:maven/org.apache.jackrabbit/jackrabbit-jcr2spi@2.20.7 jackrabbit-spi-commons-2.20.7.jarFile Path: /Users/konradwindszus/.m2/repository/org/apache/jackrabbit/jackrabbit-spi-commons/2.20.7/jackrabbit-spi-commons-2.20.7.jar MD5: 6664619cc27dafe259ab2a12f0bff01d SHA1: 198da17e96d4553277b304d90cf821fa1b036823 SHA256: f8dd60b3db8e07381857cf20104ec97b399c2acc5194329a15b0b8f930597d58 pkg:maven/org.apache.jackrabbit/jackrabbit-spi-commons@2.20.7 jackrabbit-spi2dav-2.20.7.jarFile Path: /Users/konradwindszus/.m2/repository/org/apache/jackrabbit/jackrabbit-spi2dav/2.20.7/jackrabbit-spi2dav-2.20.7.jar MD5: 1d47a58d18e97234a4fbc72f8e0e442b SHA1: c40c571477e50e985d927f93d948e531e2929304 SHA256: 100c8c0c6685d8fc5946eec1e29db87ba887c5f51e3ec7885ef8f5e76bfa6d26 pkg:maven/org.apache.jackrabbit/jackrabbit-spi2dav@2.20.7 jackrabbit-webdav-2.20.7.jarFile Path: /Users/konradwindszus/.m2/repository/org/apache/jackrabbit/jackrabbit-webdav/2.20.7/jackrabbit-webdav-2.20.7.jar MD5: 497c24834ca0197ec22998731f12fbcf SHA1: 09dab081c4ce070fb97a9332b9a8344d9d508127 SHA256: 999698e03c83529602ff61c56b72731d6b6f98a3fd4fc4c8f187501c8de02d4c pkg:maven/org.apache.jackrabbit/jackrabbit-webdav@2.20.7 Description:
JCL 1.2 implemented over SLF4J License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/konradwindszus/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.36/jcl-over-slf4j-1.7.36.jar
MD5: 8065610cde33ed9fd5d34367912c1938
SHA1: d877e195a05aca4a2f1ad2ff14bfec1393af4b5e
SHA256: ab57ca8fd223772c17365d121f59e94ecbf0ae59d08c03a3cb5b81071c019195
Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name jcl-over-slf4j High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor Manifest automatic-module-name org.apache.commons.logging Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname jcl.over.slf4j Medium Vendor pom artifactid jcl-over-slf4j Highest Vendor pom artifactid jcl-over-slf4j Low Vendor pom groupid org.slf4j Highest Vendor pom name JCL 1.2 implemented over SLF4J High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name jcl-over-slf4j High Product jar package name apache Highest Product jar package name commons Highest Product jar package name logging Highest Product Manifest automatic-module-name org.apache.commons.logging Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name jcl-over-slf4j Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname jcl.over.slf4j Medium Product Manifest Implementation-Title jcl-over-slf4j High Product pom artifactid jcl-over-slf4j Highest Product pom groupid org.slf4j Highest Product pom name JCL 1.2 implemented over SLF4J High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 1.7.36 High Version Manifest Bundle-Version 1.7.36 High Version Manifest Implementation-Version 1.7.36 High Version pom version 1.7.36 Highest
Description:
The Content Repository API for JavaTM Technology Version 2.0 is specified by JSR-283.
This module contains the complete API as specified.
License:
Day Specification License: http://www.day.com/dam/day/downloads/jsr283/day-spec-license.htm
Day Specification License addendum: http://www.day.com/content/dam/day/downloads/jsr283/LICENSE.txt File Path: /Users/konradwindszus/.m2/repository/javax/jcr/jcr/2.0/jcr-2.0.jar
MD5: ede5e78b16c8ed298ce0b6d296584ebd
SHA1: 08297216bcfe4aea369ed6ee0d1718133f752e97
SHA256: cbf083bc58cb88a0c19112187a4c52d3115f525b5bb7f2913635f5679e6e9743
Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name jcr High Vendor jar package name javax Highest Vendor jar package name jcr Highest Vendor jar package name repository Highest Vendor jar package name version Highest Vendor Manifest bundle-category jcr Low Vendor Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=283 Low Vendor Manifest bundle-symbolicname javax.jcr Medium Vendor pom artifactid jcr Highest Vendor pom artifactid jcr Low Vendor pom groupid javax.jcr Highest Vendor pom name Content Repository for JavaTM Technology API High Vendor pom organization name Day Software High Vendor pom organization url http://www.day.com Medium Vendor pom url http://www.jcp.org/en/jsr/detail?id=283 Highest Product file name jcr High Product jar package name javax Highest Product jar package name jcr Highest Product jar package name repository Highest Product jar package name version Highest Product Manifest bundle-category jcr Low Product Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=283 Low Product Manifest Bundle-Name Content Repository for JavaTM Technology API Medium Product Manifest bundle-symbolicname javax.jcr Medium Product pom artifactid jcr Highest Product pom groupid javax.jcr Highest Product pom name Content Repository for JavaTM Technology API High Product pom organization name Day Software Low Product pom organization url http://www.day.com Low Product pom url http://www.jcp.org/en/jsr/detail?id=283 Medium Version file version 2.0 High Version Manifest Bundle-Version 2.0 High Version pom version 2.0 Highest
File Path: /Users/konradwindszus/.m2/repository/org/apache/maven/maven-artifact/3.8.4/maven-artifact-3.8.4.jarMD5: 12fcb750af57b284313d2a356e7de928SHA1: 6dba6d03ac7abd8b895595b0ee7000ce35c3d421SHA256: 4273b4e84805f7350eb61a1eea5debfd71d1147414b3b441b92d535218cdf0aeReferenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name maven-artifact High Vendor jar package name apache Highest Vendor jar package name artifact Highest Vendor jar package name maven Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-artifact Highest Vendor pom artifactid maven-artifact Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Artifact High Vendor pom parent-artifactid maven Low Product file name maven-artifact High Product jar package name apache Highest Product jar package name artifact Highest Product jar package name maven Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Maven Artifact High Product Manifest specification-title Maven Artifact Medium Product pom artifactid maven-artifact Highest Product pom groupid org.apache.maven Highest Product pom name Maven Artifact High Product pom parent-artifactid maven Medium Version file version 3.8.4 High Version Manifest Implementation-Version 3.8.4 High Version pom version 3.8.4 Highest
Description:
The goal of the Oak effort within the Apache Jackrabbit project is to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/konradwindszus/.m2/repository/org/apache/jackrabbit/oak-jackrabbit-api/1.44.0/oak-jackrabbit-api-1.44.0.jar
MD5: a348e08e831ad1840bb07d6ca48ed9a2
SHA1: f6a871d253a33d20c75c52c03b53c898a07281b0
SHA256: 87f0f55407ebc65dbda063dca29635fa555461fb7523cc94ed76a8e4439be1da
Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name oak-jackrabbit-api High Vendor jar package name apache Highest Vendor jar package name api Highest Vendor jar package name jackrabbit Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-category oak Low Vendor Manifest bundle-docurl http://jackrabbit.apache.org/oak/ Low Vendor Manifest bundle-symbolicname org.apache.jackrabbit.oak-jackrabbit-api Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid oak-jackrabbit-api Highest Vendor pom artifactid oak-jackrabbit-api Low Vendor pom groupid org.apache.jackrabbit Highest Vendor pom name Jackrabbit API High Vendor pom parent-artifactid oak-parent Low Product file name oak-jackrabbit-api High Product jar package name apache Highest Product jar package name api Highest Product jar package name jackrabbit Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-category oak Low Product Manifest bundle-docurl http://jackrabbit.apache.org/oak/ Low Product Manifest Bundle-Name Jackrabbit API Medium Product Manifest bundle-symbolicname org.apache.jackrabbit.oak-jackrabbit-api Medium Product Manifest Implementation-Title Jackrabbit API High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Jackrabbit API Medium Product pom artifactid oak-jackrabbit-api Highest Product pom groupid org.apache.jackrabbit Highest Product pom name Jackrabbit API High Product pom parent-artifactid oak-parent Medium Version file version 1.44.0 High Version Manifest Bundle-Version 1.44.0 High Version Manifest Implementation-Version 1.44.0 High Version pom version 1.44.0 Highest
Description:
This OSGi bundle provides the JCR packages as
well as a helper service interface to be implemented and
provided by repository providers.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/konradwindszus/.m2/repository/org/apache/sling/org.apache.sling.jcr.api/2.0.4/org.apache.sling.jcr.api-2.0.4.jar
MD5: 8c4564154601f35e80c2032ec1403630
SHA1: 7e35a044abe3a76725b036b32640bfe1e0ceb476
SHA256: 995cd9ce4dd2e8d27f42666e1e31f47a4f8ef52452edd052cae74d8e41d85f69
Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name org.apache.sling.jcr.api High Vendor jar package name apache Highest Vendor jar package name api Highest Vendor jar package name jcr Highest Vendor jar package name sling Highest Vendor Manifest bundle-docurl http://sling.apache.org Low Vendor Manifest bundle-symbolicname org.apache.sling.jcr.api Medium Vendor pom artifactid apache.sling.jcr.api Low Vendor pom artifactid org.apache.sling.jcr.api Highest Vendor pom groupid org.apache.sling Highest Vendor pom name Apache Sling Repository API Bundle High Vendor pom parent-artifactid sling Low Product file name org.apache.sling.jcr.api High Product jar package name apache Highest Product jar package name api Highest Product jar package name jcr Highest Product jar package name sling Highest Product Manifest bundle-docurl http://sling.apache.org Low Product Manifest Bundle-Name Apache Sling Repository API Bundle Medium Product Manifest bundle-symbolicname org.apache.sling.jcr.api Medium Product pom artifactid apache.sling.jcr.api Highest Product pom artifactid org.apache.sling.jcr.api Highest Product pom groupid org.apache.sling Highest Product pom name Apache Sling Repository API Bundle High Product pom parent-artifactid sling Medium Version file version 2.0.4 High Version Manifest Bundle-Version 2.0.4 High Version pom parent-version 2.0.4 Low Version pom version 2.0.4 Highest
Description:
OSGi Companion Code for org.osgi.annotation.versioning Version 1.1.0 License:
Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /Users/konradwindszus/.m2/repository/org/osgi/org.osgi.annotation.versioning/1.1.0/org.osgi.annotation.versioning-1.1.0.jar
MD5: 9e7e55c1937b223e6d85d9376864bdb1
SHA1: f6954fdcee1f910599fcb304522f9168c3e9cd27
SHA256: ae98f705c2e624b262c02bcacb8b1f033349e82371ac8d41f2ffc242fde5766f
Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name org.osgi.annotation.versioning High Vendor jar package name annotation Highest Vendor jar package name osgi Highest Vendor jar package name versioning Highest Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. Low Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance"; organizationUrl=https://www.osgi.org/ Low Vendor Manifest bundle-docurl https://www.osgi.org/ Low Vendor Manifest bundle-symbolicname org.osgi.annotation.versioning Medium Vendor Manifest git-descriptor hudson-build.core-1432 Low Vendor Manifest git-sha ac877b9fdaa36e26adb939cf9dd425e77243f449 Low Vendor Manifest require-capability osgi.unresolvable;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid org.osgi.annotation.versioning Highest Vendor pom artifactid osgi.annotation.versioning Low Vendor pom developer email info@osgi.org Low Vendor pom developer id osgi Medium Vendor pom developer name OSGi Alliance Medium Vendor pom developer org OSGi Alliance Medium Vendor pom developer org URL https://www.osgi.org/ Medium Vendor pom groupid org.osgi Highest Vendor pom name org.osgi:org.osgi.annotation.versioning High Vendor pom organization name OSGi Alliance High Vendor pom organization url https://www.osgi.org/ Medium Vendor pom url https://www.osgi.org/ Highest Product file name org.osgi.annotation.versioning High Product jar package name annotation Highest Product jar package name osgi Highest Product jar package name version Highest Product jar package name versioning Highest Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. Low Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance"; organizationUrl=https://www.osgi.org/ Low Product Manifest bundle-docurl https://www.osgi.org/ Low Product Manifest Bundle-Name org.osgi:org.osgi.annotation.versioning Medium Product Manifest bundle-symbolicname org.osgi.annotation.versioning Medium Product Manifest git-descriptor hudson-build.core-1432 Low Product Manifest git-sha ac877b9fdaa36e26adb939cf9dd425e77243f449 Low Product Manifest require-capability osgi.unresolvable;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom artifactid org.osgi.annotation.versioning Highest Product pom artifactid osgi.annotation.versioning Highest Product pom developer email info@osgi.org Low Product pom developer id osgi Low Product pom developer name OSGi Alliance Low Product pom developer org OSGi Alliance Low Product pom developer org URL https://www.osgi.org/ Low Product pom groupid org.osgi Highest Product pom name org.osgi:org.osgi.annotation.versioning High Product pom organization name OSGi Alliance Low Product pom organization url https://www.osgi.org/ Low Product pom url https://www.osgi.org/ Medium Version file version 1.1.0 High Version pom version 1.1.0 Highest
Description:
OSGi Companion Code for org.osgi.framework Version 1.8.0. License:
Apache License, Version 2.0: http://opensource.org/licenses/apache2.0.php File Path: /Users/konradwindszus/.m2/repository/org/osgi/org.osgi.framework/1.8.0/org.osgi.framework-1.8.0.jar
MD5: 1a40fb57099ef5530d25bc9600d509b1
SHA1: b54d03f9621136b7d9d93b5017b0a4fa490e78b0
SHA256: ec194b7871af27681716ff05259319a5c3c9b9727e8000e9e832499b93484b4e
Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name org.osgi.framework High Vendor jar package name framework Highest Vendor jar package name osgi Highest Vendor jar package name version Highest Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Vendor Manifest bundle-docurl http://www.osgi.org/ Low Vendor Manifest bundle-symbolicname org.osgi.framework Medium Vendor Manifest git-descriptor hudson-build.cmpn-793 Low Vendor Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom artifactid org.osgi.framework Highest Vendor pom artifactid osgi.framework Low Vendor pom developer email info@osgi.org Low Vendor pom developer id osgi Medium Vendor pom developer name OSGi Alliance Medium Vendor pom developer org OSGi Alliance Medium Vendor pom groupid org.osgi Highest Vendor pom name org.osgi:org.osgi.framework High Vendor pom organization name OSGi Alliance High Vendor pom organization url http://www.osgi.org/ Medium Vendor pom url http://www.osgi.org/ Highest Product file name org.osgi.framework High Product jar package name filter Highest Product jar package name framework Highest Product jar package name osgi Highest Product jar package name version Highest Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Product Manifest bundle-docurl http://www.osgi.org/ Low Product Manifest Bundle-Name org.osgi:org.osgi.framework Medium Product Manifest bundle-symbolicname org.osgi.framework Medium Product Manifest git-descriptor hudson-build.cmpn-793 Low Product Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom artifactid org.osgi.framework Highest Product pom artifactid osgi.framework Highest Product pom developer email info@osgi.org Low Product pom developer id osgi Low Product pom developer name OSGi Alliance Low Product pom developer org OSGi Alliance Low Product pom groupid org.osgi Highest Product pom name org.osgi:org.osgi.framework High Product pom organization name OSGi Alliance Low Product pom organization url http://www.osgi.org/ Low Product pom url http://www.osgi.org/ Medium Version file version 1.8.0 High Version pom version 1.8.0 Highest
Description:
OSGi Companion Code for org.osgi.service.component.annotations Version 1.4.0 License:
Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /Users/konradwindszus/.m2/repository/org/osgi/org.osgi.service.component.annotations/1.4.0/org.osgi.service.component.annotations-1.4.0.jar
MD5: a31371407b1a038f85058a497ad67ab9
SHA1: 18380195e7e657494471cf4cabcafb762f63c9a8
SHA256: 8de7c6753f00edc81df24059dcd2efd67fedcd9b020bbcc6aaa170f4a34c010c
Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name org.osgi.service.component.annotations High Vendor jar package name annotations Highest Vendor jar package name component Highest Vendor jar package name osgi Highest Vendor jar package name service Highest Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. Low Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance"; organizationUrl=https://www.osgi.org/ Low Vendor Manifest bundle-docurl https://www.osgi.org/ Low Vendor Manifest bundle-symbolicname org.osgi.service.component.annotations Medium Vendor Manifest git-descriptor hudson-build.core-1432 Low Vendor Manifest git-sha ac877b9fdaa36e26adb939cf9dd425e77243f449 Low Vendor Manifest require-capability osgi.unresolvable;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid org.osgi.service.component.annotations Highest Vendor pom artifactid osgi.service.component.annotations Low Vendor pom developer email info@osgi.org Low Vendor pom developer id osgi Medium Vendor pom developer name OSGi Alliance Medium Vendor pom developer org OSGi Alliance Medium Vendor pom developer org URL https://www.osgi.org/ Medium Vendor pom groupid org.osgi Highest Vendor pom name org.osgi:org.osgi.service.component.annotations High Vendor pom organization name OSGi Alliance High Vendor pom organization url https://www.osgi.org/ Medium Vendor pom url https://www.osgi.org/ Highest Product file name org.osgi.service.component.annotations High Product jar package name annotations Highest Product jar package name component Highest Product jar package name osgi Highest Product jar package name service Highest Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. Low Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance"; organizationUrl=https://www.osgi.org/ Low Product Manifest bundle-docurl https://www.osgi.org/ Low Product Manifest Bundle-Name org.osgi:org.osgi.service.component.annotations Medium Product Manifest bundle-symbolicname org.osgi.service.component.annotations Medium Product Manifest git-descriptor hudson-build.core-1432 Low Product Manifest git-sha ac877b9fdaa36e26adb939cf9dd425e77243f449 Low Product Manifest require-capability osgi.unresolvable;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom artifactid org.osgi.service.component.annotations Highest Product pom artifactid osgi.service.component.annotations Highest Product pom developer email info@osgi.org Low Product pom developer id osgi Low Product pom developer name OSGi Alliance Low Product pom developer org OSGi Alliance Low Product pom developer org URL https://www.osgi.org/ Low Product pom groupid org.osgi Highest Product pom name org.osgi:org.osgi.service.component.annotations High Product pom organization name OSGi Alliance Low Product pom organization url https://www.osgi.org/ Low Product pom url https://www.osgi.org/ Medium Version file version 1.4.0 High Version pom version 1.4.0 Highest
Description:
OSGi Companion Code for org.osgi.service.metatype.annotations Version 1.3.0. License:
Apache License, Version 2.0: http://opensource.org/licenses/apache2.0.php File Path: /Users/konradwindszus/.m2/repository/org/osgi/org.osgi.service.metatype.annotations/1.3.0/org.osgi.service.metatype.annotations-1.3.0.jar
MD5: 24ea8f241e59463a4f28bcdd6aec9bfe
SHA1: 793a335fb4d18190a2e7a89614001c65853c91c5
SHA256: 8c3b9a54751849d9cc6cbdddf1afe82c86ef6e64f02dfbd30e9859962e446f05
Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name org.osgi.service.metatype.annotations High Vendor jar package name annotations Highest Vendor jar package name metatype Highest Vendor jar package name osgi Highest Vendor jar package name service Highest Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Vendor Manifest bundle-docurl http://www.osgi.org/ Low Vendor Manifest bundle-symbolicname org.osgi.service.metatype.annotations Medium Vendor Manifest git-descriptor hudson-build.cmpn-793 Low Vendor Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Vendor Manifest require-capability osgi.compile.time.only;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom artifactid org.osgi.service.metatype.annotations Highest Vendor pom artifactid osgi.service.metatype.annotations Low Vendor pom developer email info@osgi.org Low Vendor pom developer id osgi Medium Vendor pom developer name OSGi Alliance Medium Vendor pom developer org OSGi Alliance Medium Vendor pom groupid org.osgi Highest Vendor pom name org.osgi:org.osgi.service.metatype.annotations High Vendor pom organization name OSGi Alliance High Vendor pom organization url http://www.osgi.org/ Medium Vendor pom url http://www.osgi.org/ Highest Product file name org.osgi.service.metatype.annotations High Product jar package name annotations Highest Product jar package name metatype Highest Product jar package name osgi Highest Product jar package name service Highest Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Product Manifest bundle-docurl http://www.osgi.org/ Low Product Manifest Bundle-Name org.osgi:org.osgi.service.metatype.annotations Medium Product Manifest bundle-symbolicname org.osgi.service.metatype.annotations Medium Product Manifest git-descriptor hudson-build.cmpn-793 Low Product Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Product Manifest require-capability osgi.compile.time.only;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom artifactid org.osgi.service.metatype.annotations Highest Product pom artifactid osgi.service.metatype.annotations Highest Product pom developer email info@osgi.org Low Product pom developer id osgi Low Product pom developer name OSGi Alliance Low Product pom developer org OSGi Alliance Low Product pom groupid org.osgi Highest Product pom name org.osgi:org.osgi.service.metatype.annotations High Product pom organization name OSGi Alliance Low Product pom organization url http://www.osgi.org/ Low Product pom url http://www.osgi.org/ Medium Version file version 1.3.0 High Version pom version 1.3.0 Highest
Description:
The bndrun files and the used bundles for resolving all FileVault bundles in the minimum support OSGi container File Path: /Users/konradwindszus/git/jackrabbit/filevault/target-osgi-environment/pom.xmlMD5: e3ea0d58517008a0433da44500ba3758SHA1: 50ccc710bab02f708ca8eb9dae94c408dbea202dSHA256: f4786707f095e7eb7fb3cd11ea2b11cbf1bae45409dbf03bb7047cdef11fa510
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor pom artifactid apache.jackrabbit.vault.target-osgi-environment Low Vendor pom groupid org.apache.jackrabbit.vault Highest Vendor pom name Apache Jackrabbit FileVault Target OSGi Environment High Vendor pom parent-artifactid parent Low Product file name pom High Product pom artifactid apache.jackrabbit.vault.target-osgi-environment Highest Product pom groupid org.apache.jackrabbit.vault Highest Product pom name Apache Jackrabbit FileVault Target OSGi Environment High Product pom parent-artifactid parent Medium Version pom version 3.6.7-SNAPSHOT Highest
Description:
The slf4j API File Path: /Users/konradwindszus/.m2/repository/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jarMD5: caafe376afb7086dcbee79f780394ca3SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8aSHA256: 18c4a0095d5c1da6b817592e767bb23d29dd2f560ad74df75ff3961dbde25b79Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom artifactid slf4j-api Highest Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest Bundle-Name slf4j-api Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 1.7.25 High Version Manifest Bundle-Version 1.7.25 High Version Manifest Implementation-Version 1.7.25 High Version pom version 1.7.25 Highest
Description:
tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.php File Path: /Users/konradwindszus/.m2/repository/org/codehaus/woodstox/stax2-api/4.2/stax2-api-4.2.jar
MD5: 5d22fe6dbb276d1fd6dab40c386a4f0a
SHA1: 13c2b30926bca0429c704c4b4ca0b5d0432b69cd
SHA256: badf6081a0bb526fd2c01951dfefad91b6846b6dd0eb0048587e30d1dd334e68
Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name stax2-api High Vendor jar package name codehaus Highest Vendor jar package name stax2 Highest Vendor jar package name typed Highest Vendor jar package name validation Highest Vendor Manifest automatic-module-name org.codehaus.stax2 Medium Vendor Manifest bundle-docurl http://github.com/FasterXML/stax2-api Low Vendor Manifest bundle-symbolicname stax2-api Medium Vendor Manifest implementation-build-date 2019-03-13 04:03:16+0000 Low Vendor Manifest Implementation-Vendor fasterxml.com High Vendor Manifest Implementation-Vendor-Id org.codehaus.woodstox Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor fasterxml.com Low Vendor pom artifactid stax2-api Highest Vendor pom artifactid stax2-api Low Vendor pom developer email tatu@fasterxml.com Low Vendor pom developer id tatu Medium Vendor pom developer name Tatu Saloranta Medium Vendor pom groupid org.codehaus.woodstox Highest Vendor pom name Stax2 API High Vendor pom organization name fasterxml.com High Vendor pom organization url http://fasterxml.com Medium Vendor pom parent-artifactid oss-parent Low Vendor pom parent-groupid com.fasterxml Medium Vendor pom url http://github.com/FasterXML/stax2-api Highest Product file name stax2-api High Product jar package name codehaus Highest Product jar package name osgi Highest Product jar package name stax2 Highest Product jar package name typed Highest Product jar package name validation Highest Product Manifest automatic-module-name org.codehaus.stax2 Medium Product Manifest bundle-docurl http://github.com/FasterXML/stax2-api Low Product Manifest Bundle-Name Stax2 API Medium Product Manifest bundle-symbolicname stax2-api Medium Product Manifest implementation-build-date 2019-03-13 04:03:16+0000 Low Product Manifest Implementation-Title Stax2 API High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Stax2 API Medium Product pom artifactid stax2-api Highest Product pom developer email tatu@fasterxml.com Low Product pom developer id tatu Low Product pom developer name Tatu Saloranta Low Product pom groupid org.codehaus.woodstox Highest Product pom name Stax2 API High Product pom organization name fasterxml.com Low Product pom organization url http://fasterxml.com Low Product pom parent-artifactid oss-parent Medium Product pom parent-groupid com.fasterxml Medium Product pom url http://github.com/FasterXML/stax2-api Medium Version file version 4.2 High Version Manifest Implementation-Version 4.2 High Version pom parent-version 4.2 Low Version pom version 4.2 Highest
Description:
TXW is a library that allows you to write XML documents.
File Path: /Users/konradwindszus/.m2/repository/org/glassfish/jaxb/txw2/2.3.2/txw2-2.3.2.jarMD5: 3f278f148c5d27dc608c25cb7d093b94SHA1: ce5be7da2e442c25ec14c766cb60cb802741727bSHA256: 4a6a9f483388d461b81aa9a28c685b8b74c0597993bf1884b04eddbca95f48feReferenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name txw2 High Vendor jar package name sun Highest Vendor jar package name txw Highest Vendor jar package name txw2 Highest Vendor jar package name xml Highest Vendor jar (hint) package name oracle Highest Vendor Manifest git-revision ae93d95 Low Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.oracle Medium Vendor Manifest (hint) Implementation-Vendor sun High Vendor pom artifactid txw2 Highest Vendor pom artifactid txw2 Low Vendor pom groupid org.glassfish.jaxb Highest Vendor pom name TXW2 Runtime High Vendor pom parent-artifactid jaxb-txw-parent Low Vendor pom parent-groupid com.sun.xml.bind.mvn Medium Product file name txw2 High Product jar package name sun Highest Product jar package name txw Highest Product jar package name txw2 Highest Product jar package name xml Highest Product Manifest git-revision ae93d95 Low Product Manifest Implementation-Title TXW Runtime High Product Manifest specification-title Java Architecture for XML Binding Medium Product pom artifactid txw2 Highest Product pom groupid org.glassfish.jaxb Highest Product pom name TXW2 Runtime High Product pom parent-artifactid jaxb-txw-parent Medium Product pom parent-groupid com.sun.xml.bind.mvn Medium Version file version 2.3.2 High Version Manifest build-id 2.3.2 Medium Version Manifest Implementation-Version 2.3.2 High Version Manifest major-version 2.3.2 Medium Version pom version 2.3.2 Highest
Description:
Unknown version of isorelax library used in JAXB project File Path: /Users/konradwindszus/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.1.1/woodstox-core-6.1.1.jar/META-INF/maven/com.sun.xml.bind.jaxb/isorelax/pom.xmlMD5: 6fbb4bc95fbf2072bc6e3b790553fe81SHA1: 314ec72948d5c1fc71d553cbbd7a130caa6f9f13SHA256: cda6451d0231a973352b592ff950e39224ba6ba1a2f35eeab66511b5c225dff1Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor pom artifactid isorelax Low Vendor pom groupid com.sun.xml.bind.jaxb Highest Vendor pom name JAXB isorelax library High Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Product pom artifactid isorelax Highest Product pom groupid com.sun.xml.bind.jaxb Highest Product pom name JAXB isorelax library High Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Version pom parent-version 20090621 Low Version pom version 20090621 Highest
Description:
XML Schema datatypes library File Path: /Users/konradwindszus/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.1.1/woodstox-core-6.1.1.jar/META-INF/maven/net.java.dev.msv/xsdlib/pom.xmlMD5: aaf872ed9d1aabee25e03c2a132ffd8eSHA1: 47f218a999411ed028f089d59ebef8f14e0fe914SHA256: d6e83c124436049d83238fc532a26c5d8ccd7e4ab10eba6d96043c850ac82f3cReferenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor pom artifactid xsdlib Low Vendor pom groupid net.java.dev.msv Highest Vendor pom name MSV XML Schema Library High Vendor pom parent-artifactid msv Low Product pom artifactid xsdlib Highest Product pom groupid net.java.dev.msv Highest Product pom name MSV XML Schema Library High Product pom parent-artifactid msv Medium Version pom version 2013.6.1 Highest
Description:
Woodstox is a high-performance XML processor that
implements Stax (JSR-173), SAX2 and Stax2 APIs
License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/konradwindszus/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.1.1/woodstox-core-6.1.1.jar
MD5: 992e39013de489a1373f14b7e153f9da
SHA1: 989bb31963ed1758b95c7c4381a91592a9a8df61
SHA256: f250662a245570fdd49c6916c1c3cd3d6511a8e5cd0d7460e989844b1d66ed67
Referenced In Project/Scope: Apache Jackrabbit FileVault Core Bundle:provided
Evidence Type Source Name Value Confidence Vendor file name woodstox-core High Vendor jar package name stax Highest Vendor Manifest bundle-docurl https://github.com/FasterXML/woodstox Low Vendor Manifest bundle-symbolicname com.fasterxml.woodstox.woodstox-core Medium Vendor Manifest implementation-build-date 2020-02-28 02:50:45+0000 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.woodstox Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid woodstox-core Highest Vendor pom artifactid woodstox-core Low Vendor pom developer email tatu@fasterxml.com Low Vendor pom developer id cowtowncoder Medium Vendor pom developer name Tatu Saloranta Medium Vendor pom groupid com.fasterxml.woodstox Highest Vendor pom name Woodstox High Vendor pom organization name FasterXML High Vendor pom organization url http://fasterxml.com Medium Vendor pom parent-artifactid oss-parent Low Vendor pom parent-groupid com.fasterxml Medium Vendor pom url FasterXML/woodstox Highest Product file name woodstox-core High Product jar package name osgi Highest Product jar package name stax Highest Product Manifest bundle-docurl https://github.com/FasterXML/woodstox Low Product Manifest Bundle-Name Woodstox Medium Product Manifest bundle-symbolicname com.fasterxml.woodstox.woodstox-core Medium Product Manifest implementation-build-date 2020-02-28 02:50:45+0000 Low Product Manifest Implementation-Title Woodstox High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Woodstox Medium Product pom artifactid woodstox-core Highest Product pom developer email tatu@fasterxml.com Low Product pom developer id cowtowncoder Low Product pom developer name Tatu Saloranta Low Product pom groupid com.fasterxml.woodstox Highest Product pom name Woodstox High Product pom organization name FasterXML Low Product pom organization url http://fasterxml.com Low Product pom parent-artifactid oss-parent Medium Product pom parent-groupid com.fasterxml Medium Product pom url FasterXML/woodstox High Version file version 6.1.1 High Version Manifest Bundle-Version 6.1.1 High Version Manifest Implementation-Version 6.1.1 High Version pom parent-version 6.1.1 Low Version pom version 6.1.1 Highest
CVE-2022-40152 (OSSINDEX)suppress
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. CWE-787 Out-of-bounds Write
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.fasterxml.woodstox:woodstox-core:6.1.1:*:*:*:*:*:*:* Suppressed Vulnerabilities oak-jackrabbit-api-1.44.0.jar Description:
The goal of the Oak effort within the Apache Jackrabbit project is to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/konradwindszus/.m2/repository/org/apache/jackrabbit/oak-jackrabbit-api/1.44.0/oak-jackrabbit-api-1.44.0.jar
MD5: a348e08e831ad1840bb07d6ca48ed9a2
SHA1: f6a871d253a33d20c75c52c03b53c898a07281b0
SHA256: 87f0f55407ebc65dbda063dca29635fa555461fb7523cc94ed76a8e4439be1da
Evidence Type Source Name Value Confidence Vendor file name oak-jackrabbit-api High Vendor jar package name apache Highest Vendor jar package name api Highest Vendor jar package name jackrabbit Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-category oak Low Vendor Manifest bundle-docurl http://jackrabbit.apache.org/oak/ Low Vendor Manifest bundle-symbolicname org.apache.jackrabbit.oak-jackrabbit-api Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid oak-jackrabbit-api Highest Vendor pom artifactid oak-jackrabbit-api Low Vendor pom groupid org.apache.jackrabbit Highest Vendor pom name Jackrabbit API High Vendor pom parent-artifactid oak-parent Low Product file name oak-jackrabbit-api High Product jar package name apache Highest Product jar package name api Highest Product jar package name jackrabbit Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-category oak Low Product Manifest bundle-docurl http://jackrabbit.apache.org/oak/ Low Product Manifest Bundle-Name Jackrabbit API Medium Product Manifest bundle-symbolicname org.apache.jackrabbit.oak-jackrabbit-api Medium Product Manifest Implementation-Title Jackrabbit API High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Jackrabbit API Medium Product pom artifactid oak-jackrabbit-api Highest Product pom groupid org.apache.jackrabbit Highest Product pom name Jackrabbit API High Product pom parent-artifactid oak-parent Medium Version file version 1.44.0 High Version Manifest Bundle-Version 1.44.0 High Version Manifest Implementation-Version 1.44.0 High Version pom version 1.44.0 Highest
CVE-2015-1833 suppressed
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N References:
Vulnerable Software & Versions: (show all )
org.apache.sling.jcr.api-2.0.4.jar Description:
This OSGi bundle provides the JCR packages as
well as a helper service interface to be implemented and
provided by repository providers.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/konradwindszus/.m2/repository/org/apache/sling/org.apache.sling.jcr.api/2.0.4/org.apache.sling.jcr.api-2.0.4.jar
MD5: 8c4564154601f35e80c2032ec1403630
SHA1: 7e35a044abe3a76725b036b32640bfe1e0ceb476
SHA256: 995cd9ce4dd2e8d27f42666e1e31f47a4f8ef52452edd052cae74d8e41d85f69
Evidence Type Source Name Value Confidence Vendor file name org.apache.sling.jcr.api High Vendor jar package name apache Highest Vendor jar package name api Highest Vendor jar package name jcr Highest Vendor jar package name sling Highest Vendor Manifest bundle-docurl http://sling.apache.org Low Vendor Manifest bundle-symbolicname org.apache.sling.jcr.api Medium Vendor pom artifactid apache.sling.jcr.api Low Vendor pom artifactid org.apache.sling.jcr.api Highest Vendor pom groupid org.apache.sling Highest Vendor pom name Apache Sling Repository API Bundle High Vendor pom parent-artifactid sling Low Product file name org.apache.sling.jcr.api High Product jar package name apache Highest Product jar package name api Highest Product jar package name jcr Highest Product jar package name sling Highest Product Manifest bundle-docurl http://sling.apache.org Low Product Manifest Bundle-Name Apache Sling Repository API Bundle Medium Product Manifest bundle-symbolicname org.apache.sling.jcr.api Medium Product pom artifactid apache.sling.jcr.api Highest Product pom artifactid org.apache.sling.jcr.api Highest Product pom groupid org.apache.sling Highest Product pom name Apache Sling Repository API Bundle High Product pom parent-artifactid sling Medium Version file version 2.0.4 High Version Manifest Bundle-Version 2.0.4 High Version pom parent-version 2.0.4 Low Version pom version 2.0.4 Highest
CVE-2022-32549 suppressed
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files. CWE-116 Improper Encoding or Escaping of Output
Notes: false positive: org.apache.sling.jcr.api-2.0.4.jar only Sling API and Sling Commons Logging affected
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2015-2944 suppressed
Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Notes: file name: org.apache.sling.jcr.api-2.0.4.jar does not suffer from CVE-2015-2944
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )