dependency-check-report.html

<!DOCTYPE html>
<html>
    <head>
        <title>Dependency-Check Report</title>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <link rel="shortcut icon" href="data:;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAVLSURBVFhHvZdvbFRFEMB3913v9Vr+FKUNRdtrewg1lQgRE0gMYkJSowYMwcSPkGDwg8ZigMR+UYzGaIuAEj+R+IfE+EUlRL+QYAwhGBMqkFQDpO1xd/YPBaSU9u767r0dZ5a513vtXVsq8Zcsb3bu9c3szuzsIMU8iEaj5fhYJlzRYCkZ7Utd+wbnQL+Nd0TeoyeAPLFgf/oiyTNxXw6g4WUhTz4JEtaiNXLCEE8l3seHJjlzsOJHfLxMsgHE4cje9B6eTUPxc0ZoxbFHG1qVFq9rCRsKjc+KFG3oFGQ6Kw6xJsCsDqDxNZYWbWSYVUFAJFkyaA2XWAxiHIlcGPukYg1rDCVDQKsOadmqBaxllY8CuKHBuqOlHlNKufFk/GdUmxxoeqTpMbBg1dGXRlZtqHc2R8rgedIXgk4eqNyXMblS1AE2vhWNP84qAxl2hewno6wyFHOAZOLAc6PRbU+kd2OyrmbVPTg3pjlQzDgazGmh40rKMY3LZrVBCi/Tl0z+gqJxYGV9fWNOWC0kF3Jm1/C2pZWwk6cG2olpOcDb7hsHgLQGcUWAGs0bV1K7EuSQFbbOLKmuPkOvkZ64mkzG8bXz5BirDBuP1fzQP6I+5yl9eAS9vxjYAVz9esx0P2a0ck+73VKGPFaR8Vtpx7k0ODiYZlVJmpcvfzirwi1SyUWsMiF5ZXX6A1zJzsq9mRO+A7T1lO2BIyZVN/6bJZFWnQO4Wl1dnerq6sqRbq401TWtw9qxjGT6zhfbs3+0Hrw+THPfgVhdA8Xdz3j84RpIdZOngrY1kUgMOR3lG1kVREkHhBp3smJ4wdLmf+TuoJOxuroW3NI6zN6L9B1W33MAV1+FW99mNIgUclBaYtCPObjx3lTqT5KxqJyk52y4nv5u4f7stzzNY+Hww0ncS0JXBIoDWryRN07JVlVTc9Xo74OQpV7F6ndk5CO7iVVEwDihVqxYYVtKrOc5bckIgHJIpnhl3MxfpWIuJZyWAMdo0Io1AOXMJFI0hm3VzrOiYG2BmsLEAz0Zd9DWzZmyHd/tLt+bOUmDthuzun3C8dryjqCDdzF5tqcPRr40f1AElcvl6lgmJkC5d1kWYS8bZ3HOVL0z0TcKiz70tBjAML4opVgsoeB2nIJyXfeKJfRxGo52j4ds+xwWmN9t1/7t8sDALX7vvqjdd31cChgi40YhZdXUSyiPGkAjPalUL43+/v6/e3p6btC4PHB5XsZ9sMqxZJAWbGIxwJz6gfkAWl5jcUYUbU1+3D60uIp0PPwiNR/wZAW3HERRh5Sy4C3LEhdoiAn368b6xhdoxKLRVn5nXmDpfZZFg7J00f5QgRYJlkV5GWyJVnk2yRpUKBaLFZ6QOYMFaAdW0x08xcXDr5E9E8V3wAmFD7NseO3pMf8uh1xuJYuzQuGjMJreT4rJc4/XrvZk6aZ0yZ47WPkm47M55mxnET23IrW1tRU8DUBFBlf2faYzcptGuefETRix9+NXDNhLHJmpPTenAON1xMyQRbZevaV5ooanwrbsdSz6kPF8kaEz7o9CqOEAvPO59yuFccBR4a/MjGnfNDp5M2IzgQnpd8QB41NBoxRvarWyVrgRe77Ad4vhHzX6H41S8l2eitO9ZR+/+dNDZ3lqbsW+VN/52x12YxlY04xbZd5IqUSbCd8BSiLby13AlTWwSnx6tvKNY10LzCmhm7E3kTiFYqAp/a/4lZCSUYIX6Frffmb86K6nxqJknDoZVD1Q48S0ajc1FBTXU8mFzVs/G77OmgdK0XLLZ7nNnGHuXvmn/w9yYrwzUvIefzAI8S83C2sS1J4rmAAAAABJRU5ErkJggg==" />
        <script type="text/javascript">
        /*! jQuery v3.4.1 | (c) JS Foundation and other contributors | jquery.org/license */
        !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.4.1",k=function(e,t){return new k.fn.init(e,t)},p=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g;function d(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}k.fn=k.prototype={jquery:f,constructor:k,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=k.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return k.each(this,e)},map:function(n){return this.pushStack(k.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},k.extend=k.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(k.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||k.isPlainObject(n)?n:{},i=!1,a[t]=k.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},k.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t){b(e,{nonce:t&&t.nonce})},each:function(e,t){var n,r=0;if(d(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},trim:function(e){return null==e?"":(e+"").replace(p,"")},makeArray:function(e,t){var n=t||[];return null!=e&&(d(Object(e))?k.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(d(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g.apply([],a)},guid:1,support:y}),"function"==typeof Symbol&&(k.fn[Symbol.iterator]=t[Symbol.iterator]),k.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var h=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,k="sizzle"+1*new Date,m=n.document,S=0,r=0,p=ue(),x=ue(),N=ue(),A=ue(),D=function(e,t){return e===t&&(l=!0),0},j={}.hasOwnProperty,t=[],q=t.pop,L=t.push,H=t.push,O=t.slice,P=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},R="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",M="[\\x20\\t\\r\\n\\f]",I="(?:\\\\.|[\\w-]|[^\0-\\xa0])+",W="\\["+M+"*("+I+")(?:"+M+"*([*^$|!~]?=)"+M+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+I+"))|)"+M+"*\\]",$=":("+I+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+W+")*)|.*)\\)|)",F=new RegExp(M+"+","g"),B=new RegExp("^"+M+"+|((?:^|[^\\\\])(?:\\\\.)*)"+M+"+$","g"),_=new RegExp("^"+M+"*,"+M+"*"),z=new RegExp("^"+M+"*([>+~]|"+M+")"+M+"*"),U=new RegExp(M+"|>"),X=new RegExp($),V=new RegExp("^"+I+"$"),G={ID:new RegExp("^#("+I+")"),CLASS:new RegExp("^\\.("+I+")"),TAG:new RegExp("^("+I+"|[*])"),ATTR:new RegExp("^"+W),PSEUDO:new RegExp("^"+$),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+R+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/HTML$/i,Q=/^(?:input|select|textarea|button)$/i,J=/^h\d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\([\\da-f]{1,6}"+M+"?|("+M+")|.)","ig"),ne=function(e,t,n){var r="0x"+t-65536;return r!=r||n?t:r<0?String.fromCharCode(r+65536):String.fromCharCode(r>>10|55296,1023&r|56320)},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ie=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(m.childNodes),m.childNodes),t[m.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function se(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&((e?e.ownerDocument||e:m)!==C&&T(e),e=e||C,E)){if(11!==p&&(u=Z.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return H.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&d.getElementsByClassName&&e.getElementsByClassName)return H.apply(n,e.getElementsByClassName(i)),n}if(d.qsa&&!A[t+" "]&&(!v||!v.test(t))&&(1!==p||"object"!==e.nodeName.toLowerCase())){if(c=t,f=e,1===p&&U.test(t)){(s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=k),o=(l=h(t)).length;while(o--)l[o]="#"+s+" "+xe(l[o]);c=l.join(","),f=ee.test(t)&&ye(e.parentNode)||e}try{return H.apply(n,f.querySelectorAll(c)),n}catch(e){A(t,!0)}finally{s===k&&e.removeAttribute("id")}}}return g(t.replace(B,"$1"),e,n,r)}function ue(){var r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[k]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function fe(e,t){var n=e.split("|"),r=n.length;while(r--)b.attrHandle[n[r]]=t}function pe(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function de(t){return function(e){return"input"===e.nodeName.toLowerCase()&&e.type===t}}function he(n){return function(e){var t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&ae(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function ve(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e.namespaceURI,n=(e.ownerDocument||e).documentElement;return!Y.test(t||n&&n.nodeName||"HTML")},T=se.setDocument=function(e){var t,n,r=e?e.ownerDocument||e:m;return r!==C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),m!==C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.attributes=ce(function(e){return e.className="i",!e.getAttribute("className")}),d.getElementsByTagName=ce(function(e){return e.appendChild(C.createComment("")),!e.getElementsByTagName("*").length}),d.getElementsByClassName=K.test(C.getElementsByClassName),d.getById=ce(function(e){return a.appendChild(e).id=k,!C.getElementsByName||!C.getElementsByName(k).length}),d.getById?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},b.find.CLASS=d.getElementsByClassName&&function(e,t){if("undefined"!=typeof t.getElementsByClassName&&E)return t.getElementsByClassName(e)},s=[],v=[],(d.qsa=K.test(C.querySelectorAll))&&(ce(function(e){a.appendChild(e).innerHTML="<a id='"+k+"'></a><select id='"+k+"-\r\\' msallowcapture=''><option selected=''></option></select>",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+k+"-]").length||v.push("~="),e.querySelectorAll(":checked").length||v.push(":checked"),e.querySelectorAll("a#"+k+"+*").length||v.push(".#.+[+~]")}),ce(function(e){e.innerHTML="<a href='' disabled='disabled'></a><select disabled='disabled'><option/></select>";var t=C.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"*[*^$|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&v.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),v.push(",.*:")})),(d.matchesSelector=K.test(c=a.matches||a.webkitMatchesSelector||a.mozMatchesSelector||a.oMatchesSelector||a.msMatchesSelector))&&ce(function(e){d.disconnectedMatch=c.call(e,"*"),c.call(e,"[s!='']:x"),s.push("!=",$)}),v=v.length&&new RegExp(v.join("|")),s=s.length&&new RegExp(s.join("|")),t=K.test(a.compareDocumentPosition),y=t||K.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},D=t?function(e,t){if(e===t)return l=!0,0;var n=!e.compareDocumentPosition-!t.compareDocumentPosition;return n||(1&(n=(e.ownerDocument||e)===(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!d.sortDetached&&t.compareDocumentPosition(e)===n?e===C||e.ownerDocument===m&&y(m,e)?-1:t===C||t.ownerDocument===m&&y(m,t)?1:u?P(u,e)-P(u,t):0:4&n?-1:1)}:function(e,t){if(e===t)return l=!0,0;var n,r=0,i=e.parentNode,o=t.parentNode,a=[e],s=[t];if(!i||!o)return e===C?-1:t===C?1:i?-1:o?1:u?P(u,e)-P(u,t):0;if(i===o)return pe(e,t);n=e;while(n=n.parentNode)a.unshift(n);n=t;while(n=n.parentNode)s.unshift(n);while(a[r]===s[r])r++;return r?pe(a[r],s[r]):a[r]===m?-1:s[r]===m?1:0}),C},se.matches=function(e,t){return se(e,null,null,t)},se.matchesSelector=function(e,t){if((e.ownerDocument||e)!==C&&T(e),d.matchesSelector&&E&&!A[t+" "]&&(!s||!s.test(t))&&(!v||!v.test(t)))try{var n=c.call(e,t);if(n||d.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(e){A(t,!0)}return 0<se(t,C,null,[e]).length},se.contains=function(e,t){return(e.ownerDocument||e)!==C&&T(e),y(e,t)},se.attr=function(e,t){(e.ownerDocument||e)!==C&&T(e);var n=b.attrHandle[t.toLowerCase()],r=n&&j.call(b.attrHandle,t.toLowerCase())?n(e,t,!E):void 0;return void 0!==r?r:d.attributes||!E?e.getAttribute(t):(r=e.getAttributeNode(t))&&r.specified?r.value:null},se.escape=function(e){return(e+"").replace(re,ie)},se.error=function(e){throw new Error("Syntax error, unrecognized expression: "+e)},se.uniqueSort=function(e){var t,n=[],r=0,i=0;if(l=!d.detectDuplicates,u=!d.sortStable&&e.slice(0),e.sort(D),l){while(t=e[i++])t===e[i]&&(r=n.push(i));while(r--)e.splice(n[r],1)}return u=null,e},o=se.getText=function(e){var t,n="",r=0,i=e.nodeType;if(i){if(1===i||9===i||11===i){if("string"==typeof e.textContent)return e.textContent;for(e=e.firstChild;e;e=e.nextSibling)n+=o(e)}else if(3===i||4===i)return e.nodeValue}else while(t=e[r++])n+=o(t);return n},(b=se.selectors={cacheLength:50,createPseudo:le,match:G,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(te,ne),e[3]=(e[3]||e[4]||e[5]||"").replace(te,ne),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||se.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&se.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return G.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&X.test(n)&&(t=h(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(te,ne).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=p[e+" "];return t||(t=new RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&p(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(n,r,i){return function(e){var t=se.attr(e,n);return null==t?"!="===r:!r||(t+="","="===r?t===i:"!="===r?t!==i:"^="===r?i&&0===t.indexOf(i):"*="===r?i&&-1<t.indexOf(i):"$="===r?i&&t.slice(-i.length)===i:"~="===r?-1<(" "+t.replace(F," ")+" ").indexOf(i):"|="===r&&(t===i||t.slice(0,i.length+1)===i+"-"))}},CHILD:function(h,e,t,g,v){var y="nth"!==h.slice(0,3),m="last"!==h.slice(-4),x="of-type"===e;return 1===g&&0===v?function(e){return!!e.parentNode}:function(e,t,n){var r,i,o,a,s,u,l=y!==m?"nextSibling":"previousSibling",c=e.parentNode,f=x&&e.nodeName.toLowerCase(),p=!n&&!x,d=!1;if(c){if(y){while(l){a=e;while(a=a[l])if(x?a.nodeName.toLowerCase()===f:1===a.nodeType)return!1;u=l="only"===h&&!u&&"nextSibling"}return!0}if(u=[m?c.firstChild:c.lastChild],m&&p){d=(s=(r=(i=(o=(a=c)[k]||(a[k]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]||[])[0]===S&&r[1])&&r[2],a=s&&c.childNodes[s];while(a=++s&&a&&a[l]||(d=s=0)||u.pop())if(1===a.nodeType&&++d&&a===e){i[h]=[S,s,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[k]||(a[k]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]||[])[0]===S&&r[1]),!1===d)while(a=++s&&a&&a[l]||(d=s=0)||u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[k]||(a[k]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]=[S,d]),a===e))break;return(d-=v)===g||d%g==0&&0<=d/g}}},PSEUDO:function(e,o){var t,a=b.pseudos[e]||b.setFilters[e.toLowerCase()]||se.error("unsupported pseudo: "+e);return a[k]?a(o):1<a.length?(t=[e,e,"",o],b.setFilters.hasOwnProperty(e.toLowerCase())?le(function(e,t){var n,r=a(e,o),i=r.length;while(i--)e[n=P(e,r[i])]=!(t[n]=r[i])}):function(e){return a(e,0,t)}):a}},pseudos:{not:le(function(e){var r=[],i=[],s=f(e.replace(B,"$1"));return s[k]?le(function(e,t,n,r){var i,o=s(e,null,r,[]),a=e.length;while(a--)(i=o[a])&&(e[a]=!(t[a]=i))}):function(e,t,n){return r[0]=e,s(r,null,n,i),r[0]=null,!i.pop()}}),has:le(function(t){return function(e){return 0<se(t,e).length}}),contains:le(function(t){return t=t.replace(te,ne),function(e){return-1<(e.textContent||o(e)).indexOf(t)}}),lang:le(function(n){return V.test(n||"")||se.error("unsupported lang: "+n),n=n.replace(te,ne).toLowerCase(),function(e){var t;do{if(t=E?e.lang:e.getAttribute("xml:lang")||e.getAttribute("lang"))return(t=t.toLowerCase())===n||0===t.indexOf(n+"-")}while((e=e.parentNode)&&1===e.nodeType);return!1}}),target:function(e){var t=n.location&&n.location.hash;return t&&t.slice(1)===e.id},root:function(e){return e===a},focus:function(e){return e===C.activeElement&&(!C.hasFocus||C.hasFocus())&&!!(e.type||e.href||~e.tabIndex)},enabled:ge(!1),disabled:ge(!0),checked:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&!!e.checked||"option"===t&&!!e.selected},selected:function(e){return e.parentNode&&e.parentNode.selectedIndex,!0===e.selected},empty:function(e){for(e=e.firstChild;e;e=e.nextSibling)if(e.nodeType<6)return!1;return!0},parent:function(e){return!b.pseudos.empty(e)},header:function(e){return J.test(e.nodeName)},input:function(e){return Q.test(e.nodeName)},button:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&"button"===e.type||"button"===t},text:function(e){var t;return"input"===e.nodeName.toLowerCase()&&"text"===e.type&&(null==(t=e.getAttribute("type"))||"text"===t.toLowerCase())},first:ve(function(){return[0]}),last:ve(function(e,t){return[t-1]}),eq:ve(function(e,t,n){return[n<0?n+t:n]}),even:ve(function(e,t){for(var n=0;n<t;n+=2)e.push(n);return e}),odd:ve(function(e,t){for(var n=1;n<t;n+=2)e.push(n);return e}),lt:ve(function(e,t,n){for(var r=n<0?n+t:t<n?t:n;0<=--r;)e.push(r);return e}),gt:ve(function(e,t,n){for(var r=n<0?n+t:n;++r<t;)e.push(r);return e})}}).pseudos.nth=b.pseudos.eq,{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})b.pseudos[e]=de(e);for(e in{submit:!0,reset:!0})b.pseudos[e]=he(e);function me(){}function xe(e){for(var t=0,n=e.length,r="";t<n;t++)r+=e[t].value;return r}function be(s,e,t){var u=e.dir,l=e.next,c=l||u,f=t&&"parentNode"===c,p=r++;return e.first?function(e,t,n){while(e=e[u])if(1===e.nodeType||f)return s(e,t,n);return!1}:function(e,t,n){var r,i,o,a=[S,p];if(n){while(e=e[u])if((1===e.nodeType||f)&&s(e,t,n))return!0}else while(e=e[u])if(1===e.nodeType||f)if(i=(o=e[k]||(e[k]={}))[e.uniqueID]||(o[e.uniqueID]={}),l&&l===e.nodeName.toLowerCase())e=e[u]||e;else{if((r=i[c])&&r[0]===S&&r[1]===p)return a[2]=r[2];if((i[c]=a)[2]=s(e,t,n))return!0}return!1}}function we(i){return 1<i.length?function(e,t,n){var r=i.length;while(r--)if(!i[r](e,t,n))return!1;return!0}:i[0]}function Te(e,t,n,r,i){for(var o,a=[],s=0,u=e.length,l=null!=t;s<u;s++)(o=e[s])&&(n&&!n(o,r,i)||(a.push(o),l&&t.push(s)));return a}function Ce(d,h,g,v,y,e){return v&&!v[k]&&(v=Ce(v)),y&&!y[k]&&(y=Ce(y,e)),le(function(e,t,n,r){var i,o,a,s=[],u=[],l=t.length,c=e||function(e,t,n){for(var r=0,i=t.length;r<i;r++)se(e,t[r],n);return n}(h||"*",n.nodeType?[n]:n,[]),f=!d||!e&&h?c:Te(c,s,d,n,r),p=g?y||(e?d:l||v)?[]:t:f;if(g&&g(f,p,n,r),v){i=Te(p,u),v(i,[],n,r),o=i.length;while(o--)(a=i[o])&&(p[u[o]]=!(f[u[o]]=a))}if(e){if(y||d){if(y){i=[],o=p.length;while(o--)(a=p[o])&&i.push(f[o]=a);y(null,p=[],i,r)}o=p.length;while(o--)(a=p[o])&&-1<(i=y?P(e,a):s[o])&&(e[i]=!(t[i]=a))}}else p=Te(p===t?p.splice(l,p.length):p),y?y(null,t,p,r):H.apply(t,p)})}function Ee(e){for(var i,t,n,r=e.length,o=b.relative[e[0].type],a=o||b.relative[" "],s=o?1:0,u=be(function(e){return e===i},a,!0),l=be(function(e){return-1<P(i,e)},a,!0),c=[function(e,t,n){var r=!o&&(n||t!==w)||((i=t).nodeType?u(e,t,n):l(e,t,n));return i=null,r}];s<r;s++)if(t=b.relative[e[s].type])c=[be(we(c),t)];else{if((t=b.filter[e[s].type].apply(null,e[s].matches))[k]){for(n=++s;n<r;n++)if(b.relative[e[n].type])break;return Ce(1<s&&we(c),1<s&&xe(e.slice(0,s-1).concat({value:" "===e[s-2].type?"*":""})).replace(B,"$1"),t,s<n&&Ee(e.slice(s,n)),n<r&&Ee(e=e.slice(n)),n<r&&xe(e))}c.push(t)}return we(c)}return me.prototype=b.filters=b.pseudos,b.setFilters=new me,h=se.tokenize=function(e,t){var n,r,i,o,a,s,u,l=x[e+" "];if(l)return t?0:l.slice(0);a=e,s=[],u=b.preFilter;while(a){for(o in n&&!(r=_.exec(a))||(r&&(a=a.slice(r[0].length)||a),s.push(i=[])),n=!1,(r=z.exec(a))&&(n=r.shift(),i.push({value:n,type:r[0].replace(B," ")}),a=a.slice(n.length)),b.filter)!(r=G[o].exec(a))||u[o]&&!(r=u[o](r))||(n=r.shift(),i.push({value:n,type:o,matches:r}),a=a.slice(n.length));if(!n)break}return t?a.length:a?se.error(e):x(e,s).slice(0)},f=se.compile=function(e,t){var n,v,y,m,x,r,i=[],o=[],a=N[e+" "];if(!a){t||(t=h(e)),n=t.length;while(n--)(a=Ee(t[n]))[k]?i.push(a):o.push(a);(a=N(e,(v=o,m=0<(y=i).length,x=0<v.length,r=function(e,t,n,r,i){var o,a,s,u=0,l="0",c=e&&[],f=[],p=w,d=e||x&&b.find.TAG("*",i),h=S+=null==p?1:Math.random()||.1,g=d.length;for(i&&(w=t===C||t||i);l!==g&&null!=(o=d[l]);l++){if(x&&o){a=0,t||o.ownerDocument===C||(T(o),n=!E);while(s=v[a++])if(s(o,t||C,n)){r.push(o);break}i&&(S=h)}m&&((o=!s&&o)&&u--,e&&c.push(o))}if(u+=l,m&&l!==u){a=0;while(s=y[a++])s(c,f,t,n);if(e){if(0<u)while(l--)c[l]||f[l]||(f[l]=q.call(r));f=Te(f)}H.apply(r,f),i&&!e&&0<f.length&&1<u+y.length&&se.uniqueSort(r)}return i&&(S=h,w=p),c},m?le(r):r))).selector=e}return a},g=se.select=function(e,t,n,r){var i,o,a,s,u,l="function"==typeof e&&e,c=!r&&h(e=l.selector||e);if(n=n||[],1===c.length){if(2<(o=c[0]=c[0].slice(0)).length&&"ID"===(a=o[0]).type&&9===t.nodeType&&E&&b.relative[o[1].type]){if(!(t=(b.find.ID(a.matches[0].replace(te,ne),t)||[])[0]))return n;l&&(t=t.parentNode),e=e.slice(o.shift().value.length)}i=G.needsContext.test(e)?0:o.length;while(i--){if(a=o[i],b.relative[s=a.type])break;if((u=b.find[s])&&(r=u(a.matches[0].replace(te,ne),ee.test(o[0].type)&&ye(t.parentNode)||t))){if(o.splice(i,1),!(e=r.length&&xe(o)))return H.apply(n,r),n;break}}}return(l||f(e,c))(r,t,!E,n,!t||ee.test(e)&&ye(t.parentNode)||t),n},d.sortStable=k.split("").sort(D).join("")===k,d.detectDuplicates=!!l,T(),d.sortDetached=ce(function(e){return 1&e.compareDocumentPosition(C.createElement("fieldset"))}),ce(function(e){return e.innerHTML="<a href='#'></a>","#"===e.firstChild.getAttribute("href")})||fe("type|href|height|width",function(e,t,n){if(!n)return e.getAttribute(t,"type"===t.toLowerCase()?1:2)}),d.attributes&&ce(function(e){return e.innerHTML="<input/>",e.firstChild.setAttribute("value",""),""===e.firstChild.getAttribute("value")})||fe("value",function(e,t,n){if(!n&&"input"===e.nodeName.toLowerCase())return e.defaultValue}),ce(function(e){return null==e.getAttribute("disabled")})||fe(R,function(e,t,n){var r;if(!n)return!0===e[t]?t.toLowerCase():(r=e.getAttributeNode(t))&&r.specified?r.value:null}),se}(C);k.find=h,k.expr=h.selectors,k.expr[":"]=k.expr.pseudos,k.uniqueSort=k.unique=h.uniqueSort,k.text=h.getText,k.isXMLDoc=h.isXML,k.contains=h.contains,k.escapeSelector=h.escape;var T=function(e,t,n){var r=[],i=void 0!==n;while((e=e[t])&&9!==e.nodeType)if(1===e.nodeType){if(i&&k(e).is(n))break;r.push(e)}return r},S=function(e,t){for(var n=[];e;e=e.nextSibling)1===e.nodeType&&e!==t&&n.push(e);return n},N=k.expr.match.needsContext;function A(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}var D=/^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function j(e,n,r){return m(n)?k.grep(e,function(e,t){return!!n.call(e,t,e)!==r}):n.nodeType?k.grep(e,function(e){return e===n!==r}):"string"!=typeof n?k.grep(e,function(e){return-1<i.call(n,e)!==r}):k.filter(n,e,r)}k.filter=function(e,t,n){var r=t[0];return n&&(e=":not("+e+")"),1===t.length&&1===r.nodeType?k.find.matchesSelector(r,e)?[r]:[]:k.find.matches(e,k.grep(t,function(e){return 1===e.nodeType}))},k.fn.extend({find:function(e){var t,n,r=this.length,i=this;if("string"!=typeof e)return this.pushStack(k(e).filter(function(){for(t=0;t<r;t++)if(k.contains(i[t],this))return!0}));for(n=this.pushStack([]),t=0;t<r;t++)k.find(e,i[t],n);return 1<r?k.uniqueSort(n):n},filter:function(e){return this.pushStack(j(this,e||[],!1))},not:function(e){return this.pushStack(j(this,e||[],!0))},is:function(e){return!!j(this,"string"==typeof e&&N.test(e)?k(e):e||[],!1).length}});var q,L=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/;(k.fn.init=function(e,t,n){var r,i;if(!e)return this;if(n=n||q,"string"==typeof e){if(!(r="<"===e[0]&&">"===e[e.length-1]&&3<=e.length?[null,e,null]:L.exec(e))||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof k?t[0]:t,k.merge(this,k.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:E,!0)),D.test(r[1])&&k.isPlainObject(t))for(r in t)m(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return(i=E.getElementById(r[2]))&&(this[0]=i,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):m(e)?void 0!==n.ready?n.ready(e):e(k):k.makeArray(e,this)}).prototype=k.fn,q=k(E);var H=/^(?:parents|prev(?:Until|All))/,O={children:!0,contents:!0,next:!0,prev:!0};function P(e,t){while((e=e[t])&&1!==e.nodeType);return e}k.fn.extend({has:function(e){var t=k(e,this),n=t.length;return this.filter(function(){for(var e=0;e<n;e++)if(k.contains(this,t[e]))return!0})},closest:function(e,t){var n,r=0,i=this.length,o=[],a="string"!=typeof e&&k(e);if(!N.test(e))for(;r<i;r++)for(n=this[r];n&&n!==t;n=n.parentNode)if(n.nodeType<11&&(a?-1<a.index(n):1===n.nodeType&&k.find.matchesSelector(n,e))){o.push(n);break}return this.pushStack(1<o.length?k.uniqueSort(o):o)},index:function(e){return e?"string"==typeof e?i.call(k(e),this[0]):i.call(this,e.jquery?e[0]:e):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(e,t){return this.pushStack(k.uniqueSort(k.merge(this.get(),k(e,t))))},addBack:function(e){return this.add(null==e?this.prevObject:this.prevObject.filter(e))}}),k.each({parent:function(e){var t=e.parentNode;return t&&11!==t.nodeType?t:null},parents:function(e){return T(e,"parentNode")},parentsUntil:function(e,t,n){return T(e,"parentNode",n)},next:function(e){return P(e,"nextSibling")},prev:function(e){return P(e,"previousSibling")},nextAll:function(e){return T(e,"nextSibling")},prevAll:function(e){return T(e,"previousSibling")},nextUntil:function(e,t,n){return T(e,"nextSibling",n)},prevUntil:function(e,t,n){return T(e,"previousSibling",n)},siblings:function(e){return S((e.parentNode||{}).firstChild,e)},children:function(e){return S(e.firstChild)},contents:function(e){return"undefined"!=typeof e.contentDocument?e.contentDocument:(A(e,"template")&&(e=e.content||e),k.merge([],e.childNodes))}},function(r,i){k.fn[r]=function(e,t){var n=k.map(this,i,e);return"Until"!==r.slice(-5)&&(t=e),t&&"string"==typeof t&&(n=k.filter(t,n)),1<this.length&&(O[r]||k.uniqueSort(n),H.test(r)&&n.reverse()),this.pushStack(n)}});var R=/[^\x20\t\r\n\f]+/g;function M(e){return e}function I(e){throw e}function W(e,t,n,r){var i;try{e&&m(i=e.promise)?i.call(e).done(t).fail(n):e&&m(i=e.then)?i.call(e,t,n):t.apply(void 0,[e].slice(r))}catch(e){n.apply(void 0,[e])}}k.Callbacks=function(r){var e,n;r="string"==typeof r?(e=r,n={},k.each(e.match(R)||[],function(e,t){n[t]=!0}),n):k.extend({},r);var i,t,o,a,s=[],u=[],l=-1,c=function(){for(a=a||r.once,o=i=!0;u.length;l=-1){t=u.shift();while(++l<s.length)!1===s[l].apply(t[0],t[1])&&r.stopOnFalse&&(l=s.length,t=!1)}r.memory||(t=!1),i=!1,a&&(s=t?[]:"")},f={add:function(){return s&&(t&&!i&&(l=s.length-1,u.push(t)),function n(e){k.each(e,function(e,t){m(t)?r.unique&&f.has(t)||s.push(t):t&&t.length&&"string"!==w(t)&&n(t)})}(arguments),t&&!i&&c()),this},remove:function(){return k.each(arguments,function(e,t){var n;while(-1<(n=k.inArray(t,s,n)))s.splice(n,1),n<=l&&l--}),this},has:function(e){return e?-1<k.inArray(e,s):0<s.length},empty:function(){return s&&(s=[]),this},disable:function(){return a=u=[],s=t="",this},disabled:function(){return!s},lock:function(){return a=u=[],t||i||(s=t=""),this},locked:function(){return!!a},fireWith:function(e,t){return a||(t=[e,(t=t||[]).slice?t.slice():t],u.push(t),i||c()),this},fire:function(){return f.fireWith(this,arguments),this},fired:function(){return!!o}};return f},k.extend({Deferred:function(e){var o=[["notify","progress",k.Callbacks("memory"),k.Callbacks("memory"),2],["resolve","done",k.Callbacks("once memory"),k.Callbacks("once memory"),0,"resolved"],["reject","fail",k.Callbacks("once memory"),k.Callbacks("once memory"),1,"rejected"]],i="pending",a={state:function(){return i},always:function(){return s.done(arguments).fail(arguments),this},"catch":function(e){return a.then(null,e)},pipe:function(){var i=arguments;return k.Deferred(function(r){k.each(o,function(e,t){var n=m(i[t[4]])&&i[t[4]];s[t[1]](function(){var e=n&&n.apply(this,arguments);e&&m(e.promise)?e.promise().progress(r.notify).done(r.resolve).fail(r.reject):r[t[0]+"With"](this,n?[e]:arguments)})}),i=null}).promise()},then:function(t,n,r){var u=0;function l(i,o,a,s){return function(){var n=this,r=arguments,e=function(){var e,t;if(!(i<u)){if((e=a.apply(n,r))===o.promise())throw new TypeError("Thenable self-resolution");t=e&&("object"==typeof e||"function"==typeof e)&&e.then,m(t)?s?t.call(e,l(u,o,M,s),l(u,o,I,s)):(u++,t.call(e,l(u,o,M,s),l(u,o,I,s),l(u,o,M,o.notifyWith))):(a!==M&&(n=void 0,r=[e]),(s||o.resolveWith)(n,r))}},t=s?e:function(){try{e()}catch(e){k.Deferred.exceptionHook&&k.Deferred.exceptionHook(e,t.stackTrace),u<=i+1&&(a!==I&&(n=void 0,r=[e]),o.rejectWith(n,r))}};i?t():(k.Deferred.getStackHook&&(t.stackTrace=k.Deferred.getStackHook()),C.setTimeout(t))}}return k.Deferred(function(e){o[0][3].add(l(0,e,m(r)?r:M,e.notifyWith)),o[1][3].add(l(0,e,m(t)?t:M)),o[2][3].add(l(0,e,m(n)?n:I))}).promise()},promise:function(e){return null!=e?k.extend(e,a):a}},s={};return k.each(o,function(e,t){var n=t[2],r=t[5];a[t[1]]=n.add,r&&n.add(function(){i=r},o[3-e][2].disable,o[3-e][3].disable,o[0][2].lock,o[0][3].lock),n.add(t[3].fire),s[t[0]]=function(){return s[t[0]+"With"](this===s?void 0:this,arguments),this},s[t[0]+"With"]=n.fireWith}),a.promise(s),e&&e.call(s,s),s},when:function(e){var n=arguments.length,t=n,r=Array(t),i=s.call(arguments),o=k.Deferred(),a=function(t){return function(e){r[t]=this,i[t]=1<arguments.length?s.call(arguments):e,--n||o.resolveWith(r,i)}};if(n<=1&&(W(e,o.done(a(t)).resolve,o.reject,!n),"pending"===o.state()||m(i[t]&&i[t].then)))return o.then();while(t--)W(i[t],a(t),o.reject);return o.promise()}});var $=/^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/;k.Deferred.exceptionHook=function(e,t){C.console&&C.console.warn&&e&&$.test(e.name)&&C.console.warn("jQuery.Deferred exception: "+e.message,e.stack,t)},k.readyException=function(e){C.setTimeout(function(){throw e})};var F=k.Deferred();function B(){E.removeEventListener("DOMContentLoaded",B),C.removeEventListener("load",B),k.ready()}k.fn.ready=function(e){return F.then(e)["catch"](function(e){k.readyException(e)}),this},k.extend({isReady:!1,readyWait:1,ready:function(e){(!0===e?--k.readyWait:k.isReady)||(k.isReady=!0)!==e&&0<--k.readyWait||F.resolveWith(E,[k])}}),k.ready.then=F.then,"complete"===E.readyState||"loading"!==E.readyState&&!E.documentElement.doScroll?C.setTimeout(k.ready):(E.addEventListener("DOMContentLoaded",B),C.addEventListener("load",B));var _=function(e,t,n,r,i,o,a){var s=0,u=e.length,l=null==n;if("object"===w(n))for(s in i=!0,n)_(e,t,s,n[s],!0,o,a);else if(void 0!==r&&(i=!0,m(r)||(a=!0),l&&(a?(t.call(e,r),t=null):(l=t,t=function(e,t,n){return l.call(k(e),n)})),t))for(;s<u;s++)t(e[s],n,a?r:r.call(e[s],s,t(e[s],n)));return i?e:l?t.call(e):u?t(e[0],n):o},z=/^-ms-/,U=/-([a-z])/g;function X(e,t){return t.toUpperCase()}function V(e){return e.replace(z,"ms-").replace(U,X)}var G=function(e){return 1===e.nodeType||9===e.nodeType||!+e.nodeType};function Y(){this.expando=k.expando+Y.uid++}Y.uid=1,Y.prototype={cache:function(e){var t=e[this.expando];return t||(t={},G(e)&&(e.nodeType?e[this.expando]=t:Object.defineProperty(e,this.expando,{value:t,configurable:!0}))),t},set:function(e,t,n){var r,i=this.cache(e);if("string"==typeof t)i[V(t)]=n;else for(r in t)i[V(r)]=t[r];return i},get:function(e,t){return void 0===t?this.cache(e):e[this.expando]&&e[this.expando][V(t)]},access:function(e,t,n){return void 0===t||t&&"string"==typeof t&&void 0===n?this.get(e,t):(this.set(e,t,n),void 0!==n?n:t)},remove:function(e,t){var n,r=e[this.expando];if(void 0!==r){if(void 0!==t){n=(t=Array.isArray(t)?t.map(V):(t=V(t))in r?[t]:t.match(R)||[]).length;while(n--)delete r[t[n]]}(void 0===t||k.isEmptyObject(r))&&(e.nodeType?e[this.expando]=void 0:delete e[this.expando])}},hasData:function(e){var t=e[this.expando];return void 0!==t&&!k.isEmptyObject(t)}};var Q=new Y,J=new Y,K=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,Z=/[A-Z]/g;function ee(e,t,n){var r,i;if(void 0===n&&1===e.nodeType)if(r="data-"+t.replace(Z,"-$&").toLowerCase(),"string"==typeof(n=e.getAttribute(r))){try{n="true"===(i=n)||"false"!==i&&("null"===i?null:i===+i+""?+i:K.test(i)?JSON.parse(i):i)}catch(e){}J.set(e,t,n)}else n=void 0;return n}k.extend({hasData:function(e){return J.hasData(e)||Q.hasData(e)},data:function(e,t,n){return J.access(e,t,n)},removeData:function(e,t){J.remove(e,t)},_data:function(e,t,n){return Q.access(e,t,n)},_removeData:function(e,t){Q.remove(e,t)}}),k.fn.extend({data:function(n,e){var t,r,i,o=this[0],a=o&&o.attributes;if(void 0===n){if(this.length&&(i=J.get(o),1===o.nodeType&&!Q.get(o,"hasDataAttrs"))){t=a.length;while(t--)a[t]&&0===(r=a[t].name).indexOf("data-")&&(r=V(r.slice(5)),ee(o,r,i[r]));Q.set(o,"hasDataAttrs",!0)}return i}return"object"==typeof n?this.each(function(){J.set(this,n)}):_(this,function(e){var t;if(o&&void 0===e)return void 0!==(t=J.get(o,n))?t:void 0!==(t=ee(o,n))?t:void 0;this.each(function(){J.set(this,n,e)})},null,e,1<arguments.length,null,!0)},removeData:function(e){return this.each(function(){J.remove(this,e)})}}),k.extend({queue:function(e,t,n){var r;if(e)return t=(t||"fx")+"queue",r=Q.get(e,t),n&&(!r||Array.isArray(n)?r=Q.access(e,t,k.makeArray(n)):r.push(n)),r||[]},dequeue:function(e,t){t=t||"fx";var n=k.queue(e,t),r=n.length,i=n.shift(),o=k._queueHooks(e,t);"inprogress"===i&&(i=n.shift(),r--),i&&("fx"===t&&n.unshift("inprogress"),delete o.stop,i.call(e,function(){k.dequeue(e,t)},o)),!r&&o&&o.empty.fire()},_queueHooks:function(e,t){var n=t+"queueHooks";return Q.get(e,n)||Q.access(e,n,{empty:k.Callbacks("once memory").add(function(){Q.remove(e,[t+"queue",n])})})}}),k.fn.extend({queue:function(t,n){var e=2;return"string"!=typeof t&&(n=t,t="fx",e--),arguments.length<e?k.queue(this[0],t):void 0===n?this:this.each(function(){var e=k.queue(this,t,n);k._queueHooks(this,t),"fx"===t&&"inprogress"!==e[0]&&k.dequeue(this,t)})},dequeue:function(e){return this.each(function(){k.dequeue(this,e)})},clearQueue:function(e){return this.queue(e||"fx",[])},promise:function(e,t){var n,r=1,i=k.Deferred(),o=this,a=this.length,s=function(){--r||i.resolveWith(o,[o])};"string"!=typeof e&&(t=e,e=void 0),e=e||"fx";while(a--)(n=Q.get(o[a],e+"queueHooks"))&&n.empty&&(r++,n.empty.add(s));return s(),i.promise(t)}});var te=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,ne=new RegExp("^(?:([+-])=|)("+te+")([a-z%]*)$","i"),re=["Top","Right","Bottom","Left"],ie=E.documentElement,oe=function(e){return k.contains(e.ownerDocument,e)},ae={composed:!0};ie.getRootNode&&(oe=function(e){return k.contains(e.ownerDocument,e)||e.getRootNode(ae)===e.ownerDocument});var se=function(e,t){return"none"===(e=t||e).style.display||""===e.style.display&&oe(e)&&"none"===k.css(e,"display")},ue=function(e,t,n,r){var i,o,a={};for(o in t)a[o]=e.style[o],e.style[o]=t[o];for(o in i=n.apply(e,r||[]),t)e.style[o]=a[o];return i};function le(e,t,n,r){var i,o,a=20,s=r?function(){return r.cur()}:function(){return k.css(e,t,"")},u=s(),l=n&&n[3]||(k.cssNumber[t]?"":"px"),c=e.nodeType&&(k.cssNumber[t]||"px"!==l&&+u)&&ne.exec(k.css(e,t));if(c&&c[3]!==l){u/=2,l=l||c[3],c=+u||1;while(a--)k.style(e,t,c+l),(1-o)*(1-(o=s()/u||.5))<=0&&(a=0),c/=o;c*=2,k.style(e,t,c+l),n=n||[]}return n&&(c=+c||+u||0,i=n[1]?c+(n[1]+1)*n[2]:+n[2],r&&(r.unit=l,r.start=c,r.end=i)),i}var ce={};function fe(e,t){for(var n,r,i,o,a,s,u,l=[],c=0,f=e.length;c<f;c++)(r=e[c]).style&&(n=r.style.display,t?("none"===n&&(l[c]=Q.get(r,"display")||null,l[c]||(r.style.display="")),""===r.style.display&&se(r)&&(l[c]=(u=a=o=void 0,a=(i=r).ownerDocument,s=i.nodeName,(u=ce[s])||(o=a.body.appendChild(a.createElement(s)),u=k.css(o,"display"),o.parentNode.removeChild(o),"none"===u&&(u="block"),ce[s]=u)))):"none"!==n&&(l[c]="none",Q.set(r,"display",n)));for(c=0;c<f;c++)null!=l[c]&&(e[c].style.display=l[c]);return e}k.fn.extend({show:function(){return fe(this,!0)},hide:function(){return fe(this)},toggle:function(e){return"boolean"==typeof e?e?this.show():this.hide():this.each(function(){se(this)?k(this).show():k(this).hide()})}});var pe=/^(?:checkbox|radio)$/i,de=/<([a-z][^\/\0>\x20\t\r\n\f]*)/i,he=/^$|^module$|\/(?:java|ecma)script/i,ge={option:[1,"<select multiple='multiple'>","</select>"],thead:[1,"<table>","</table>"],col:[2,"<table><colgroup>","</colgroup></table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],_default:[0,"",""]};function ve(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&A(e,t)?k.merge([e],n):n}function ye(e,t){for(var n=0,r=e.length;n<r;n++)Q.set(e[n],"globalEval",!t||Q.get(t[n],"globalEval"))}ge.optgroup=ge.option,ge.tbody=ge.tfoot=ge.colgroup=ge.caption=ge.thead,ge.th=ge.td;var me,xe,be=/<|&#?\w+;/;function we(e,t,n,r,i){for(var o,a,s,u,l,c,f=t.createDocumentFragment(),p=[],d=0,h=e.length;d<h;d++)if((o=e[d])||0===o)if("object"===w(o))k.merge(p,o.nodeType?[o]:o);else if(be.test(o)){a=a||f.appendChild(t.createElement("div")),s=(de.exec(o)||["",""])[1].toLowerCase(),u=ge[s]||ge._default,a.innerHTML=u[1]+k.htmlPrefilter(o)+u[2],c=u[0];while(c--)a=a.lastChild;k.merge(p,a.childNodes),(a=f.firstChild).textContent=""}else p.push(t.createTextNode(o));f.textContent="",d=0;while(o=p[d++])if(r&&-1<k.inArray(o,r))i&&i.push(o);else if(l=oe(o),a=ve(f.appendChild(o),"script"),l&&ye(a),n){c=0;while(o=a[c++])he.test(o.type||"")&&n.push(o)}return f}me=E.createDocumentFragment().appendChild(E.createElement("div")),(xe=E.createElement("input")).setAttribute("type","radio"),xe.setAttribute("checked","checked"),xe.setAttribute("name","t"),me.appendChild(xe),y.checkClone=me.cloneNode(!0).cloneNode(!0).lastChild.checked,me.innerHTML="<textarea>x</textarea>",y.noCloneChecked=!!me.cloneNode(!0).lastChild.defaultValue;var Te=/^key/,Ce=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,Ee=/^([^.]*)(?:\.(.+)|)/;function ke(){return!0}function Se(){return!1}function Ne(e,t){return e===function(){try{return E.activeElement}catch(e){}}()==("focus"===t)}function Ae(e,t,n,r,i,o){var a,s;if("object"==typeof t){for(s in"string"!=typeof n&&(r=r||n,n=void 0),t)Ae(e,s,n,r,t[s],o);return e}if(null==r&&null==i?(i=n,r=n=void 0):null==i&&("string"==typeof n?(i=r,r=void 0):(i=r,r=n,n=void 0)),!1===i)i=Se;else if(!i)return e;return 1===o&&(a=i,(i=function(e){return k().off(e),a.apply(this,arguments)}).guid=a.guid||(a.guid=k.guid++)),e.each(function(){k.event.add(this,t,i,r,n)})}function De(e,i,o){o?(Q.set(e,i,!1),k.event.add(e,i,{namespace:!1,handler:function(e){var t,n,r=Q.get(this,i);if(1&e.isTrigger&&this[i]){if(r.length)(k.event.special[i]||{}).delegateType&&e.stopPropagation();else if(r=s.call(arguments),Q.set(this,i,r),t=o(this,i),this[i](),r!==(n=Q.get(this,i))||t?Q.set(this,i,!1):n={},r!==n)return e.stopImmediatePropagation(),e.preventDefault(),n.value}else r.length&&(Q.set(this,i,{value:k.event.trigger(k.extend(r[0],k.Event.prototype),r.slice(1),this)}),e.stopImmediatePropagation())}})):void 0===Q.get(e,i)&&k.event.add(e,i,ke)}k.event={global:{},add:function(t,e,n,r,i){var o,a,s,u,l,c,f,p,d,h,g,v=Q.get(t);if(v){n.handler&&(n=(o=n).handler,i=o.selector),i&&k.find.matchesSelector(ie,i),n.guid||(n.guid=k.guid++),(u=v.events)||(u=v.events={}),(a=v.handle)||(a=v.handle=function(e){return"undefined"!=typeof k&&k.event.triggered!==e.type?k.event.dispatch.apply(t,arguments):void 0}),l=(e=(e||"").match(R)||[""]).length;while(l--)d=g=(s=Ee.exec(e[l])||[])[1],h=(s[2]||"").split(".").sort(),d&&(f=k.event.special[d]||{},d=(i?f.delegateType:f.bindType)||d,f=k.event.special[d]||{},c=k.extend({type:d,origType:g,data:r,handler:n,guid:n.guid,selector:i,needsContext:i&&k.expr.match.needsContext.test(i),namespace:h.join(".")},o),(p=u[d])||((p=u[d]=[]).delegateCount=0,f.setup&&!1!==f.setup.call(t,r,h,a)||t.addEventListener&&t.addEventListener(d,a)),f.add&&(f.add.call(t,c),c.handler.guid||(c.handler.guid=n.guid)),i?p.splice(p.delegateCount++,0,c):p.push(c),k.event.global[d]=!0)}},remove:function(e,t,n,r,i){var o,a,s,u,l,c,f,p,d,h,g,v=Q.hasData(e)&&Q.get(e);if(v&&(u=v.events)){l=(t=(t||"").match(R)||[""]).length;while(l--)if(d=g=(s=Ee.exec(t[l])||[])[1],h=(s[2]||"").split(".").sort(),d){f=k.event.special[d]||{},p=u[d=(r?f.delegateType:f.bindType)||d]||[],s=s[2]&&new RegExp("(^|\\.)"+h.join("\\.(?:.*\\.|)")+"(\\.|$)"),a=o=p.length;while(o--)c=p[o],!i&&g!==c.origType||n&&n.guid!==c.guid||s&&!s.test(c.namespace)||r&&r!==c.selector&&("**"!==r||!c.selector)||(p.splice(o,1),c.selector&&p.delegateCount--,f.remove&&f.remove.call(e,c));a&&!p.length&&(f.teardown&&!1!==f.teardown.call(e,h,v.handle)||k.removeEvent(e,d,v.handle),delete u[d])}else for(d in u)k.event.remove(e,d+t[l],n,r,!0);k.isEmptyObject(u)&&Q.remove(e,"handle events")}},dispatch:function(e){var t,n,r,i,o,a,s=k.event.fix(e),u=new Array(arguments.length),l=(Q.get(this,"events")||{})[s.type]||[],c=k.event.special[s.type]||{};for(u[0]=s,t=1;t<arguments.length;t++)u[t]=arguments[t];if(s.delegateTarget=this,!c.preDispatch||!1!==c.preDispatch.call(this,s)){a=k.event.handlers.call(this,s,l),t=0;while((i=a[t++])&&!s.isPropagationStopped()){s.currentTarget=i.elem,n=0;while((o=i.handlers[n++])&&!s.isImmediatePropagationStopped())s.rnamespace&&!1!==o.namespace&&!s.rnamespace.test(o.namespace)||(s.handleObj=o,s.data=o.data,void 0!==(r=((k.event.special[o.origType]||{}).handle||o.handler).apply(i.elem,u))&&!1===(s.result=r)&&(s.preventDefault(),s.stopPropagation()))}return c.postDispatch&&c.postDispatch.call(this,s),s.result}},handlers:function(e,t){var n,r,i,o,a,s=[],u=t.delegateCount,l=e.target;if(u&&l.nodeType&&!("click"===e.type&&1<=e.button))for(;l!==this;l=l.parentNode||this)if(1===l.nodeType&&("click"!==e.type||!0!==l.disabled)){for(o=[],a={},n=0;n<u;n++)void 0===a[i=(r=t[n]).selector+" "]&&(a[i]=r.needsContext?-1<k(i,this).index(l):k.find(i,this,null,[l]).length),a[i]&&o.push(r);o.length&&s.push({elem:l,handlers:o})}return l=this,u<t.length&&s.push({elem:l,handlers:t.slice(u)}),s},addProp:function(t,e){Object.defineProperty(k.Event.prototype,t,{enumerable:!0,configurable:!0,get:m(e)?function(){if(this.originalEvent)return e(this.originalEvent)}:function(){if(this.originalEvent)return this.originalEvent[t]},set:function(e){Object.defineProperty(this,t,{enumerable:!0,configurable:!0,writable:!0,value:e})}})},fix:function(e){return e[k.expando]?e:new k.Event(e)},special:{load:{noBubble:!0},click:{setup:function(e){var t=this||e;return pe.test(t.type)&&t.click&&A(t,"input")&&De(t,"click",ke),!1},trigger:function(e){var t=this||e;return pe.test(t.type)&&t.click&&A(t,"input")&&De(t,"click"),!0},_default:function(e){var t=e.target;return pe.test(t.type)&&t.click&&A(t,"input")&&Q.get(t,"click")||A(t,"a")}},beforeunload:{postDispatch:function(e){void 0!==e.result&&e.originalEvent&&(e.originalEvent.returnValue=e.result)}}}},k.removeEvent=function(e,t,n){e.removeEventListener&&e.removeEventListener(t,n)},k.Event=function(e,t){if(!(this instanceof k.Event))return new k.Event(e,t);e&&e.type?(this.originalEvent=e,this.type=e.type,this.isDefaultPrevented=e.defaultPrevented||void 0===e.defaultPrevented&&!1===e.returnValue?ke:Se,this.target=e.target&&3===e.target.nodeType?e.target.parentNode:e.target,this.currentTarget=e.currentTarget,this.relatedTarget=e.relatedTarget):this.type=e,t&&k.extend(this,t),this.timeStamp=e&&e.timeStamp||Date.now(),this[k.expando]=!0},k.Event.prototype={constructor:k.Event,isDefaultPrevented:Se,isPropagationStopped:Se,isImmediatePropagationStopped:Se,isSimulated:!1,preventDefault:function(){var e=this.originalEvent;this.isDefaultPrevented=ke,e&&!this.isSimulated&&e.preventDefault()},stopPropagation:function(){var e=this.originalEvent;this.isPropagationStopped=ke,e&&!this.isSimulated&&e.stopPropagation()},stopImmediatePropagation:function(){var e=this.originalEvent;this.isImmediatePropagationStopped=ke,e&&!this.isSimulated&&e.stopImmediatePropagation(),this.stopPropagation()}},k.each({altKey:!0,bubbles:!0,cancelable:!0,changedTouches:!0,ctrlKey:!0,detail:!0,eventPhase:!0,metaKey:!0,pageX:!0,pageY:!0,shiftKey:!0,view:!0,"char":!0,code:!0,charCode:!0,key:!0,keyCode:!0,button:!0,buttons:!0,clientX:!0,clientY:!0,offsetX:!0,offsetY:!0,pointerId:!0,pointerType:!0,screenX:!0,screenY:!0,targetTouches:!0,toElement:!0,touches:!0,which:function(e){var t=e.button;return null==e.which&&Te.test(e.type)?null!=e.charCode?e.charCode:e.keyCode:!e.which&&void 0!==t&&Ce.test(e.type)?1&t?1:2&t?3:4&t?2:0:e.which}},k.event.addProp),k.each({focus:"focusin",blur:"focusout"},function(e,t){k.event.special[e]={setup:function(){return De(this,e,Ne),!1},trigger:function(){return De(this,e),!0},delegateType:t}}),k.each({mouseenter:"mouseover",mouseleave:"mouseout",pointerenter:"pointerover",pointerleave:"pointerout"},function(e,i){k.event.special[e]={delegateType:i,bindType:i,handle:function(e){var t,n=e.relatedTarget,r=e.handleObj;return n&&(n===this||k.contains(this,n))||(e.type=r.origType,t=r.handler.apply(this,arguments),e.type=i),t}}}),k.fn.extend({on:function(e,t,n,r){return Ae(this,e,t,n,r)},one:function(e,t,n,r){return Ae(this,e,t,n,r,1)},off:function(e,t,n){var r,i;if(e&&e.preventDefault&&e.handleObj)return r=e.handleObj,k(e.delegateTarget).off(r.namespace?r.origType+"."+r.namespace:r.origType,r.selector,r.handler),this;if("object"==typeof e){for(i in e)this.off(i,t,e[i]);return this}return!1!==t&&"function"!=typeof t||(n=t,t=void 0),!1===n&&(n=Se),this.each(function(){k.event.remove(this,e,n,t)})}});var je=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([a-z][^\/\0>\x20\t\r\n\f]*)[^>]*)\/>/gi,qe=/<script|<style|<link/i,Le=/checked\s*(?:[^=]|=\s*.checked.)/i,He=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g;function Oe(e,t){return A(e,"table")&&A(11!==t.nodeType?t:t.firstChild,"tr")&&k(e).children("tbody")[0]||e}function Pe(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function Re(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Me(e,t){var n,r,i,o,a,s,u,l;if(1===t.nodeType){if(Q.hasData(e)&&(o=Q.access(e),a=Q.set(t,o),l=o.events))for(i in delete a.handle,a.events={},l)for(n=0,r=l[i].length;n<r;n++)k.event.add(t,i,l[i][n]);J.hasData(e)&&(s=J.access(e),u=k.extend({},s),J.set(t,u))}}function Ie(n,r,i,o){r=g.apply([],r);var e,t,a,s,u,l,c=0,f=n.length,p=f-1,d=r[0],h=m(d);if(h||1<f&&"string"==typeof d&&!y.checkClone&&Le.test(d))return n.each(function(e){var t=n.eq(e);h&&(r[0]=d.call(this,e,t.html())),Ie(t,r,i,o)});if(f&&(t=(e=we(r,n[0].ownerDocument,!1,n,o)).firstChild,1===e.childNodes.length&&(e=t),t||o)){for(s=(a=k.map(ve(e,"script"),Pe)).length;c<f;c++)u=e,c!==p&&(u=k.clone(u,!0,!0),s&&k.merge(a,ve(u,"script"))),i.call(n[c],u,c);if(s)for(l=a[a.length-1].ownerDocument,k.map(a,Re),c=0;c<s;c++)u=a[c],he.test(u.type||"")&&!Q.access(u,"globalEval")&&k.contains(l,u)&&(u.src&&"module"!==(u.type||"").toLowerCase()?k._evalUrl&&!u.noModule&&k._evalUrl(u.src,{nonce:u.nonce||u.getAttribute("nonce")}):b(u.textContent.replace(He,""),u,l))}return n}function We(e,t,n){for(var r,i=t?k.filter(t,e):e,o=0;null!=(r=i[o]);o++)n||1!==r.nodeType||k.cleanData(ve(r)),r.parentNode&&(n&&oe(r)&&ye(ve(r,"script")),r.parentNode.removeChild(r));return e}k.extend({htmlPrefilter:function(e){return e.replace(je,"<$1></$2>")},clone:function(e,t,n){var r,i,o,a,s,u,l,c=e.cloneNode(!0),f=oe(e);if(!(y.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||k.isXMLDoc(e)))for(a=ve(c),r=0,i=(o=ve(e)).length;r<i;r++)s=o[r],u=a[r],void 0,"input"===(l=u.nodeName.toLowerCase())&&pe.test(s.type)?u.checked=s.checked:"input"!==l&&"textarea"!==l||(u.defaultValue=s.defaultValue);if(t)if(n)for(o=o||ve(e),a=a||ve(c),r=0,i=o.length;r<i;r++)Me(o[r],a[r]);else Me(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=k.event.special,o=0;void 0!==(n=e[o]);o++)if(G(n)){if(t=n[Q.expando]){if(t.events)for(r in t.events)i[r]?k.event.remove(n,r):k.removeEvent(n,r,t.handle);n[Q.expando]=void 0}n[J.expando]&&(n[J.expando]=void 0)}}}),k.fn.extend({detach:function(e){return We(this,e,!0)},remove:function(e){return We(this,e)},text:function(e){return _(this,function(e){return void 0===e?k.text(this):this.empty().each(function(){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||(this.textContent=e)})},null,e,arguments.length)},append:function(){return Ie(this,arguments,function(e){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||Oe(this,e).appendChild(e)})},prepend:function(){return Ie(this,arguments,function(e){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var t=Oe(this,e);t.insertBefore(e,t.firstChild)}})},before:function(){return Ie(this,arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this)})},after:function(){return Ie(this,arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this.nextSibling)})},empty:function(){for(var e,t=0;null!=(e=this[t]);t++)1===e.nodeType&&(k.cleanData(ve(e,!1)),e.textContent="");return this},clone:function(e,t){return e=null!=e&&e,t=null==t?e:t,this.map(function(){return k.clone(this,e,t)})},html:function(e){return _(this,function(e){var t=this[0]||{},n=0,r=this.length;if(void 0===e&&1===t.nodeType)return t.innerHTML;if("string"==typeof e&&!qe.test(e)&&!ge[(de.exec(e)||["",""])[1].toLowerCase()]){e=k.htmlPrefilter(e);try{for(;n<r;n++)1===(t=this[n]||{}).nodeType&&(k.cleanData(ve(t,!1)),t.innerHTML=e);t=0}catch(e){}}t&&this.empty().append(e)},null,e,arguments.length)},replaceWith:function(){var n=[];return Ie(this,arguments,function(e){var t=this.parentNode;k.inArray(this,n)<0&&(k.cleanData(ve(this)),t&&t.replaceChild(e,this))},n)}}),k.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,a){k.fn[e]=function(e){for(var t,n=[],r=k(e),i=r.length-1,o=0;o<=i;o++)t=o===i?this:this.clone(!0),k(r[o])[a](t),u.apply(n,t.get());return this.pushStack(n)}});var $e=new RegExp("^("+te+")(?!px)[a-z%]+$","i"),Fe=function(e){var t=e.ownerDocument.defaultView;return t&&t.opener||(t=C),t.getComputedStyle(e)},Be=new RegExp(re.join("|"),"i");function _e(e,t,n){var r,i,o,a,s=e.style;return(n=n||Fe(e))&&(""!==(a=n.getPropertyValue(t)||n[t])||oe(e)||(a=k.style(e,t)),!y.pixelBoxStyles()&&$e.test(a)&&Be.test(t)&&(r=s.width,i=s.minWidth,o=s.maxWidth,s.minWidth=s.maxWidth=s.width=a,a=n.width,s.width=r,s.minWidth=i,s.maxWidth=o)),void 0!==a?a+"":a}function ze(e,t){return{get:function(){if(!e())return(this.get=t).apply(this,arguments);delete this.get}}}!function(){function e(){if(u){s.style.cssText="position:absolute;left:-11111px;width:60px;margin-top:1px;padding:0;border:0",u.style.cssText="position:relative;display:block;box-sizing:border-box;overflow:scroll;margin:auto;border:1px;padding:1px;width:60%;top:1%",ie.appendChild(s).appendChild(u);var e=C.getComputedStyle(u);n="1%"!==e.top,a=12===t(e.marginLeft),u.style.right="60%",o=36===t(e.right),r=36===t(e.width),u.style.position="absolute",i=12===t(u.offsetWidth/3),ie.removeChild(s),u=null}}function t(e){return Math.round(parseFloat(e))}var n,r,i,o,a,s=E.createElement("div"),u=E.createElement("div");u.style&&(u.style.backgroundClip="content-box",u.cloneNode(!0).style.backgroundClip="",y.clearCloneStyle="content-box"===u.style.backgroundClip,k.extend(y,{boxSizingReliable:function(){return e(),r},pixelBoxStyles:function(){return e(),o},pixelPosition:function(){return e(),n},reliableMarginLeft:function(){return e(),a},scrollboxSize:function(){return e(),i}}))}();var Ue=["Webkit","Moz","ms"],Xe=E.createElement("div").style,Ve={};function Ge(e){var t=k.cssProps[e]||Ve[e];return t||(e in Xe?e:Ve[e]=function(e){var t=e[0].toUpperCase()+e.slice(1),n=Ue.length;while(n--)if((e=Ue[n]+t)in Xe)return e}(e)||e)}var Ye=/^(none|table(?!-c[ea]).+)/,Qe=/^--/,Je={position:"absolute",visibility:"hidden",display:"block"},Ke={letterSpacing:"0",fontWeight:"400"};function Ze(e,t,n){var r=ne.exec(t);return r?Math.max(0,r[2]-(n||0))+(r[3]||"px"):t}function et(e,t,n,r,i,o){var a="width"===t?1:0,s=0,u=0;if(n===(r?"border":"content"))return 0;for(;a<4;a+=2)"margin"===n&&(u+=k.css(e,n+re[a],!0,i)),r?("content"===n&&(u-=k.css(e,"padding"+re[a],!0,i)),"margin"!==n&&(u-=k.css(e,"border"+re[a]+"Width",!0,i))):(u+=k.css(e,"padding"+re[a],!0,i),"padding"!==n?u+=k.css(e,"border"+re[a]+"Width",!0,i):s+=k.css(e,"border"+re[a]+"Width",!0,i));return!r&&0<=o&&(u+=Math.max(0,Math.ceil(e["offset"+t[0].toUpperCase()+t.slice(1)]-o-u-s-.5))||0),u}function tt(e,t,n){var r=Fe(e),i=(!y.boxSizingReliable()||n)&&"border-box"===k.css(e,"boxSizing",!1,r),o=i,a=_e(e,t,r),s="offset"+t[0].toUpperCase()+t.slice(1);if($e.test(a)){if(!n)return a;a="auto"}return(!y.boxSizingReliable()&&i||"auto"===a||!parseFloat(a)&&"inline"===k.css(e,"display",!1,r))&&e.getClientRects().length&&(i="border-box"===k.css(e,"boxSizing",!1,r),(o=s in e)&&(a=e[s])),(a=parseFloat(a)||0)+et(e,t,n||(i?"border":"content"),o,r,a)+"px"}function nt(e,t,n,r,i){return new nt.prototype.init(e,t,n,r,i)}k.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=_e(e,"opacity");return""===n?"1":n}}}},cssNumber:{animationIterationCount:!0,columnCount:!0,fillOpacity:!0,flexGrow:!0,flexShrink:!0,fontWeight:!0,gridArea:!0,gridColumn:!0,gridColumnEnd:!0,gridColumnStart:!0,gridRow:!0,gridRowEnd:!0,gridRowStart:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{},style:function(e,t,n,r){if(e&&3!==e.nodeType&&8!==e.nodeType&&e.style){var i,o,a,s=V(t),u=Qe.test(t),l=e.style;if(u||(t=Ge(s)),a=k.cssHooks[t]||k.cssHooks[s],void 0===n)return a&&"get"in a&&void 0!==(i=a.get(e,!1,r))?i:l[t];"string"===(o=typeof n)&&(i=ne.exec(n))&&i[1]&&(n=le(e,t,i),o="number"),null!=n&&n==n&&("number"!==o||u||(n+=i&&i[3]||(k.cssNumber[s]?"":"px")),y.clearCloneStyle||""!==n||0!==t.indexOf("background")||(l[t]="inherit"),a&&"set"in a&&void 0===(n=a.set(e,n,r))||(u?l.setProperty(t,n):l[t]=n))}},css:function(e,t,n,r){var i,o,a,s=V(t);return Qe.test(t)||(t=Ge(s)),(a=k.cssHooks[t]||k.cssHooks[s])&&"get"in a&&(i=a.get(e,!0,n)),void 0===i&&(i=_e(e,t,r)),"normal"===i&&t in Ke&&(i=Ke[t]),""===n||n?(o=parseFloat(i),!0===n||isFinite(o)?o||0:i):i}}),k.each(["height","width"],function(e,u){k.cssHooks[u]={get:function(e,t,n){if(t)return!Ye.test(k.css(e,"display"))||e.getClientRects().length&&e.getBoundingClientRect().width?tt(e,u,n):ue(e,Je,function(){return tt(e,u,n)})},set:function(e,t,n){var r,i=Fe(e),o=!y.scrollboxSize()&&"absolute"===i.position,a=(o||n)&&"border-box"===k.css(e,"boxSizing",!1,i),s=n?et(e,u,n,a,i):0;return a&&o&&(s-=Math.ceil(e["offset"+u[0].toUpperCase()+u.slice(1)]-parseFloat(i[u])-et(e,u,"border",!1,i)-.5)),s&&(r=ne.exec(t))&&"px"!==(r[3]||"px")&&(e.style[u]=t,t=k.css(e,u)),Ze(0,t,s)}}}),k.cssHooks.marginLeft=ze(y.reliableMarginLeft,function(e,t){if(t)return(parseFloat(_e(e,"marginLeft"))||e.getBoundingClientRect().left-ue(e,{marginLeft:0},function(){return e.getBoundingClientRect().left}))+"px"}),k.each({margin:"",padding:"",border:"Width"},function(i,o){k.cssHooks[i+o]={expand:function(e){for(var t=0,n={},r="string"==typeof e?e.split(" "):[e];t<4;t++)n[i+re[t]+o]=r[t]||r[t-2]||r[0];return n}},"margin"!==i&&(k.cssHooks[i+o].set=Ze)}),k.fn.extend({css:function(e,t){return _(this,function(e,t,n){var r,i,o={},a=0;if(Array.isArray(t)){for(r=Fe(e),i=t.length;a<i;a++)o[t[a]]=k.css(e,t[a],!1,r);return o}return void 0!==n?k.style(e,t,n):k.css(e,t)},e,t,1<arguments.length)}}),((k.Tween=nt).prototype={constructor:nt,init:function(e,t,n,r,i,o){this.elem=e,this.prop=n,this.easing=i||k.easing._default,this.options=t,this.start=this.now=this.cur(),this.end=r,this.unit=o||(k.cssNumber[n]?"":"px")},cur:function(){var e=nt.propHooks[this.prop];return e&&e.get?e.get(this):nt.propHooks._default.get(this)},run:function(e){var t,n=nt.propHooks[this.prop];return this.options.duration?this.pos=t=k.easing[this.easing](e,this.options.duration*e,0,1,this.options.duration):this.pos=t=e,this.now=(this.end-this.start)*t+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),n&&n.set?n.set(this):nt.propHooks._default.set(this),this}}).init.prototype=nt.prototype,(nt.propHooks={_default:{get:function(e){var t;return 1!==e.elem.nodeType||null!=e.elem[e.prop]&&null==e.elem.style[e.prop]?e.elem[e.prop]:(t=k.css(e.elem,e.prop,""))&&"auto"!==t?t:0},set:function(e){k.fx.step[e.prop]?k.fx.step[e.prop](e):1!==e.elem.nodeType||!k.cssHooks[e.prop]&&null==e.elem.style[Ge(e.prop)]?e.elem[e.prop]=e.now:k.style(e.elem,e.prop,e.now+e.unit)}}}).scrollTop=nt.propHooks.scrollLeft={set:function(e){e.elem.nodeType&&e.elem.parentNode&&(e.elem[e.prop]=e.now)}},k.easing={linear:function(e){return e},swing:function(e){return.5-Math.cos(e*Math.PI)/2},_default:"swing"},k.fx=nt.prototype.init,k.fx.step={};var rt,it,ot,at,st=/^(?:toggle|show|hide)$/,ut=/queueHooks$/;function lt(){it&&(!1===E.hidden&&C.requestAnimationFrame?C.requestAnimationFrame(lt):C.setTimeout(lt,k.fx.interval),k.fx.tick())}function ct(){return C.setTimeout(function(){rt=void 0}),rt=Date.now()}function ft(e,t){var n,r=0,i={height:e};for(t=t?1:0;r<4;r+=2-t)i["margin"+(n=re[r])]=i["padding"+n]=e;return t&&(i.opacity=i.width=e),i}function pt(e,t,n){for(var r,i=(dt.tweeners[t]||[]).concat(dt.tweeners["*"]),o=0,a=i.length;o<a;o++)if(r=i[o].call(n,t,e))return r}function dt(o,e,t){var n,a,r=0,i=dt.prefilters.length,s=k.Deferred().always(function(){delete u.elem}),u=function(){if(a)return!1;for(var e=rt||ct(),t=Math.max(0,l.startTime+l.duration-e),n=1-(t/l.duration||0),r=0,i=l.tweens.length;r<i;r++)l.tweens[r].run(n);return s.notifyWith(o,[l,n,t]),n<1&&i?t:(i||s.notifyWith(o,[l,1,0]),s.resolveWith(o,[l]),!1)},l=s.promise({elem:o,props:k.extend({},e),opts:k.extend(!0,{specialEasing:{},easing:k.easing._default},t),originalProperties:e,originalOptions:t,startTime:rt||ct(),duration:t.duration,tweens:[],createTween:function(e,t){var n=k.Tween(o,l.opts,e,t,l.opts.specialEasing[e]||l.opts.easing);return l.tweens.push(n),n},stop:function(e){var t=0,n=e?l.tweens.length:0;if(a)return this;for(a=!0;t<n;t++)l.tweens[t].run(1);return e?(s.notifyWith(o,[l,1,0]),s.resolveWith(o,[l,e])):s.rejectWith(o,[l,e]),this}}),c=l.props;for(!function(e,t){var n,r,i,o,a;for(n in e)if(i=t[r=V(n)],o=e[n],Array.isArray(o)&&(i=o[1],o=e[n]=o[0]),n!==r&&(e[r]=o,delete e[n]),(a=k.cssHooks[r])&&"expand"in a)for(n in o=a.expand(o),delete e[r],o)n in e||(e[n]=o[n],t[n]=i);else t[r]=i}(c,l.opts.specialEasing);r<i;r++)if(n=dt.prefilters[r].call(l,o,c,l.opts))return m(n.stop)&&(k._queueHooks(l.elem,l.opts.queue).stop=n.stop.bind(n)),n;return k.map(c,pt,l),m(l.opts.start)&&l.opts.start.call(o,l),l.progress(l.opts.progress).done(l.opts.done,l.opts.complete).fail(l.opts.fail).always(l.opts.always),k.fx.timer(k.extend(u,{elem:o,anim:l,queue:l.opts.queue})),l}k.Animation=k.extend(dt,{tweeners:{"*":[function(e,t){var n=this.createTween(e,t);return le(n.elem,e,ne.exec(t),n),n}]},tweener:function(e,t){m(e)?(t=e,e=["*"]):e=e.match(R);for(var n,r=0,i=e.length;r<i;r++)n=e[r],dt.tweeners[n]=dt.tweeners[n]||[],dt.tweeners[n].unshift(t)},prefilters:[function(e,t,n){var r,i,o,a,s,u,l,c,f="width"in t||"height"in t,p=this,d={},h=e.style,g=e.nodeType&&se(e),v=Q.get(e,"fxshow");for(r in n.queue||(null==(a=k._queueHooks(e,"fx")).unqueued&&(a.unqueued=0,s=a.empty.fire,a.empty.fire=function(){a.unqueued||s()}),a.unqueued++,p.always(function(){p.always(function(){a.unqueued--,k.queue(e,"fx").length||a.empty.fire()})})),t)if(i=t[r],st.test(i)){if(delete t[r],o=o||"toggle"===i,i===(g?"hide":"show")){if("show"!==i||!v||void 0===v[r])continue;g=!0}d[r]=v&&v[r]||k.style(e,r)}if((u=!k.isEmptyObject(t))||!k.isEmptyObject(d))for(r in f&&1===e.nodeType&&(n.overflow=[h.overflow,h.overflowX,h.overflowY],null==(l=v&&v.display)&&(l=Q.get(e,"display")),"none"===(c=k.css(e,"display"))&&(l?c=l:(fe([e],!0),l=e.style.display||l,c=k.css(e,"display"),fe([e]))),("inline"===c||"inline-block"===c&&null!=l)&&"none"===k.css(e,"float")&&(u||(p.done(function(){h.display=l}),null==l&&(c=h.display,l="none"===c?"":c)),h.display="inline-block")),n.overflow&&(h.overflow="hidden",p.always(function(){h.overflow=n.overflow[0],h.overflowX=n.overflow[1],h.overflowY=n.overflow[2]})),u=!1,d)u||(v?"hidden"in v&&(g=v.hidden):v=Q.access(e,"fxshow",{display:l}),o&&(v.hidden=!g),g&&fe([e],!0),p.done(function(){for(r in g||fe([e]),Q.remove(e,"fxshow"),d)k.style(e,r,d[r])})),u=pt(g?v[r]:0,r,p),r in v||(v[r]=u.start,g&&(u.end=u.start,u.start=0))}],prefilter:function(e,t){t?dt.prefilters.unshift(e):dt.prefilters.push(e)}}),k.speed=function(e,t,n){var r=e&&"object"==typeof e?k.extend({},e):{complete:n||!n&&t||m(e)&&e,duration:e,easing:n&&t||t&&!m(t)&&t};return k.fx.off?r.duration=0:"number"!=typeof r.duration&&(r.duration in k.fx.speeds?r.duration=k.fx.speeds[r.duration]:r.duration=k.fx.speeds._default),null!=r.queue&&!0!==r.queue||(r.queue="fx"),r.old=r.complete,r.complete=function(){m(r.old)&&r.old.call(this),r.queue&&k.dequeue(this,r.queue)},r},k.fn.extend({fadeTo:function(e,t,n,r){return this.filter(se).css("opacity",0).show().end().animate({opacity:t},e,n,r)},animate:function(t,e,n,r){var i=k.isEmptyObject(t),o=k.speed(e,n,r),a=function(){var e=dt(this,k.extend({},t),o);(i||Q.get(this,"finish"))&&e.stop(!0)};return a.finish=a,i||!1===o.queue?this.each(a):this.queue(o.queue,a)},stop:function(i,e,o){var a=function(e){var t=e.stop;delete e.stop,t(o)};return"string"!=typeof i&&(o=e,e=i,i=void 0),e&&!1!==i&&this.queue(i||"fx",[]),this.each(function(){var e=!0,t=null!=i&&i+"queueHooks",n=k.timers,r=Q.get(this);if(t)r[t]&&r[t].stop&&a(r[t]);else for(t in r)r[t]&&r[t].stop&&ut.test(t)&&a(r[t]);for(t=n.length;t--;)n[t].elem!==this||null!=i&&n[t].queue!==i||(n[t].anim.stop(o),e=!1,n.splice(t,1));!e&&o||k.dequeue(this,i)})},finish:function(a){return!1!==a&&(a=a||"fx"),this.each(function(){var e,t=Q.get(this),n=t[a+"queue"],r=t[a+"queueHooks"],i=k.timers,o=n?n.length:0;for(t.finish=!0,k.queue(this,a,[]),r&&r.stop&&r.stop.call(this,!0),e=i.length;e--;)i[e].elem===this&&i[e].queue===a&&(i[e].anim.stop(!0),i.splice(e,1));for(e=0;e<o;e++)n[e]&&n[e].finish&&n[e].finish.call(this);delete t.finish})}}),k.each(["toggle","show","hide"],function(e,r){var i=k.fn[r];k.fn[r]=function(e,t,n){return null==e||"boolean"==typeof e?i.apply(this,arguments):this.animate(ft(r,!0),e,t,n)}}),k.each({slideDown:ft("show"),slideUp:ft("hide"),slideToggle:ft("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(e,r){k.fn[e]=function(e,t,n){return this.animate(r,e,t,n)}}),k.timers=[],k.fx.tick=function(){var e,t=0,n=k.timers;for(rt=Date.now();t<n.length;t++)(e=n[t])()||n[t]!==e||n.splice(t--,1);n.length||k.fx.stop(),rt=void 0},k.fx.timer=function(e){k.timers.push(e),k.fx.start()},k.fx.interval=13,k.fx.start=function(){it||(it=!0,lt())},k.fx.stop=function(){it=null},k.fx.speeds={slow:600,fast:200,_default:400},k.fn.delay=function(r,e){return r=k.fx&&k.fx.speeds[r]||r,e=e||"fx",this.queue(e,function(e,t){var n=C.setTimeout(e,r);t.stop=function(){C.clearTimeout(n)}})},ot=E.createElement("input"),at=E.createElement("select").appendChild(E.createElement("option")),ot.type="checkbox",y.checkOn=""!==ot.value,y.optSelected=at.selected,(ot=E.createElement("input")).value="t",ot.type="radio",y.radioValue="t"===ot.value;var ht,gt=k.expr.attrHandle;k.fn.extend({attr:function(e,t){return _(this,k.attr,e,t,1<arguments.length)},removeAttr:function(e){return this.each(function(){k.removeAttr(this,e)})}}),k.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?k.prop(e,t,n):(1===o&&k.isXMLDoc(e)||(i=k.attrHooks[t.toLowerCase()]||(k.expr.match.bool.test(t)?ht:void 0)),void 0!==n?null===n?void k.removeAttr(e,t):i&&"set"in i&&void 0!==(r=i.set(e,n,t))?r:(e.setAttribute(t,n+""),n):i&&"get"in i&&null!==(r=i.get(e,t))?r:null==(r=k.find.attr(e,t))?void 0:r)},attrHooks:{type:{set:function(e,t){if(!y.radioValue&&"radio"===t&&A(e,"input")){var n=e.value;return e.setAttribute("type",t),n&&(e.value=n),t}}}},removeAttr:function(e,t){var n,r=0,i=t&&t.match(R);if(i&&1===e.nodeType)while(n=i[r++])e.removeAttribute(n)}}),ht={set:function(e,t,n){return!1===t?k.removeAttr(e,n):e.setAttribute(n,n),n}},k.each(k.expr.match.bool.source.match(/\w+/g),function(e,t){var a=gt[t]||k.find.attr;gt[t]=function(e,t,n){var r,i,o=t.toLowerCase();return n||(i=gt[o],gt[o]=r,r=null!=a(e,t,n)?o:null,gt[o]=i),r}});var vt=/^(?:input|select|textarea|button)$/i,yt=/^(?:a|area)$/i;function mt(e){return(e.match(R)||[]).join(" ")}function xt(e){return e.getAttribute&&e.getAttribute("class")||""}function bt(e){return Array.isArray(e)?e:"string"==typeof e&&e.match(R)||[]}k.fn.extend({prop:function(e,t){return _(this,k.prop,e,t,1<arguments.length)},removeProp:function(e){return this.each(function(){delete this[k.propFix[e]||e]})}}),k.extend({prop:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return 1===o&&k.isXMLDoc(e)||(t=k.propFix[t]||t,i=k.propHooks[t]),void 0!==n?i&&"set"in i&&void 0!==(r=i.set(e,n,t))?r:e[t]=n:i&&"get"in i&&null!==(r=i.get(e,t))?r:e[t]},propHooks:{tabIndex:{get:function(e){var t=k.find.attr(e,"tabindex");return t?parseInt(t,10):vt.test(e.nodeName)||yt.test(e.nodeName)&&e.href?0:-1}}},propFix:{"for":"htmlFor","class":"className"}}),y.optSelected||(k.propHooks.selected={get:function(e){var t=e.parentNode;return t&&t.parentNode&&t.parentNode.selectedIndex,null},set:function(e){var t=e.parentNode;t&&(t.selectedIndex,t.parentNode&&t.parentNode.selectedIndex)}}),k.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){k.propFix[this.toLowerCase()]=this}),k.fn.extend({addClass:function(t){var e,n,r,i,o,a,s,u=0;if(m(t))return this.each(function(e){k(this).addClass(t.call(this,e,xt(this)))});if((e=bt(t)).length)while(n=this[u++])if(i=xt(n),r=1===n.nodeType&&" "+mt(i)+" "){a=0;while(o=e[a++])r.indexOf(" "+o+" ")<0&&(r+=o+" ");i!==(s=mt(r))&&n.setAttribute("class",s)}return this},removeClass:function(t){var e,n,r,i,o,a,s,u=0;if(m(t))return this.each(function(e){k(this).removeClass(t.call(this,e,xt(this)))});if(!arguments.length)return this.attr("class","");if((e=bt(t)).length)while(n=this[u++])if(i=xt(n),r=1===n.nodeType&&" "+mt(i)+" "){a=0;while(o=e[a++])while(-1<r.indexOf(" "+o+" "))r=r.replace(" "+o+" "," ");i!==(s=mt(r))&&n.setAttribute("class",s)}return this},toggleClass:function(i,t){var o=typeof i,a="string"===o||Array.isArray(i);return"boolean"==typeof t&&a?t?this.addClass(i):this.removeClass(i):m(i)?this.each(function(e){k(this).toggleClass(i.call(this,e,xt(this),t),t)}):this.each(function(){var e,t,n,r;if(a){t=0,n=k(this),r=bt(i);while(e=r[t++])n.hasClass(e)?n.removeClass(e):n.addClass(e)}else void 0!==i&&"boolean"!==o||((e=xt(this))&&Q.set(this,"__className__",e),this.setAttribute&&this.setAttribute("class",e||!1===i?"":Q.get(this,"__className__")||""))})},hasClass:function(e){var t,n,r=0;t=" "+e+" ";while(n=this[r++])if(1===n.nodeType&&-1<(" "+mt(xt(n))+" ").indexOf(t))return!0;return!1}});var wt=/\r/g;k.fn.extend({val:function(n){var r,e,i,t=this[0];return arguments.length?(i=m(n),this.each(function(e){var t;1===this.nodeType&&(null==(t=i?n.call(this,e,k(this).val()):n)?t="":"number"==typeof t?t+="":Array.isArray(t)&&(t=k.map(t,function(e){return null==e?"":e+""})),(r=k.valHooks[this.type]||k.valHooks[this.nodeName.toLowerCase()])&&"set"in r&&void 0!==r.set(this,t,"value")||(this.value=t))})):t?(r=k.valHooks[t.type]||k.valHooks[t.nodeName.toLowerCase()])&&"get"in r&&void 0!==(e=r.get(t,"value"))?e:"string"==typeof(e=t.value)?e.replace(wt,""):null==e?"":e:void 0}}),k.extend({valHooks:{option:{get:function(e){var t=k.find.attr(e,"value");return null!=t?t:mt(k.text(e))}},select:{get:function(e){var t,n,r,i=e.options,o=e.selectedIndex,a="select-one"===e.type,s=a?null:[],u=a?o+1:i.length;for(r=o<0?u:a?o:0;r<u;r++)if(((n=i[r]).selected||r===o)&&!n.disabled&&(!n.parentNode.disabled||!A(n.parentNode,"optgroup"))){if(t=k(n).val(),a)return t;s.push(t)}return s},set:function(e,t){var n,r,i=e.options,o=k.makeArray(t),a=i.length;while(a--)((r=i[a]).selected=-1<k.inArray(k.valHooks.option.get(r),o))&&(n=!0);return n||(e.selectedIndex=-1),o}}}}),k.each(["radio","checkbox"],function(){k.valHooks[this]={set:function(e,t){if(Array.isArray(t))return e.checked=-1<k.inArray(k(e).val(),t)}},y.checkOn||(k.valHooks[this].get=function(e){return null===e.getAttribute("value")?"on":e.value})}),y.focusin="onfocusin"in C;var Tt=/^(?:focusinfocus|focusoutblur)$/,Ct=function(e){e.stopPropagation()};k.extend(k.event,{trigger:function(e,t,n,r){var i,o,a,s,u,l,c,f,p=[n||E],d=v.call(e,"type")?e.type:e,h=v.call(e,"namespace")?e.namespace.split("."):[];if(o=f=a=n=n||E,3!==n.nodeType&&8!==n.nodeType&&!Tt.test(d+k.event.triggered)&&(-1<d.indexOf(".")&&(d=(h=d.split(".")).shift(),h.sort()),u=d.indexOf(":")<0&&"on"+d,(e=e[k.expando]?e:new k.Event(d,"object"==typeof e&&e)).isTrigger=r?2:3,e.namespace=h.join("."),e.rnamespace=e.namespace?new RegExp("(^|\\.)"+h.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,e.result=void 0,e.target||(e.target=n),t=null==t?[e]:k.makeArray(t,[e]),c=k.event.special[d]||{},r||!c.trigger||!1!==c.trigger.apply(n,t))){if(!r&&!c.noBubble&&!x(n)){for(s=c.delegateType||d,Tt.test(s+d)||(o=o.parentNode);o;o=o.parentNode)p.push(o),a=o;a===(n.ownerDocument||E)&&p.push(a.defaultView||a.parentWindow||C)}i=0;while((o=p[i++])&&!e.isPropagationStopped())f=o,e.type=1<i?s:c.bindType||d,(l=(Q.get(o,"events")||{})[e.type]&&Q.get(o,"handle"))&&l.apply(o,t),(l=u&&o[u])&&l.apply&&G(o)&&(e.result=l.apply(o,t),!1===e.result&&e.preventDefault());return e.type=d,r||e.isDefaultPrevented()||c._default&&!1!==c._default.apply(p.pop(),t)||!G(n)||u&&m(n[d])&&!x(n)&&((a=n[u])&&(n[u]=null),k.event.triggered=d,e.isPropagationStopped()&&f.addEventListener(d,Ct),n[d](),e.isPropagationStopped()&&f.removeEventListener(d,Ct),k.event.triggered=void 0,a&&(n[u]=a)),e.result}},simulate:function(e,t,n){var r=k.extend(new k.Event,n,{type:e,isSimulated:!0});k.event.trigger(r,null,t)}}),k.fn.extend({trigger:function(e,t){return this.each(function(){k.event.trigger(e,t,this)})},triggerHandler:function(e,t){var n=this[0];if(n)return k.event.trigger(e,t,n,!0)}}),y.focusin||k.each({focus:"focusin",blur:"focusout"},function(n,r){var i=function(e){k.event.simulate(r,e.target,k.event.fix(e))};k.event.special[r]={setup:function(){var e=this.ownerDocument||this,t=Q.access(e,r);t||e.addEventListener(n,i,!0),Q.access(e,r,(t||0)+1)},teardown:function(){var e=this.ownerDocument||this,t=Q.access(e,r)-1;t?Q.access(e,r,t):(e.removeEventListener(n,i,!0),Q.remove(e,r))}}});var Et=C.location,kt=Date.now(),St=/\?/;k.parseXML=function(e){var t;if(!e||"string"!=typeof e)return null;try{t=(new C.DOMParser).parseFromString(e,"text/xml")}catch(e){t=void 0}return t&&!t.getElementsByTagName("parsererror").length||k.error("Invalid XML: "+e),t};var Nt=/\[\]$/,At=/\r?\n/g,Dt=/^(?:submit|button|image|reset|file)$/i,jt=/^(?:input|select|textarea|keygen)/i;function qt(n,e,r,i){var t;if(Array.isArray(e))k.each(e,function(e,t){r||Nt.test(n)?i(n,t):qt(n+"["+("object"==typeof t&&null!=t?e:"")+"]",t,r,i)});else if(r||"object"!==w(e))i(n,e);else for(t in e)qt(n+"["+t+"]",e[t],r,i)}k.param=function(e,t){var n,r=[],i=function(e,t){var n=m(t)?t():t;r[r.length]=encodeURIComponent(e)+"="+encodeURIComponent(null==n?"":n)};if(null==e)return"";if(Array.isArray(e)||e.jquery&&!k.isPlainObject(e))k.each(e,function(){i(this.name,this.value)});else for(n in e)qt(n,e[n],t,i);return r.join("&")},k.fn.extend({serialize:function(){return k.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var e=k.prop(this,"elements");return e?k.makeArray(e):this}).filter(function(){var e=this.type;return this.name&&!k(this).is(":disabled")&&jt.test(this.nodeName)&&!Dt.test(e)&&(this.checked||!pe.test(e))}).map(function(e,t){var n=k(this).val();return null==n?null:Array.isArray(n)?k.map(n,function(e){return{name:t.name,value:e.replace(At,"\r\n")}}):{name:t.name,value:n.replace(At,"\r\n")}}).get()}});var Lt=/%20/g,Ht=/#.*$/,Ot=/([?&])_=[^&]*/,Pt=/^(.*?):[ \t]*([^\r\n]*)$/gm,Rt=/^(?:GET|HEAD)$/,Mt=/^\/\//,It={},Wt={},$t="*/".concat("*"),Ft=E.createElement("a");function Bt(o){return function(e,t){"string"!=typeof e&&(t=e,e="*");var n,r=0,i=e.toLowerCase().match(R)||[];if(m(t))while(n=i[r++])"+"===n[0]?(n=n.slice(1)||"*",(o[n]=o[n]||[]).unshift(t)):(o[n]=o[n]||[]).push(t)}}function _t(t,i,o,a){var s={},u=t===Wt;function l(e){var r;return s[e]=!0,k.each(t[e]||[],function(e,t){var n=t(i,o,a);return"string"!=typeof n||u||s[n]?u?!(r=n):void 0:(i.dataTypes.unshift(n),l(n),!1)}),r}return l(i.dataTypes[0])||!s["*"]&&l("*")}function zt(e,t){var n,r,i=k.ajaxSettings.flatOptions||{};for(n in t)void 0!==t[n]&&((i[n]?e:r||(r={}))[n]=t[n]);return r&&k.extend(!0,e,r),e}Ft.href=Et.href,k.extend({active:0,lastModified:{},etag:{},ajaxSettings:{url:Et.href,type:"GET",isLocal:/^(?:about|app|app-storage|.+-extension|file|res|widget):$/.test(Et.protocol),global:!0,processData:!0,async:!0,contentType:"application/x-www-form-urlencoded; charset=UTF-8",accepts:{"*":$t,text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"},contents:{xml:/\bxml\b/,html:/\bhtml/,json:/\bjson\b/},responseFields:{xml:"responseXML",text:"responseText",json:"responseJSON"},converters:{"* text":String,"text html":!0,"text json":JSON.parse,"text xml":k.parseXML},flatOptions:{url:!0,context:!0}},ajaxSetup:function(e,t){return t?zt(zt(e,k.ajaxSettings),t):zt(k.ajaxSettings,e)},ajaxPrefilter:Bt(It),ajaxTransport:Bt(Wt),ajax:function(e,t){"object"==typeof e&&(t=e,e=void 0),t=t||{};var c,f,p,n,d,r,h,g,i,o,v=k.ajaxSetup({},t),y=v.context||v,m=v.context&&(y.nodeType||y.jquery)?k(y):k.event,x=k.Deferred(),b=k.Callbacks("once memory"),w=v.statusCode||{},a={},s={},u="canceled",T={readyState:0,getResponseHeader:function(e){var t;if(h){if(!n){n={};while(t=Pt.exec(p))n[t[1].toLowerCase()+" "]=(n[t[1].toLowerCase()+" "]||[]).concat(t[2])}t=n[e.toLowerCase()+" "]}return null==t?null:t.join(", ")},getAllResponseHeaders:function(){return h?p:null},setRequestHeader:function(e,t){return null==h&&(e=s[e.toLowerCase()]=s[e.toLowerCase()]||e,a[e]=t),this},overrideMimeType:function(e){return null==h&&(v.mimeType=e),this},statusCode:function(e){var t;if(e)if(h)T.always(e[T.status]);else for(t in e)w[t]=[w[t],e[t]];return this},abort:function(e){var t=e||u;return c&&c.abort(t),l(0,t),this}};if(x.promise(T),v.url=((e||v.url||Et.href)+"").replace(Mt,Et.protocol+"//"),v.type=t.method||t.type||v.method||v.type,v.dataTypes=(v.dataType||"*").toLowerCase().match(R)||[""],null==v.crossDomain){r=E.createElement("a");try{r.href=v.url,r.href=r.href,v.crossDomain=Ft.protocol+"//"+Ft.host!=r.protocol+"//"+r.host}catch(e){v.crossDomain=!0}}if(v.data&&v.processData&&"string"!=typeof v.data&&(v.data=k.param(v.data,v.traditional)),_t(It,v,t,T),h)return T;for(i in(g=k.event&&v.global)&&0==k.active++&&k.event.trigger("ajaxStart"),v.type=v.type.toUpperCase(),v.hasContent=!Rt.test(v.type),f=v.url.replace(Ht,""),v.hasContent?v.data&&v.processData&&0===(v.contentType||"").indexOf("application/x-www-form-urlencoded")&&(v.data=v.data.replace(Lt,"+")):(o=v.url.slice(f.length),v.data&&(v.processData||"string"==typeof v.data)&&(f+=(St.test(f)?"&":"?")+v.data,delete v.data),!1===v.cache&&(f=f.replace(Ot,"$1"),o=(St.test(f)?"&":"?")+"_="+kt+++o),v.url=f+o),v.ifModified&&(k.lastModified[f]&&T.setRequestHeader("If-Modified-Since",k.lastModified[f]),k.etag[f]&&T.setRequestHeader("If-None-Match",k.etag[f])),(v.data&&v.hasContent&&!1!==v.contentType||t.contentType)&&T.setRequestHeader("Content-Type",v.contentType),T.setRequestHeader("Accept",v.dataTypes[0]&&v.accepts[v.dataTypes[0]]?v.accepts[v.dataTypes[0]]+("*"!==v.dataTypes[0]?", "+$t+"; q=0.01":""):v.accepts["*"]),v.headers)T.setRequestHeader(i,v.headers[i]);if(v.beforeSend&&(!1===v.beforeSend.call(y,T,v)||h))return T.abort();if(u="abort",b.add(v.complete),T.done(v.success),T.fail(v.error),c=_t(Wt,v,t,T)){if(T.readyState=1,g&&m.trigger("ajaxSend",[T,v]),h)return T;v.async&&0<v.timeout&&(d=C.setTimeout(function(){T.abort("timeout")},v.timeout));try{h=!1,c.send(a,l)}catch(e){if(h)throw e;l(-1,e)}}else l(-1,"No Transport");function l(e,t,n,r){var i,o,a,s,u,l=t;h||(h=!0,d&&C.clearTimeout(d),c=void 0,p=r||"",T.readyState=0<e?4:0,i=200<=e&&e<300||304===e,n&&(s=function(e,t,n){var r,i,o,a,s=e.contents,u=e.dataTypes;while("*"===u[0])u.shift(),void 0===r&&(r=e.mimeType||t.getResponseHeader("Content-Type"));if(r)for(i in s)if(s[i]&&s[i].test(r)){u.unshift(i);break}if(u[0]in n)o=u[0];else{for(i in n){if(!u[0]||e.converters[i+" "+u[0]]){o=i;break}a||(a=i)}o=o||a}if(o)return o!==u[0]&&u.unshift(o),n[o]}(v,T,n)),s=function(e,t,n,r){var i,o,a,s,u,l={},c=e.dataTypes.slice();if(c[1])for(a in e.converters)l[a.toLowerCase()]=e.converters[a];o=c.shift();while(o)if(e.responseFields[o]&&(n[e.responseFields[o]]=t),!u&&r&&e.dataFilter&&(t=e.dataFilter(t,e.dataType)),u=o,o=c.shift())if("*"===o)o=u;else if("*"!==u&&u!==o){if(!(a=l[u+" "+o]||l["* "+o]))for(i in l)if((s=i.split(" "))[1]===o&&(a=l[u+" "+s[0]]||l["* "+s[0]])){!0===a?a=l[i]:!0!==l[i]&&(o=s[0],c.unshift(s[1]));break}if(!0!==a)if(a&&e["throws"])t=a(t);else try{t=a(t)}catch(e){return{state:"parsererror",error:a?e:"No conversion from "+u+" to "+o}}}return{state:"success",data:t}}(v,s,T,i),i?(v.ifModified&&((u=T.getResponseHeader("Last-Modified"))&&(k.lastModified[f]=u),(u=T.getResponseHeader("etag"))&&(k.etag[f]=u)),204===e||"HEAD"===v.type?l="nocontent":304===e?l="notmodified":(l=s.state,o=s.data,i=!(a=s.error))):(a=l,!e&&l||(l="error",e<0&&(e=0))),T.status=e,T.statusText=(t||l)+"",i?x.resolveWith(y,[o,l,T]):x.rejectWith(y,[T,l,a]),T.statusCode(w),w=void 0,g&&m.trigger(i?"ajaxSuccess":"ajaxError",[T,v,i?o:a]),b.fireWith(y,[T,l]),g&&(m.trigger("ajaxComplete",[T,v]),--k.active||k.event.trigger("ajaxStop")))}return T},getJSON:function(e,t,n){return k.get(e,t,n,"json")},getScript:function(e,t){return k.get(e,void 0,t,"script")}}),k.each(["get","post"],function(e,i){k[i]=function(e,t,n,r){return m(t)&&(r=r||n,n=t,t=void 0),k.ajax(k.extend({url:e,type:i,dataType:r,data:t,success:n},k.isPlainObject(e)&&e))}}),k._evalUrl=function(e,t){return k.ajax({url:e,type:"GET",dataType:"script",cache:!0,async:!1,global:!1,converters:{"text script":function(){}},dataFilter:function(e){k.globalEval(e,t)}})},k.fn.extend({wrapAll:function(e){var t;return this[0]&&(m(e)&&(e=e.call(this[0])),t=k(e,this[0].ownerDocument).eq(0).clone(!0),this[0].parentNode&&t.insertBefore(this[0]),t.map(function(){var e=this;while(e.firstElementChild)e=e.firstElementChild;return e}).append(this)),this},wrapInner:function(n){return m(n)?this.each(function(e){k(this).wrapInner(n.call(this,e))}):this.each(function(){var e=k(this),t=e.contents();t.length?t.wrapAll(n):e.append(n)})},wrap:function(t){var n=m(t);return this.each(function(e){k(this).wrapAll(n?t.call(this,e):t)})},unwrap:function(e){return this.parent(e).not("body").each(function(){k(this).replaceWith(this.childNodes)}),this}}),k.expr.pseudos.hidden=function(e){return!k.expr.pseudos.visible(e)},k.expr.pseudos.visible=function(e){return!!(e.offsetWidth||e.offsetHeight||e.getClientRects().length)},k.ajaxSettings.xhr=function(){try{return new C.XMLHttpRequest}catch(e){}};var Ut={0:200,1223:204},Xt=k.ajaxSettings.xhr();y.cors=!!Xt&&"withCredentials"in Xt,y.ajax=Xt=!!Xt,k.ajaxTransport(function(i){var o,a;if(y.cors||Xt&&!i.crossDomain)return{send:function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain||e["X-Requested-With"]||(e["X-Requested-With"]="XMLHttpRequest"),e)r.setRequestHeader(n,e[n]);o=function(e){return function(){o&&(o=a=r.onload=r.onerror=r.onabort=r.ontimeout=r.onreadystatechange=null,"abort"===e?r.abort():"error"===e?"number"!=typeof r.status?t(0,"error"):t(r.status,r.statusText):t(Ut[r.status]||r.status,r.statusText,"text"!==(r.responseType||"text")||"string"!=typeof r.responseText?{binary:r.response}:{text:r.responseText},r.getAllResponseHeaders()))}},r.onload=o(),a=r.onerror=r.ontimeout=o("error"),void 0!==r.onabort?r.onabort=a:r.onreadystatechange=function(){4===r.readyState&&C.setTimeout(function(){o&&a()})},o=o("abort");try{r.send(i.hasContent&&i.data||null)}catch(e){if(o)throw e}},abort:function(){o&&o()}}}),k.ajaxPrefilter(function(e){e.crossDomain&&(e.contents.script=!1)}),k.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/\b(?:java|ecma)script\b/},converters:{"text script":function(e){return k.globalEval(e),e}}}),k.ajaxPrefilter("script",function(e){void 0===e.cache&&(e.cache=!1),e.crossDomain&&(e.type="GET")}),k.ajaxTransport("script",function(n){var r,i;if(n.crossDomain||n.scriptAttrs)return{send:function(e,t){r=k("<script>").attr(n.scriptAttrs||{}).prop({charset:n.scriptCharset,src:n.url}).on("load error",i=function(e){r.remove(),i=null,e&&t("error"===e.type?404:200,e.type)}),E.head.appendChild(r[0])},abort:function(){i&&i()}}});var Vt,Gt=[],Yt=/(=)\?(?=&|$)|\?\?/;k.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=Gt.pop()||k.expando+"_"+kt++;return this[e]=!0,e}}),k.ajaxPrefilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Yt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Yt.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=m(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Yt,"$1"+r):!1!==e.jsonp&&(e.url+=(St.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o||k.error(r+" was not called"),o[0]},e.dataTypes[0]="json",i=C[r],C[r]=function(){o=arguments},n.always(function(){void 0===i?k(C).removeProp(r):C[r]=i,e[r]&&(e.jsonpCallback=t.jsonpCallback,Gt.push(r)),o&&m(i)&&i(o[0]),o=i=void 0}),"script"}),y.createHTMLDocument=((Vt=E.implementation.createHTMLDocument("").body).innerHTML="<form></form><form></form>",2===Vt.childNodes.length),k.parseHTML=function(e,t,n){return"string"!=typeof e?[]:("boolean"==typeof t&&(n=t,t=!1),t||(y.createHTMLDocument?((r=(t=E.implementation.createHTMLDocument("")).createElement("base")).href=E.location.href,t.head.appendChild(r)):t=E),o=!n&&[],(i=D.exec(e))?[t.createElement(i[1])]:(i=we([e],t,o),o&&o.length&&k(o).remove(),k.merge([],i.childNodes)));var r,i,o},k.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return-1<s&&(r=mt(e.slice(s)),e=e.slice(0,s)),m(t)?(n=t,t=void 0):t&&"object"==typeof t&&(i="POST"),0<a.length&&k.ajax({url:e,type:i||"GET",dataType:"html",data:t}).done(function(e){o=arguments,a.html(r?k("<div>").append(k.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},k.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){k.fn[t]=function(e){return this.on(t,e)}}),k.expr.pseudos.animated=function(t){return k.grep(k.timers,function(e){return t===e.elem}).length},k.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l=k.css(e,"position"),c=k(e),f={};"static"===l&&(e.style.position="relative"),s=c.offset(),o=k.css(e,"top"),u=k.css(e,"left"),("absolute"===l||"fixed"===l)&&-1<(o+u).indexOf("auto")?(a=(r=c.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),m(t)&&(t=t.call(e,n,k.extend({},s))),null!=t.top&&(f.top=t.top-s.top+a),null!=t.left&&(f.left=t.left-s.left+i),"using"in t?t.using.call(e,f):c.css(f)}},k.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(e){k.offset.setOffset(this,t,e)});var e,n,r=this[0];return r?r.getClientRects().length?(e=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:e.top+n.pageYOffset,left:e.left+n.pageXOffset}):{top:0,left:0}:void 0},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===k.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===k.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=k(e).offset()).top+=k.css(e,"borderTopWidth",!0),i.left+=k.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-k.css(r,"marginTop",!0),left:t.left-i.left-k.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===k.css(e,"position"))e=e.offsetParent;return e||ie})}}),k.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;k.fn[t]=function(e){return _(this,function(e,t,n){var r;if(x(e)?r=e:9===e.nodeType&&(r=e.defaultView),void 0===n)return r?r[i]:e[t];r?r.scrollTo(o?r.pageXOffset:n,o?n:r.pageYOffset):e[t]=n},t,e,arguments.length)}}),k.each(["top","left"],function(e,n){k.cssHooks[n]=ze(y.pixelPosition,function(e,t){if(t)return t=_e(e,n),$e.test(t)?k(e).position()[n]+"px":t})}),k.each({Height:"height",Width:"width"},function(a,s){k.each({padding:"inner"+a,content:s,"":"outer"+a},function(r,o){k.fn[o]=function(e,t){var n=arguments.length&&(r||"boolean"!=typeof e),i=r||(!0===e||!0===t?"margin":"border");return _(this,function(e,t,n){var r;return x(e)?0===o.indexOf("outer")?e["inner"+a]:e.document.documentElement["client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?k.css(e,t,i):k.style(e,t,n,i)},s,n?e:void 0,n)}})}),k.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,n){k.fn[n]=function(e,t){return 0<arguments.length?this.on(n,null,e,t):this.trigger(n)}}),k.fn.extend({hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),k.fn.extend({bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)}}),k.proxy=function(e,t){var n,r,i;if("string"==typeof t&&(n=e[t],t=e,e=n),m(e))return r=s.call(arguments,2),(i=function(){return e.apply(t||this,r.concat(s.call(arguments)))}).guid=e.guid=e.guid||k.guid++,i},k.holdReady=function(e){e?k.readyWait++:k.ready(!0)},k.isArray=Array.isArray,k.parseJSON=JSON.parse,k.nodeName=A,k.isFunction=m,k.isWindow=x,k.camelCase=V,k.type=w,k.now=Date.now,k.isNumeric=function(e){var t=k.type(e);return("number"===t||"string"===t)&&!isNaN(e-parseFloat(e))},"function"==typeof define&&define.amd&&define("jquery",[],function(){return k});var Qt=C.jQuery,Jt=C.$;return k.noConflict=function(e){return C.$===k&&(C.$=Jt),e&&C.jQuery===k&&(C.jQuery=Qt),k},e||(C.jQuery=C.$=k),k});
        </script>
        <script type="text/javascript">
            /*! jQuery Stupid Table Plugin by Joseph McCullough | https://github.com/joequery/Stupid-Table-Plugin/blob/master/LICENSE */
            (function(e){e.fn.stupidtable=function(j){return this.each(function(){var d=e(this);j=j||{};j=e.extend({},{"int":function(b,a){return parseInt(b,10)-parseInt(a,10)},"float":function(b,a){return parseFloat(b)-parseFloat(a)},string:function(b,a){return b<a?-1:b>a?1:0},"string-ins":function(b,a){b=b.toLowerCase();a=a.toLowerCase();return b<a?-1:b>a?1:0}},j);d.on("click","th",function(){var b=d.children("tbody").children("tr"),a=e(this),k=0,n=e.fn.stupidtable.dir;d.find("th").slice(0,a.index()).each(function(){var a=e(this).attr("colspan")||1;k+=parseInt(a,10)});var m=a.data("sort-dir")===n.ASC?n.DESC:n.ASC,p=m==n.DESC?a.data("sort-desc")||a.data("sort")||null:a.data("sort")||null;null!==p&&(d.trigger("beforetablesort",{column:k,direction:m}),d.css("display"),setTimeout(function(){var l=[],c=j[p];b.each(function(a,b){var c=e(b).children().eq(k),d=c.data("sort-value"),c="undefined"!==typeof d?d:c.text();l.push(c)});var f=[],g=0;if(a.data("sort-dir")&&!a.data("sort-desc"))for(c=l.length-1;0<=c;c--)f.push(c);else for(var h=l.slice(0).sort(c),c=0;c<l.length;c++){for(g=e.inArray(l[c],h);-1!=e.inArray(g,f);)g++;f.push(g)}d.find("th").data("sort-dir",null).removeClass("sorting-desc sorting-asc");a.data("sort-dir",m).addClass("sorting-"+m);g=b.slice(0);for(h=c=0;h<f.length;h++)c=f[h],g[c]=b[h];f=e(g);d.children("tbody").append(f);d.trigger("aftertablesort",{column:k,direction:m});d.css("display")},10))})})};e.fn.stupidtable.dir={ASC:"asc",DESC:"desc"}})(jQuery);
        </script>
        <script type="text/javascript">
            $(document).ready(function() {
                $(".expandable").click(function (event) {
                    e = event || window.event;
                    var h = e.target || e.srcElement;
                    var content = "#content" + h.id.substr(6);
                    var header = "#" + h.id;
                    $(content).slideToggle("fast");
                    var exprx = /expandable\b/;
                    if (exprx.exec($(header).attr("class"))) {
                        $(header).addClass("collapsed");
                        $(header).removeClass("expandable");
                    } else {
                        $(header).addClass("expandable");
                        $(header).removeClass("collapsed");
                    }
                    var essrx = /expandablesubsection/;
                    var cssrx = /collaspablesubsection/;
                    if (essrx.exec($(header).attr("class"))) {
                        $(header).addClass("collaspablesubsection");
                        $(header).removeClass("expandablesubsection");
                    } else if (cssrx.exec($(header).attr("class"))) {
                        $(header).addClass("expandablesubsection");
                        $(header).removeClass("collaspablesubsection");
                    }
                    return false;
                });
                var table = $("#summaryTable").stupidtable();
                table.bind('aftertablesort', function (event, data) {
                    var th = $(this).find('th');
                    th.find(".arrow").remove();
                    var arrow = data.direction === 'asc' ? '↑' : '↓';
                    th.eq(data.column).append('<span class="arrow">' + arrow +'</span>');
                });
            });

            $(function(){
                $('#modal-background, #modal-close').click(function () {
                    $('#modal-content,#modal-background').toggleClass('active');
                });
                $('#modal-text').bind('copy cut', function() {
                    setTimeout('$("#modal-content,#modal-background").toggleClass("active");',100);
                });
                $('#modal-text').keyup(function(e){
                    if(e.keyCode === 27) {
                        setTimeout('$("#modal-content,#modal-background").toggleClass("active");',100);
                    }
                });
                $('#modal-add-header').click(function () {
                    xml = '<?xml version="1.0" encoding="UTF-8"?>\n<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">\n   ';
                    xml += $("#modal-text").text().replace(/\n/g,'\n   ');
                    xml += '\n</suppressions>';
                    $('#modal-add-header').toggleClass('active');
                    $('#modal-text').text(xml).focus().select();
                });
            });
            function suppressSwitchTo(switchTo) {
                $('#modal-suppress-change-to-sha1').toggleClass('active');
                $('#modal-suppress-change-to-packageUrl').toggleClass('active');
                if (!$('#modal-add-header').hasClass('active')) {
                    $('#modal-add-header').toggleClass('active');
                }
                setCopyText($('#suppress-name').val(),
                            switchTo,
                            $('#suppress-'+switchTo).val(), 
                            $('#suppress-type').val(), 
                            $('#suppress-val').val());
            }
            function copyText(name, sha1, packageUrl, type, val) {
                $('#suppress-name').val(name);
                $('#suppress-type').val(type);
                $('#suppress-val').val(val);
                $('#suppress-sha1').val(sha1);
                $('#suppress-packageUrl').val(packageUrl);
                if (packageUrl=='') {
                    if ($('#modal-suppress-change-to-packageUrl').hasClass('active')) {
                        $('#modal-suppress-change-to-packageUrl').toggleClass('active');
                    }
                    if ($('#modal-suppress-change-to-sha1').hasClass('active')) {
                        $('#modal-suppress-change-to-sha1').toggleClass('active');
                    }
                    setCopyText(name, 'sha1', sha1, type, val);
                } else {
                    if ($('#modal-suppress-change-to-packageUrl').hasClass('active')) {
                        $('#modal-suppress-change-to-packageUrl').toggleClass('active');
                    }
                    if (!$('#modal-suppress-change-to-sha1').hasClass('active')) {
                        $('#modal-suppress-change-to-sha1').toggleClass('active');
                    }
                    setCopyText(name, 'packageUrl', packageUrl, type, val);
                }
            }
            function escapeRegExp(text) {
              return text.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, '\\$&');
            }
            function setCopyText(name, matchType, matchValue, suppressType, suppressVal) {
                xml =  '<suppress>\n';
                xml += '   <notes><!'+'[CDATA[\n   file name: ' + name + '\n   ]]'+'></notes>\n';
                if (matchType=='packageUrl') {
                    v = matchValue.match(/^[^@]+/);
                    if (v && v[0]) {
                        xml += '   <'+matchType+' regex="true">^' + escapeRegExp(v[0]) + '@.*$</'+matchType+'>\n';
                    } else {
                        xml += '   <'+matchType+'>' + matchValue + '</'+matchType+'>\n';
                    }
                } else {
                    xml += '   <'+matchType+'>' + matchValue + '</'+matchType+'>\n';
                }
                if (suppressType=='cpe') {
                    v = suppressVal.match(/^cpe:\/a:[^:]+:[^:]+/);
                    if (v && v[0]) {
                        xml += '   <'+suppressType+'>' + v[0] + '</'+suppressType+'>\n';
                    } else {
                        xml += '   <'+suppressType+'>' + suppressVal + '</'+suppressType+'>\n';
                    }
                } else {
                    xml += '   <'+suppressType+'>' + suppressVal + '</'+suppressType+'>\n';
                }
                xml += '</suppress>';
                $('#modal-text').text(xml);
                $('#modal-content,#modal-background,#modal-add-header').addClass('active');
                $('#modal-text').focus();
                $('#modal-text').select();
            }
            function toggleDisplay(el, clzName, all, some) {
                $(clzName).toggle();
                if (el.innerHTML == all) {
                    el.innerHTML = some;
                } else {
                    el.innerHTML = all;
                }
                return false;
            }
        </script>
        <style type="text/css">
            #modal-background {
                display: none;
                position: fixed;
                top: 0;
                left: 0;
                width: 100%;
                height: 100%;
                background-color: white;
                opacity: .50;
                -webkit-opacity: .5;
                -moz-opacity: .5;
                filter: alpha(opacity=50);
                z-index: 1000;
            }

            #modal-content {
                background-color: white;
                border-radius: 10px;
                -webkit-border-radius: 10px;
                -moz-border-radius: 10px;
                box-shadow: 0 0 20px 0 #222;
                -webkit-box-shadow: 0 0 20px 0 #222;
                -moz-box-shadow: 0 0 20px 0 #222;
                display: none;
                height: 240px;
                left: 50%;
                margin: -120px 0 0 -160px;
                padding: 10px;
                position: fixed;
                top: 50%;
                z-index: 1000;
            }
            #modal-add-header {
                display: none;
            }
            #modal-add-header.active {
                display: block;
            }
            #modal-background.active, #modal-content.active {
                display: block;
            }
            #modal-text {
                border: 0;
                overflow: hidden
            }
            #modal-text:focus {
                outline: none;
            }
            .suppresstype {
                display: none;
            }
            .suppresstype.active {
                display: block;
            }  
            .suppressedLabel {
                cursor: default;
                padding:1px;
                background-color: #eeeeee;
                border: 1px solid #555555;
                color:#555555;
                text-decoration:none;
                -moz-border-radius: 3px;
                -webkit-border-radius: 3px;
                -khtml-border-radius: 3px;
                -o-border-radius: 3px;
                border-radius: 3px;
            }
            .copybutton {
                padding:1px;
                background-color: #eeeeee;
                border: 1px solid #555555;
                color:#555555;
                text-decoration:none;
                -moz-border-radius: 3px;
                -webkit-border-radius: 3px;
                -khtml-border-radius: 3px;
                -o-border-radius: 3px;
                border-radius: 3px;
            }
            .copybutton:hover {
                padding:1px;
                background-color: #dddddd;
                border: 1px solid #444444;
                color:#444444;
                text-decoration:none;
                -moz-border-radius: 3px;
                -webkit-border-radius: 3px;
                -khtml-border-radius: 3px;
                -o-border-radius: 3px;
                border-radius: 3px;
            }
            .modal-button {
                padding:1px;
                float:left;
                background-color: #eeeeee;
                border: 1px solid #555555;
                color:#555555;
                text-decoration:none;
                -moz-border-radius: 3px;
                -webkit-border-radius: 3px;
                -khtml-border-radius: 3px;
                -o-border-radius: 3px;
                border-radius: 3px;
            }
            .modal-button:hover {
                padding:1px;
                float:left;
                background-color: #dddddd;
                border: 1px solid #333333;
                color:#333333;
                text-decoration:none;
                -moz-border-radius: 3px;
                -webkit-border-radius: 3px;
                -khtml-border-radius: 3px;
                -o-border-radius: 3px;
                border-radius: 3px;
            }
            .modal-button-right {
                padding:1px;
                float:right;
                background-color: #eeeeee;
                border: 1px solid #555555;
                color:#555555;
                text-decoration:none;
                -moz-border-radius: 3px;
                -webkit-border-radius: 3px;
                -khtml-border-radius: 3px;
                -o-border-radius: 3px;
                border-radius: 3px;
            }
            .modal-button-right:hover {
                padding:1px;
                float:right;
                background-color: #dddddd;
                border: 1px solid #333333;
                color:#333333;
                text-decoration:none;
                -moz-border-radius: 3px;
                -webkit-border-radius: 3px;
                -khtml-border-radius: 3px;
                -o-border-radius: 3px;
                border-radius: 3px;
            }
            .rounded-corners {
                -moz-border-radius: 20px;
                -webkit-border-radius: 20px;
                -khtml-border-radius: 20px;
                -o-border-radius: 20px;
                border-radius: 20px;
            }
            .hidden {
                display: none;
            }
            .expandable {
                cursor: pointer;
                background-image: url(data:image/gif;base64,R0lGODlhDAAMAIABAICAgP///yH5BAEAAAEALAAAAAAMAAwAAAIcjI8Hy22Q1FNwhnpxhW3d2XFWJn2PNiZbyERuAQA7);
                background-repeat: no-repeat;
                background-position: 98% 50%;
            }
            .collapsed {
                cursor: pointer;
                background-image: url(data:image/gif;base64,R0lGODlhDAAMAIABAICAgP///yH5BAEAAAEALAAAAAAMAAwAAAIajI8Hy22Q1IszQHphW3ZuXUUZ1ZXi8zFkUgAAOw==);
                background-repeat: no-repeat;
                background-position: 98% 50%;
            }
            .expandablesubsection {
                -moz-border-radius-bottomleft:15px; /* bottom left corner */
                -webkit-border-bottom-left-radius:15px; /* bottom left corner */
                border-bottom-left-radius: 15px;
                border-bottom: 1px solid #cccccc;
            }
            .collaspablesubsection {
                -moz-border-radius-bottomleft:0px; /* bottom left corner */
                -webkit-border-bottom-left-radius:0px; /* bottom left corner */
                border-bottom-left-radius: 0px;
                border-bottom: 0px solid #ffffff;
            }
            .standardsubsection {
                -moz-border-radius-bottomleft:0px; /* bottom left corner */
                -webkit-border-bottom-left-radius:0px; /* bottom left corner */
                border-bottom-left-radius: 0px;
                border-bottom: 0px solid #ffffff;
            }
            .content {
                margin-top:0px;
                margin-left:20px;
                margin-right:20px;
                margin-bottom:20px;
                background: #ffffff;
                padding: 20px;
            }

            .sectionheader {
                background-color: #cccccc;
                margin-top: 20px;
                margin-right: 20px;
                margin-left: 20px;
                margin-bottom: 0px;
                padding-top: 10px;
                padding-bottom: 10px;
                padding-left:20px;
                padding-right:20px;
                border-top: 1px solid #ccc;
                border-right: 1px solid #ccc;
                border-left: 1px solid #ccc;
                border-bottom: 0px;

                /*
                -moz-border-radius: 15px;
                -webkit-border-radius: 15px;
                -o-border-radius: 15px;
                border-radius: 15px;
                */

                /* firefox's individual border radius properties */
                -moz-border-radius-topleft:15px; /* top left corner */
                -moz-border-radius-topright:0px; /* top right corner */
                -moz-border-radius-bottomleft:0px; /* bottom left corner */
                -moz-border-radius-bottomright:0px; /* bottom right corner */

                /* webkit's individual border radius properties */
                -webkit-border-top-left-radius:15px; /* top left corner */
                -webkit-border-top-right-radius:0px; /* top right corner */
                -webkit-border-bottom-left-radius:0px; /* bottom left corner */
                -webkit-border-bottom-right-radius:0px; /* bottom right corner */
                /* ie9+ */
                border-top-left-radius: 15px;
                border-top-right-radius: 0px;
                border-bottom-right-radius: 0px;
                border-bottom-left-radius: 0px;
            }
            .sectioncontent {
                margin-top:0px;
                margin-left:20px;
                margin-right:20px;
                margin-bottom:10px;
                background: #ffffff;

                padding-top: 10px;
                padding-bottom: 20px;
                padding-left:20px;
                padding-right:20px;

                border-top: 0px;
                border-right: 1px solid #ccc;
                border-left: 1px solid #ccc;
                border-bottom: 1px solid #ccc;

                -moz-border-radius-topleft:0px; /* top left corner */
                -moz-border-radius-topright:0px; /* top right corner */
                -moz-border-radius-bottomright:15px; /* bottom right corner */
                -moz-border-radius-bottomleft:15px; /* bottom right corner */

                /* webkit's individual border radius properties */
                -webkit-border-top-left-radius:0px; /* top left corner */
                -webkit-border-top-right-radius:0px; /* top right corner */
                -webkit-border-bottom-right-radius:15px; /* bottom right corner */
                -webkit-border-bottom-left-radius:15px; /* bottom right corner */
                /* ie9+ */
                border-top-left-radius: 0px;
                border-top-right-radius: 0px;
                border-bottom-right-radius: 15px;
                border-bottom-left-radius: 15px;
            }

            .subsectionheader {
                background-color: #cccccc;
                margin-top: 20px;
                margin-right: 20px;
                margin-left: 0px;
                margin-bottom: 0px;
                padding-top: 10px;
                padding-bottom: 10px;
                padding-left:20px;
                padding-right:20px;
                border-top: 1px solid #ccc;
                border-right: 1px solid #ccc;
                border-left: 1px solid #ccc;

                /* firefox's individual border radius properties */
                -moz-border-radius-topleft:15px; /* top left corner */
                -moz-border-radius-topright:0px; /* top right corner */
                -moz-border-radius-bottomright:0px; /* bottom right corner */

                /* webkit's individual border radius properties */
                -webkit-border-top-left-radius:15px; /* top left corner */
                -webkit-border-top-right-radius:0px; /* top right corner */
                -webkit-border-bottom-right-radius:0px; /* bottom right corner */
                /* ie9+ */
                border-top-left-radius: 15px;
                border-top-right-radius: 0px;
                border-bottom-right-radius: 0px;
            }
            .subsectioncontent {
                margin-top:0px;
                margin-left:0px;
                margin-right:20px;
                margin-bottom:10px;
                background: #ffffff;
                padding-top: 10px;
                padding-left: 20px;
                padding-right: 20px;
                padding-bottom: 20px;
                border-top: 0px;
                border-right: 1px solid #ccc;
                border-left: 1px solid #ccc;
                border-bottom: 1px solid #ccc;

                -moz-border-radius-topleft:0px; /* top left corner */
                -moz-border-radius-topright:0px; /* top right corner */
                -moz-border-radius-bottomleft:15px; /* bottom left corner */
                -moz-border-radius-bottomright:15px; /* bottom right corner */

                /* webkit's individual border radius properties */
                -webkit-border-top-left-radius:0px; /* top left corner */
                -webkit-border-top-right-radius:0px; /* top right corner */
                -webkit-border-bottom-left-radius:15px; /* bottom left corner */
                -webkit-border-bottom-right-radius:15px; /* bottom right corner */
                /* ie9+ */
                border-top-left-radius: 0px;
                border-top-right-radius: 0px;
                border-bottom-right-radius: 15px;
                border-bottom-left-radius: 15px;

            }
            .white {
                background-color: #ffffff;
            }
            .red {
                background-color: #DF0101;
            }
            .left {
                text-align: left;
            }
            .indent {
                margin-left:20px;
            }
            td{
                vertical-align:text-top;
                padding:6px;
                margin:0px;
            }
            th {
                text-align:left
                vertical-align:text-top;
                padding:6px;
                margin:0px;
                border-bottom:1px;
                border-color: black;
            }
            table {
                border: 0px;
            }
            table.lined tr:nth-child(even) {
                background-color: #f3f3f3;
            }
            .fullwidth {
                width:100%;
            }
            body {
                font: 13px "Droid Sans",Arial,"Helvetica Neue","Lucida Grande",sans-serif
            }
            ul {
                margin-top:3px;
                margin-bottom:3px;
            }
            .vulnerable {
                color: #000;
            }
            .notvulnerable {
                display:none;
            }
            .hidden {
                display:none;
            }
            .infolink {
                text-decoration:none;
                color: blue;
                float:right;
            }
            .infolink:hover {
                text-decoration:none;
                color: blue;
                float:right;
            }
            .disclaimer {
                color: #888888;
                font: 9px "Droid Sans",Arial,"Helvetica Neue","Lucida Grande",sans-serif
            }
            .sortable {
                cursor:pointer;
            }
            .sortable:hover {
                text-decoration:underline;
            }
            pre {
                white-space: pre-wrap;
                font: 13px "Droid Sans",Arial,"Helvetica Neue","Lucida Grande",sans-serif
            }
            .underline {
                text-decoration: underline;
            }
        </style>
    </head>
    <body>
        <div id="modal-background"></div>
        <div id="modal-content">
            <div>Press CTR-C to copy XML&nbsp;<a href="http://jeremylong.github.io/DependencyCheck/general/suppression.html" class="infolink" target="_blank" title="Help with suppressing false positives">[help]</a></div>
                <button onclick="suppressSwitchTo('packageUrl')" id="modal-suppress-change-to-packageUrl" class="modal-button suppresstype" title="Supress by Maven Group Artifact Version">Suppress By GAV</button>
                <button onclick="suppressSwitchTo('sha1')" id="modal-suppress-change-to-sha1" class="modal-button suppresstype" title="Supress by SHA1 hash">Suppress By SHA1</button><br/>
                <input type="hidden" id="suppress-name"/>
                <input type="hidden" id="suppress-type"/><input type="hidden" id="suppress-val"/>
                <input type="hidden" id="suppress-sha1"/><input type="hidden" id="suppress-packageUrl"/>
                <textarea id="modal-text" cols="50" rows="10" readonly></textarea><br/>
                <button id="modal-add-header" title="Add the parent XML nodes to create the complete XML file that can be used to suppress this finding" class="modal-button">Complete XML Doc</button><button id="modal-close" class="modal-button-right">Close</button>
        </div>
        <div class="wrapper">
            <svg xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" version="1.1" x="0" y="0" width="459.5" height="150" viewBox="0 0 459.5 150" enable-background="new 0 0 595.28 841.89" xml:space="preserve"><g transform="translate(-79.10464,-172.551)"><path d="m246.1 274.3c-2.6 0-5.3-0.2-6.6-0.5-0.6-0.1-0.9-0.4-0.9-1.1l0-20.4c0-0.7 0.3-1 0.9-1.1 1.3-0.2 4-0.5 6.6-0.5 6.1 0 9.8 3.2 9.8 9.7l0 4c0 6.5-3.7 9.7-9.8 9.7zm4.6-13.7c0-4.2-1.8-5.3-4.6-5.3-0.8 0-1.8 0-2.2 0.1l0 14.4c0.4 0 1.4 0.1 2.2 0.1 2.8 0 4.6-1.1 4.6-5.3l0-4zM273 273.9 273 273.9c-1.1 0.2-2.6 0.4-6 0.4-4 0-7.5-1-7.5-6.6l0-10.2c0-5.6 3.5-6.6 7.5-6.6 3.3 0 4.9 0.2 5.9 0.4 0.4 0.1 0.6 0.2 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-6.3 0c-1.4 0-2 0.5-2 2.1l0 2.8 8 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-8 0 0 3.3c0 1.6 0.5 2.1 2 2.1l6.3 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.4-0.2 0.6-0.6 0.6zM285.2 266c-0.7 0-1.7-0.1-2.5-0.1l0 7.5c0 0.3-0.3 0.6-0.6 0.6l-4 0c-0.3 0-0.6-0.2-0.6-0.6l0-20.7c0-1 0.4-1.3 1.4-1.5 1.6-0.2 4-0.4 6.3-0.4 4.7 0 9.2 1.6 9.2 7.4l0 0.3c0 5.8-4.6 7.5-9.2 7.5zm3.9-7.7c0-2.2-1.4-3-3.9-3-0.4 0-2.1 0.1-2.5 0.1l0 6.3c0.3 0 2.2 0.1 2.5 0.1 2.7 0 3.9-1 3.9-3.1l0-0.3zM311 273.9c-1.1 0.2-2.6 0.4-6 0.4-4 0-7.5-1-7.5-6.6l0-10.2c0-5.6 3.5-6.6 7.5-6.6 3.3 0 4.9 0.2 5.9 0.4 0.4 0.1 0.6 0.2 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-6.3 0c-1.4 0-2 0.5-2 2.1l0 2.8 8 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-8 0 0 3.3c0 1.6 0.5 2.1 2 2.1l6.3 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.4-0.2 0.6-0.6 0.6zM332.4 274l-3 0c-0.6 0-1.1-0.1-1.6-1l-7-12.1c-0.1-0.2-0.2-0.2-0.3-0.2-0.1 0-0.2 0.1-0.2 0.2l0 12.5c0 0.3-0.3 0.6-0.6 0.6l-3.6 0c-0.3 0-0.6-0.3-0.6-0.6l0-21.1c0-0.6 0.5-1.2 1.2-1.2l3.1 0c0.6 0 0.9 0.3 1.3 1l7.3 12.7c0.1 0.2 0.2 0.2 0.2 0.2 0.1 0 0.2-0.1 0.2-0.3l0-13c0-0.3 0.3-0.6 0.6-0.6l3.6 0c0.3 0 0.6 0.2 0.6 0.6l0 21.1c0 0.6-0.6 1.2-1.2 1.2zM345.4 274.3c-2.6 0-5.3-0.2-6.6-0.5-0.6-0.1-0.9-0.4-0.9-1.1l0-20.4c0-0.7 0.3-1 0.9-1.1 1.3-0.2 4-0.5 6.6-0.5 6.1 0 9.8 3.2 9.8 9.7l0 4c0 6.5-3.7 9.7-9.8 9.7zm4.6-13.7c0-4.2-1.8-5.3-4.6-5.3-0.8 0-1.8 0-2.2 0.1l0 14.4c0.4 0 1.4 0.1 2.2 0.1 2.8 0 4.6-1.1 4.6-5.3l0-4zM372.3 273.9c-1.1 0.2-2.6 0.4-6 0.4-4 0-7.5-1-7.5-6.6l0-10.2c0-5.6 3.5-6.6 7.5-6.6 3.3 0 4.9 0.2 5.9 0.4 0.4 0.1 0.6 0.2 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-6.3 0c-1.4 0-2 0.5-2 2.1l0 2.8 8 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-8 0 0 3.3c0 1.6 0.5 2.1 2 2.1l6.3 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.4-0.2 0.6-0.6 0.6zM393.7 274l-3 0c-0.6 0-1.1-0.1-1.6-1l-7-12.1c-0.1-0.2-0.2-0.2-0.3-0.2-0.1 0-0.2 0.1-0.2 0.2l0 12.5c0 0.3-0.3 0.6-0.6 0.6l-3.6 0c-0.3 0-0.6-0.3-0.6-0.6l0-21.1c0-0.6 0.5-1.2 1.2-1.2l3.1 0c0.6 0 0.9 0.3 1.3 1l7.3 12.7c0.1 0.2 0.2 0.2 0.2 0.2 0.1 0 0.2-0.1 0.2-0.3l0-13c0-0.3 0.3-0.6 0.6-0.6l3.6 0c0.3 0 0.6 0.2 0.6 0.6l0 21.1c0 0.6-0.6 1.2-1.2 1.2zM412.4 273.8c-0.6 0.2-2.4 0.5-4.6 0.5-4.7 0-9.1-2.5-9.1-9.8l0-3.9c0-7.3 4.4-9.8 9.1-9.8 2.2 0 3.9 0.3 4.6 0.5 0.4 0.1 0.7 0.2 0.7 0.7l0 3c0 0.4-0.2 0.6-0.6 0.6 0 0-0.1 0-0.1 0-1.2-0.1-2.9-0.2-4.6-0.2-2.1 0-3.8 1.1-3.8 5.2l0 3.9c0 4.1 1.7 5.2 3.8 5.2 1.7 0 3.4-0.2 4.6-0.2 0 0 0.1 0 0.1 0 0.4 0 0.6 0.2 0.6 0.6l0 3c0 0.4-0.2 0.6-0.7 0.7zM433.6 251.8l-4.7 10.7c-0.6 1.4-1.3 2.1-2 2.4l0 8.6c0 0.3-0.3 0.6-0.6 0.6l-4 0c-0.3 0-0.6-0.3-0.6-0.6l0-8.6c-0.7-0.3-1.4-1-2-2.4l-4.7-10.7c0-0.1 0-0.2 0-0.2 0-0.2 0.2-0.5 0.5-0.5l4.4 0c0.3 0 0.5 0.2 0.6 0.5l3.3 8.7c0.2 0.4 0.2 0.5 0.5 0.5 0.2 0 0.3-0.1 0.5-0.5l3.3-8.7c0.1-0.3 0.3-0.5 0.6-0.5l4.4 0c0.3 0 0.5 0.2 0.5 0.5 0 0.1 0 0.2 0 0.2zM442 266.5l-6 0c-0.3 0-0.6-0.2-0.6-0.6l0-2.5c0-0.3 0.3-0.6 0.6-0.6l6 0c0.3 0 0.6 0.2 0.6 0.6l0 2.5c0 0.3-0.3 0.6-0.6 0.6z" style="fill:#231f20;opacity:0.5"/><path d="m459 273.8c-0.6 0.2-2.4 0.5-4.6 0.5-4.7 0-9.1-2.5-9.1-9.8l0-3.9c0-7.3 4.4-9.8 9.1-9.8 2.2 0 3.9 0.3 4.6 0.5 0.4 0.1 0.7 0.2 0.7 0.7l0 3c0 0.4-0.2 0.6-0.6 0.6 0 0-0.1 0-0.1 0-1.2-0.1-2.9-0.2-4.6-0.2-2.1 0-3.8 1.1-3.8 5.2l0 3.9c0 4.1 1.7 5.2 3.8 5.2 1.7 0 3.4-0.2 4.6-0.2 0 0 0.1 0 0.1 0 0.4 0 0.6 0.2 0.6 0.6l0 3c0 0.4-0.2 0.6-0.7 0.7zM480.6 274l-4 0M480.6 274l-4 0c-0.3 0-0.6-0.3-0.6-0.6l0-8.9-7.6 0 0 8.9c0 0.3-0.3 0.6-0.6 0.6l-4 0c-0.3 0-0.6-0.3-0.6-0.6l0-21.7c0-0.3 0.3-0.6 0.6-0.6l4 0c0.3 0 0.6 0.2 0.6 0.6l0 8.2 7.6 0 0-8.2c0-0.3 0.3-0.6 0.6-0.6l4 0c0.3 0 0.6 0.2 0.6 0.6l0 21.7c0 0.3-0.3 0.6-0.6 0.6zM498.9 273.9c-1.1 0.2-2.6 0.4-6 0.4-4 0-7.5-1-7.5-6.6l0-10.2c0-5.6 3.5-6.6 7.5-6.6 3.3 0 4.9 0.2 5.9 0.4 0.4 0.1 0.6 0.2 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-6.3 0c-1.4 0-2 0.5-2 2.1l0 2.8 8 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.3-0.3 0.6-0.6 0.6l-8 0 0 3.3c0 1.6 0.5 2.1 2 2.1l6.3 0c0.3 0 0.6 0.3 0.6 0.6l0 2.9c0 0.4-0.2 0.6-0.6 0.6zM516.6 273.8c-0.6 0.2-2.4 0.5-4.6 0.5-4.7 0-9.1-2.5-9.1-9.8l0-3.9c0-7.3 4.4-9.8 9.1-9.8 2.2 0 3.9 0.3 4.6 0.5 0.4 0.1 0.7 0.2 0.7 0.7l0 3c0 0.4-0.2 0.6-0.6 0.6 0 0-0.1 0-0.1 0-1.2-0.1-2.9-0.2-4.6-0.2-2.1 0-3.8 1.1-3.8 5.2l0 3.9c0 4.1 1.7 5.2 3.8 5.2 1.7 0 3.4-0.2 4.6-0.2 0 0 0.1 0 0.1 0 0.4 0 0.6 0.2 0.6 0.6l0 3c0 0.4-0.2 0.6-0.7 0.7zM538.5 251.9l-7.3 10.4 7.4 11.1c0.1 0.1 0.1 0.2 0.1 0.3 0 0.2-0.2 0.3-0.4 0.3l-5.3 0c-0.4 0-0.5-0.2-0.7-0.4l-6.3-10.2 0 10c0 0.3-0.3 0.6-0.6 0.6l-4 0c-0.3 0-0.6-0.3-0.6-0.6l0-21.7c0-0.3 0.3-0.6 0.6-0.6l4 0c0.3 0 0.6 0.2 0.6 0.6l0 9.8 6.8-10c0.2-0.2 0.3-0.4 0.7-0.4l4.7 0c0.3 0 0.5 0.2 0.5 0.3 0 0.1-0.1 0.3-0.2 0.4z" fill="#f78d0a"/><path d="m151.6 187.1 0-14.6c-36.7 5.4-65.9 33.9-72.2 70.4l14.7 0C100 214.5 122.8 192.2 151.6 187.1Z" style="fill:#231f20;opacity:0.5"/><path d="m151.6 200.4 0-13.3c-28.7 5.1-51.6 27.3-57.5 55.8l13.3 0c5.5-21.2 22.6-37.8 44.2-42.5z" style="fill:#231f20;opacity:0.3"/><path d="m193 237-10.9 10.9c0.3 0.6 0.7 1.2 1 1.9 1 2.5 1.5 5.3 1.5 8.2l0 0.2c0 3-0.5 5.8-1.5 8.2-1 2.5-2.4 4.6-4.2 6.4-1.8 1.8-3.9 3.2-6.4 4.2-2.5 1-5.3 1.5-8.3 1.5l-11.5 0 0-1-14.4 14.4 25.9 0c5.3 0 10.1-0.9 14.6-2.6 4.4-1.7 8.2-4.1 11.4-7.2 3.2-3 5.7-6.6 7.4-10.7 1.7-4.1 2.6-8.6 2.6-13.3l0-0.2c0-4.8-0.9-9.2-2.6-13.3-1.2-2.7-2.7-5.2-4.5-7.5z" fill="#f78d0a"/><path d="m152.7 237.6 11.5 0c3 0 5.8 0.5 8.3 1.5 2.5 1 4.7 2.4 6.4 4.2 1.3 1.3 2.3 2.9 3.2 4.6l10.9-10.9c-0.9-1.1-1.8-2.2-2.9-3.2-3.2-3-7-5.4-11.4-7.1-4.4-1.7-9.3-2.6-14.6-2.6l-26.4 0 0 67.7 0.5 0 14.4-14.4 0-39.8z" style="fill:#f78d0a;opacity:0.7"/><path d="m179.5 187.7 0 13.4c11.9 3.2 22.3 10.1 29.9 19.4l9.2-9.3c-10-11.7-23.6-20.1-39.2-23.5z" style="fill:#231f20;opacity:0.3"/><path d="m179.5 173 0 14.7c15.5 3.4 29.2 11.8 39.2 23.5l10.2-10.2c-12.6-14.3-29.8-24.5-49.4-28zM93.7 270.9l-14.6 0M93.7 270.9l-14.6 0c3.1 20.5 13.6 38.6 28.5 51.7l10.2-10.2C105.5 301.9 96.8 287.4 93.7 270.9Z" fill="#f78d0a"/><path d="m107 270.9-13.3 0c3.1 16.5 11.8 31 24.1 41.5l9.2-9.3c-9.9-8.1-17.1-19.3-20-32.2z" style="fill:#231f20;opacity:0.3"/></g></svg>
<p class="disclaimer">Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.</p>
<h3><a href="http://jeremylong.github.io/DependencyCheck/general/thereport.html" target="_blank">How&nbsp;to&nbsp;read&nbsp;the&nbsp;report</a> | 
<a href="http://jeremylong.github.io/DependencyCheck/general/suppression.html" target="_blank">Suppressing false positives</a> |
Getting Help: <a href="https://github.com/jeremylong/DependencyCheck/issues" target="_blank">github issues</a></h3>
<h2 class="">Project:&nbsp;spring-petclinic</h2><div class="">Scan Information (<a href="#" title="Click to toggle display" onclick="return toggleDisplay(this, '.scaninfo', 'show all', 'show less');  return false;">show all</a>):<br/><ul class="indent"><li><i>dependency-check version</i>: 5.3.1</li><li><i>Report Generated On</i>: Wed, 25 Mar 2020 16:45:19 GMT</li><li><i>Dependencies Scanned</i>:&nbsp;249 (85 unique)</li><li><i>Vulnerable Dependencies</i>:&nbsp;<span id="vulnerableCount">10</span></li><li><i>Vulnerabilities Found</i>:&nbsp;48</li><li><i>Vulnerabilities Suppressed</i>:&nbsp;0</li><li class="scaninfo">...</li><li class="scaninfo hidden"><i>NVD CVE Checked</i>: 2020-03-25T16:43:36</li><li class="scaninfo hidden"><i>NVD CVE Modified</i>: 2020-03-25T16:02:30</li><li class="scaninfo hidden"><i>VersionCheckOn</i>: 2020-03-25T16:43:36</li></ul><br/><h2>Summary</h2>Display:&nbsp;<a href="#" title="Click to toggle display" onclick="return toggleDisplay(this, '.notvulnerable', 'Showing Vulnerable Dependencies (click to show all)', 'Showing All Dependencies (click to show less)'); return false;">Showing Vulnerable Dependencies (click to show all)</a><br/><br/><table id="summaryTable" class="lined"><thead><tr style="text-align:left"><th class="sortable" data-sort="string" title="The name of the dependency">Dependency</th><th class="sortable" data-sort="string" title="The Common Platform Enumeration">Vulnerability&nbsp;IDs</th><th class="sortable" data-sort="string" title="The Build Coordinates">Package</th><th class="sortable" data-sort="int"    title="The highest CVE Severity">Highest&nbsp;Severity</th><th class="sortable" data-sort="int"    title="The number of Common Vulnerability and Exposure (CVE) entries">CVE&nbsp;Count</th><th class="sortable" data-sort="string" title="The confidence rating dependency-check has for the identified CPE">Confidence</th><th class="sortable" data-sort="int"    title="The count of evidence collected to identify the CPE">Evidence&nbsp;Count</th></tr></thead><tr class="notvulnerable"><td data-sort-value="CACHE-API-1.1.0.JAR"><a href="#l1_77bdcff7814076dfa61611b0db88487c515150b6">cache-api-1.1.0.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/javax.cache/cache-api@1.1.0"><a href="https://ossindex.sonatype.org/component/pkg:maven/javax.cache/cache-api@1.1.0" target="_blank">pkg:maven/javax.cache/cache-api@1.1.0</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>22</td></tr><tr class="notvulnerable"><td data-sort-value="PETCLINIC.WAR"><a href="#l2_d87770282b4d3252da8994f4c45943d9b15ef6cb">petclinic.war</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>25</td></tr><tr class="notvulnerable"><td data-sort-value="MAVEN-WRAPPER.JAR"><a href="#l3_0e472561e3847ad172f57bbee8061002c01f8e86">maven-wrapper.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>14</td></tr><tr class=" vulnerable"><td data-sort-value="BOOTSTRAP-3.3.6.JAR"><a href="#l4_1360e2bcd3016ce44a273d2a3b6569963bb0bd68">bootstrap-3.3.6.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:javascript/bootstrap@3.3.6pkg:maven/org.webjars/bootstrap@3.3.6"><a href="https://ossindex.sonatype.org/component/pkg:javascript/bootstrap@3.3.6" target="_blank">pkg:javascript/bootstrap@3.3.6</a><br/><a href="https://ossindex.sonatype.org/component/pkg:maven/org.webjars/bootstrap@3.3.6" target="_blank">pkg:maven/org.webjars/bootstrap@3.3.6</a></td><td data-sort-value="61.0">MEDIUM</td><td>8</td><td data-sort-value="0"></td><td>12</td></tr><tr class="notvulnerable"><td data-sort-value="THYMELEAF-3.0.11.RELEASE.JAR"><a href="#l5_628ebb91f520053d4120b7b18bf78ff295d57461">thymeleaf-3.0.11.RELEASE.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.thymeleaf/thymeleaf@3.0.11.RELEASE"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.thymeleaf/thymeleaf@3.0.11.RELEASE" target="_blank">pkg:maven/org.thymeleaf/thymeleaf@3.0.11.RELEASE</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>31</td></tr><tr class="notvulnerable"><td data-sort-value="SPRING-DATA-JPA-2.1.3.RELEASE.JAR"><a href="#l6_3fc99dcc9289f2ff0667f71c8f224875e8e48544">spring-data-jpa-2.1.3.RELEASE.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.springframework.data/spring-data-jpa@2.1.3.RELEASE"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.data/spring-data-jpa@2.1.3.RELEASE" target="_blank">pkg:maven/org.springframework.data/spring-data-jpa@2.1.3.RELEASE</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>25</td></tr><tr class="notvulnerable"><td data-sort-value="VALIDATION-API-2.0.1.FINAL.JAR"><a href="#l7_cb855558e6271b1b32e716d24cb85c7f583ce09e">validation-api-2.0.1.Final.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/javax.validation/validation-api@2.0.1.Final"><a href="https://ossindex.sonatype.org/component/pkg:maven/javax.validation/validation-api@2.0.1.Final" target="_blank">pkg:maven/javax.validation/validation-api@2.0.1.Final</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>23</td></tr><tr class="notvulnerable"><td data-sort-value="EHCACHE-3.6.2.JAR"><a href="#l8_26fb04f8b9827d5fffd2a2285dd6cdd4bcdacc93">ehcache-3.6.2.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.ehcache/ehcache@3.6.2"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.ehcache/ehcache@3.6.2" target="_blank">pkg:maven/org.ehcache/ehcache@3.6.2</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>36</td></tr><tr class="notvulnerable"><td data-sort-value="SORT.JS"><a href="#l9_448f8f6ae4a6f36b4c0b148b4312c60c0c7233ae">sort.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="COMMONS-LANG3-3.8.1.JAR"><a href="#l10_6505a72a097d9270f7a9e7bf42c4238283247755">commons-lang3-3.8.1.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.apache.commons/commons-lang3@3.8.1"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-lang3@3.8.1" target="_blank">pkg:maven/org.apache.commons/commons-lang3@3.8.1</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>41</td></tr><tr class=" vulnerable"><td data-sort-value="SPRING-CORE-5.1.3.RELEASE.JAR"><a href="#l11_b1e5325d35bfb27e42d57e9295510cad54ed8fdf">spring-core-5.1.3.RELEASE.jar</a></td><td data-sort-value="cpe:2.3:a:pivotal_software:spring_framework:5.1.3:release:*:*:*:*:*:*cpe:2.3:a:springsource:spring_framework:5.1.3:release:*:*:*:*:*:*cpe:2.3:a:vmware:springsource_spring_framework:5.1.3:release:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Apivotal_software&amp;cpe_product=cpe%3A%2F%3Apivotal_software%3Aspring_framework&amp;cpe_version=cpe%3A%2F%3Apivotal_software%3Aspring_framework%3A5.1.3" target="_blank">cpe:2.3:a:pivotal_software:spring_framework:5.1.3:release:*:*:*:*:*:*</a><br/><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aspringsource&amp;cpe_product=cpe%3A%2F%3Aspringsource%3Aspring_framework&amp;cpe_version=cpe%3A%2F%3Aspringsource%3Aspring_framework%3A5.1.3" target="_blank">cpe:2.3:a:springsource:spring_framework:5.1.3:release:*:*:*:*:*:*</a><br/>cpe:2.3:a:vmware:springsource_spring_framework:5.1.3:release:*:*:*:*:*:*</td><td data-sort-value="pkg:maven/org.springframework/spring-core@5.1.3.RELEASE"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-core@5.1.3.RELEASE" target="_blank">pkg:maven/org.springframework/spring-core@5.1.3.RELEASE</a></td><td data-sort-value="75.0">HIGH</td><td>1</td><td data-sort-value="0">Highest</td><td>31</td></tr><tr class="notvulnerable"><td data-sort-value="JAVAX.PERSISTENCE-API-2.2.JAR"><a href="#l12_25665ac8c0b62f50e6488173233239120fc52c96">javax.persistence-api-2.2.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/javax.persistence/javax.persistence-api@2.2"><a href="https://ossindex.sonatype.org/component/pkg:maven/javax.persistence/javax.persistence-api@2.2" target="_blank">pkg:maven/javax.persistence/javax.persistence-api@2.2</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>33</td></tr><tr class="notvulnerable"><td data-sort-value="JAVASSIST-3.23.1-GA.JAR"><a href="#l13_c072c13dcb7f705471c40bafb1536171df850ab2">javassist-3.23.1-GA.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.javassist/javassist@3.23.1-GA"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.javassist/javassist@3.23.1-GA" target="_blank">pkg:maven/org.javassist/javassist@3.23.1-GA</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>25</td></tr><tr class="notvulnerable"><td data-sort-value="HIBERNATE-CORE-5.3.7.FINAL.JAR"><a href="#l14_f87c5c1bbfc638309824140e68dfaaeb1bb479f3">hibernate-core-5.3.7.Final.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.hibernate/hibernate-core@5.3.7.Final"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.hibernate/hibernate-core@5.3.7.Final" target="_blank">pkg:maven/org.hibernate/hibernate-core@5.3.7.Final</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>41</td></tr><tr class="notvulnerable"><td data-sort-value="JUL-TO-SLF4J-1.7.25.JAR"><a href="#l15_0af5364cd6679bfffb114f0dec8a157aaa283b76">jul-to-slf4j-1.7.25.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.slf4j/jul-to-slf4j@1.7.25"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/jul-to-slf4j@1.7.25" target="_blank">pkg:maven/org.slf4j/jul-to-slf4j@1.7.25</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>27</td></tr><tr class="notvulnerable"><td data-sort-value="ATTOPARSER-2.0.5.RELEASE.JAR"><a href="#l16_a93ad36df9560de3a5312c1d14f69d938099fa64">attoparser-2.0.5.RELEASE.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.attoparser/attoparser@2.0.5.RELEASE"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.attoparser/attoparser@2.0.5.RELEASE" target="_blank">pkg:maven/org.attoparser/attoparser@2.0.5.RELEASE</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>39</td></tr><tr class="notvulnerable"><td data-sort-value="BYTE-BUDDY-1.9.5.JAR"><a href="#l17_38ceb06ae54ba0524d14a85fe84ed03aecef5078">byte-buddy-1.9.5.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/net.bytebuddy/byte-buddy@1.9.5"><a href="https://ossindex.sonatype.org/component/pkg:maven/net.bytebuddy/byte-buddy@1.9.5" target="_blank">pkg:maven/net.bytebuddy/byte-buddy@1.9.5</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>26</td></tr><tr class="notvulnerable"><td data-sort-value="ANTLR-2.7.7.JAR"><a href="#l18_83cd2cd674a217ade95a4bb83a8a14f351f48bd0">antlr-2.7.7.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/antlr/antlr@2.7.7"><a href="https://ossindex.sonatype.org/component/pkg:maven/antlr/antlr@2.7.7" target="_blank">pkg:maven/antlr/antlr@2.7.7</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>16</td></tr><tr class="notvulnerable"><td data-sort-value="HIKARICP-3.2.0.JAR"><a href="#l19_6c66db1c636ee90beb4c65fe34abd8ba9396bca6">HikariCP-3.2.0.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/com.zaxxer/HikariCP@3.2.0"><a href="https://ossindex.sonatype.org/component/pkg:maven/com.zaxxer/HikariCP@3.2.0" target="_blank">pkg:maven/com.zaxxer/HikariCP@3.2.0</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>32</td></tr><tr class="notvulnerable"><td data-sort-value="LOG4J-API-2.11.1.JAR"><a href="#l20_268f0fe4df3eefe052b57c87ec48517d64fb2a10">log4j-api-2.11.1.jar</a></td><td data-sort-value="cpe:2.3:a:apache:log4j:2.11.1:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aapache&amp;cpe_product=cpe%3A%2F%3Aapache%3Alog4j&amp;cpe_version=cpe%3A%2F%3Aapache%3Alog4j%3A2.11.1" target="_blank">cpe:2.3:a:apache:log4j:2.11.1:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/org.apache.logging.log4j/log4j-api@2.11.1"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.apache.logging.log4j/log4j-api@2.11.1" target="_blank">pkg:maven/org.apache.logging.log4j/log4j-api@2.11.1</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0">Highest</td><td>45</td></tr><tr class=" vulnerable"><td data-sort-value="COMMONS-COMPRESS-1.9.JAR"><a href="#l21_cc18955ff1e36d5abd39a14bfe82b19154330a34">commons-compress-1.9.jar</a></td><td data-sort-value="cpe:2.3:a:apache:commons-compress:1.9:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_compress:1.9:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aapache&amp;cpe_product=cpe%3A%2F%3Aapache%3Acommons-compress&amp;cpe_version=cpe%3A%2F%3Aapache%3Acommons-compress%3A1.9" target="_blank">cpe:2.3:a:apache:commons-compress:1.9:*:*:*:*:*:*:*</a><br/><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aapache&amp;cpe_product=cpe%3A%2F%3Aapache%3Acommons_compress&amp;cpe_version=cpe%3A%2F%3Aapache%3Acommons_compress%3A1.9" target="_blank">cpe:2.3:a:apache:commons_compress:1.9:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/org.apache.commons/commons-compress@1.9"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-compress@1.9" target="_blank">pkg:maven/org.apache.commons/commons-compress@1.9</a></td><td data-sort-value="55.0">MEDIUM</td><td>1</td><td data-sort-value="0">Highest</td><td>38</td></tr><tr class="notvulnerable"><td data-sort-value="DOM4J-2.1.1.JAR"><a href="#l22_3dce5dbb3571aa820c677fadd8349bfa8f00c199">dom4j-2.1.1.jar</a></td><td data-sort-value="cpe:2.3:a:dom4j_project:dom4j:2.1.1:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Adom4j_project&amp;cpe_product=cpe%3A%2F%3Adom4j_project%3Adom4j&amp;cpe_version=cpe%3A%2F%3Adom4j_project%3Adom4j%3A2.1.1" target="_blank">cpe:2.3:a:dom4j_project:dom4j:2.1.1:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/org.dom4j/dom4j@2.1.1"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.dom4j/dom4j@2.1.1" target="_blank">pkg:maven/org.dom4j/dom4j@2.1.1</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0">Highest</td><td>16</td></tr><tr class=" vulnerable"><td data-sort-value="JQUERY-2.2.4.JAR"><a href="#l23_c3dc40b1b5f24c56afa36fd9a463bb9f378ac4ab">jquery-2.2.4.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:javascript/jquery@2.2.4pkg:maven/org.webjars/jquery@2.2.4"><a href="https://ossindex.sonatype.org/component/pkg:javascript/jquery@2.2.4" target="_blank">pkg:javascript/jquery@2.2.4</a><br/><a href="https://ossindex.sonatype.org/component/pkg:maven/org.webjars/jquery@2.2.4" target="_blank">pkg:maven/org.webjars/jquery@2.2.4</a></td><td data-sort-value="61.0">MEDIUM</td><td>2</td><td data-sort-value="0"></td><td>12</td></tr><tr class="notvulnerable"><td data-sort-value="THYMELEAF-EXTRAS-JAVA8TIME-3.0.2.RELEASE.JAR"><a href="#l24_8b9f94b4d7b11217f08ec21204b5ce52ea366166">thymeleaf-extras-java8time-3.0.2.RELEASE.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.thymeleaf.extras/thymeleaf-extras-java8time@3.0.2.RELEASE"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.thymeleaf.extras/thymeleaf-extras-java8time@3.0.2.RELEASE" target="_blank">pkg:maven/org.thymeleaf.extras/thymeleaf-extras-java8time@3.0.2.RELEASE</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>40</td></tr><tr class="notvulnerable"><td data-sort-value="JAVAX.TRANSACTION-API-1.3.JAR"><a href="#l25_e006adf5cf3cca2181d16bd640ecb80148ec0fce">javax.transaction-api-1.3.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/javax.transaction/javax.transaction-api@1.3"><a href="https://ossindex.sonatype.org/component/pkg:maven/javax.transaction/javax.transaction-api@1.3" target="_blank">pkg:maven/javax.transaction/javax.transaction-api@1.3</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>39</td></tr><tr class="notvulnerable"><td data-sort-value="SPRING-BOOT-2.1.1.RELEASE.JAR"><a href="#l26_35a3dd576bc3ad5832d0a7d7242b3b140095727b">spring-boot-2.1.1.RELEASE.jar</a></td><td data-sort-value="cpe:2.3:a:pivotal_software:spring_boot:2.1.1:release:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Apivotal_software&amp;cpe_product=cpe%3A%2F%3Apivotal_software%3Aspring_boot&amp;cpe_version=cpe%3A%2F%3Apivotal_software%3Aspring_boot%3A2.1.1" target="_blank">cpe:2.3:a:pivotal_software:spring_boot:2.1.1:release:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/org.springframework.boot/spring-boot@2.1.1.RELEASE"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot@2.1.1.RELEASE</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="1">High</td><td>30</td></tr><tr class="notvulnerable"><td data-sort-value="SPRING-DATA-COMMONS-2.1.3.RELEASE.JAR"><a href="#l27_b95cf0c3dae022898b5f1c652e087c68e89dab6c">spring-data-commons-2.1.3.RELEASE.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.springframework.data/spring-data-commons@2.1.3.RELEASE"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.data/spring-data-commons@2.1.3.RELEASE" target="_blank">pkg:maven/org.springframework.data/spring-data-commons@2.1.3.RELEASE</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>23</td></tr><tr class="notvulnerable"><td data-sort-value="PRETTIFY.JS"><a href="#l28_7b53b64816f5eda1b77f8a2830bdb828f8318a90">prettify.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="JAVAX.ACTIVATION-API-1.2.0.JAR"><a href="#l29_85262acf3ca9816f9537ca47d5adeabaead7cb16">javax.activation-api-1.2.0.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/javax.activation/javax.activation-api@1.2.0"><a href="https://ossindex.sonatype.org/component/pkg:maven/javax.activation/javax.activation-api@1.2.0" target="_blank">pkg:maven/javax.activation/javax.activation-api@1.2.0</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>38</td></tr><tr class="notvulnerable"><td data-sort-value="HIBERNATE-COMMONS-ANNOTATIONS-5.0.4.FINAL.JAR"><a href="#l30_965a18fdf939ee75e41f7918532d37b3a8350535">hibernate-commons-annotations-5.0.4.Final.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.4.Final"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.4.Final" target="_blank">pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.4.Final</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>44</td></tr><tr class=" vulnerable"><td data-sort-value="JQUERY-UI-1.11.4.JAR"><a href="#l31_6cfa91035974bf658079f1e92e9c6f9878af0eb3">jquery-ui-1.11.4.jar</a></td><td data-sort-value="cpe:2.3:a:jquery:jquery_ui:1.11.4:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Ajquery&amp;cpe_product=cpe%3A%2F%3Ajquery%3Ajquery_ui&amp;cpe_version=cpe%3A%2F%3Ajquery%3Ajquery_ui%3A1.11.4" target="_blank">cpe:2.3:a:jquery:jquery_ui:1.11.4:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/org.webjars/jquery-ui@1.11.4"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.webjars/jquery-ui@1.11.4" target="_blank">pkg:maven/org.webjars/jquery-ui@1.11.4</a></td><td data-sort-value="61.0">MEDIUM</td><td>1</td><td data-sort-value="1">High</td><td>12</td></tr><tr class="notvulnerable"><td data-sort-value="HIBERNATE-VALIDATOR-6.0.13.FINAL.JAR"><a href="#l32_af4232bf90ecd33c71147d67185dbb1cfe8f33df">hibernate-validator-6.0.13.Final.jar</a></td><td data-sort-value="cpe:2.3:a:hibernate:hibernate-validator:6.0.13:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Ahibernate&amp;cpe_product=cpe%3A%2F%3Ahibernate%3Ahibernate-validator&amp;cpe_version=cpe%3A%2F%3Ahibernate%3Ahibernate-validator%3A6.0.13" target="_blank">cpe:2.3:a:hibernate:hibernate-validator:6.0.13:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/org.hibernate.validator/hibernate-validator@6.0.13.Final"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.hibernate.validator/hibernate-validator@6.0.13.Final" target="_blank">pkg:maven/org.hibernate.validator/hibernate-validator@6.0.13.Final</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0">Highest</td><td>34</td></tr><tr class="notvulnerable"><td data-sort-value="SLF4J-API-1.7.25.JAR"><a href="#l33_da76ca59f6a57ee3102f8f9bd9cee742973efa8a">slf4j-api-1.7.25.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.slf4j/slf4j-api@1.7.25"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/slf4j-api@1.7.25" target="_blank">pkg:maven/org.slf4j/slf4j-api@1.7.25</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>26</td></tr><tr class="notvulnerable"><td data-sort-value="THYMELEAF-SPRING5-3.0.11.RELEASE.JAR"><a href="#l34_de7bf0adf13b5e9c4811f95edf18279da193c0c6">thymeleaf-spring5-3.0.11.RELEASE.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.thymeleaf/thymeleaf-spring5@3.0.11.RELEASE"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.thymeleaf/thymeleaf-spring5@3.0.11.RELEASE" target="_blank">pkg:maven/org.thymeleaf/thymeleaf-spring5@3.0.11.RELEASE</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>35</td></tr><tr class="notvulnerable"><td data-sort-value="LOGBACK-CORE-1.2.3.JAR"><a href="#l35_864344400c3d4d92dfeb0a305dc87d953677c03c">logback-core-1.2.3.jar</a></td><td data-sort-value="cpe:2.3:a:logback:logback:1.2.3:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Alogback&amp;cpe_product=cpe%3A%2F%3Alogback%3Alogback&amp;cpe_version=cpe%3A%2F%3Alogback%3Alogback%3A1.2.3" target="_blank">cpe:2.3:a:logback:logback:1.2.3:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/ch.qos.logback/logback-core@1.2.3"><a href="https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback/logback-core@1.2.3" target="_blank">pkg:maven/ch.qos.logback/logback-core@1.2.3</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0">Highest</td><td>32</td></tr><tr class="notvulnerable"><td data-sort-value="WEBJARS-LOCATOR-CORE-0.35.JAR"><a href="#l36_87e90bbd44accfb331783ac30dac2d166c41ba6d">webjars-locator-core-0.35.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.webjars/webjars-locator-core@0.35"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.webjars/webjars-locator-core@0.35" target="_blank">pkg:maven/org.webjars/webjars-locator-core@0.35</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>15</td></tr><tr class="notvulnerable"><td data-sort-value="JACKSON-CORE-2.9.7.JAR"><a href="#l37_4b7f0e0dc527fab032e9800ed231080fdc3ac015">jackson-core-2.9.7.jar</a></td><td data-sort-value="cpe:2.3:a:fasterxml:jackson:2.9.7:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Afasterxml&amp;cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson&amp;cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson%3A2.9.7" target="_blank">cpe:2.3:a:fasterxml:jackson:2.9.7:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.7"><a href="https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.7" target="_blank">pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.7</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0">Highest</td><td>46</td></tr><tr class="notvulnerable"><td data-sort-value="UNBESCAPE-1.1.6.RELEASE.JAR"><a href="#l38_7b90360afb2b860e09e8347112800d12c12b2a13">unbescape-1.1.6.RELEASE.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.unbescape/unbescape@1.1.6.RELEASE"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.unbescape/unbescape@1.1.6.RELEASE" target="_blank">pkg:maven/org.unbescape/unbescape@1.1.6.RELEASE</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>40</td></tr><tr class="notvulnerable"><td data-sort-value="HDRHISTOGRAM-2.1.9.JAR"><a href="#l39_e4631ce165eb400edecfa32e03d3f1be53dee754">HdrHistogram-2.1.9.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.hdrhistogram/HdrHistogram@2.1.9"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.hdrhistogram/HdrHistogram@2.1.9" target="_blank">pkg:maven/org.hdrhistogram/HdrHistogram@2.1.9</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>25</td></tr><tr class="notvulnerable"><td data-sort-value="JAXB-API-2.3.1.JAR"><a href="#l40_8531ad5ac454cc2deb9d4d32c40c4d7451939b5d">jaxb-api-2.3.1.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/javax.xml.bind/jaxb-api@2.3.1"><a href="https://ossindex.sonatype.org/component/pkg:maven/javax.xml.bind/jaxb-api@2.3.1" target="_blank">pkg:maven/javax.xml.bind/jaxb-api@2.3.1</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>36</td></tr><tr class="notvulnerable"><td data-sort-value="ASPECTJWEAVER-1.9.2.JAR"><a href="#l41_d2502817521477faf0712c49a6ee2a5388787fc7">aspectjweaver-1.9.2.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.aspectj/aspectjweaver@1.9.2"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.aspectj/aspectjweaver@1.9.2" target="_blank">pkg:maven/org.aspectj/aspectjweaver@1.9.2</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>35</td></tr><tr class="notvulnerable"><td data-sort-value="JANDEX-2.0.5.FINAL.JAR"><a href="#l42_7060f67764565b9ee9d467e3ed0cb8a9c601b23a">jandex-2.0.5.Final.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.jboss/jandex@2.0.5.Final"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.jboss/jandex@2.0.5.Final" target="_blank">pkg:maven/org.jboss/jandex@2.0.5.Final</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>42</td></tr><tr class="notvulnerable"><td data-sort-value="MICROMETER-CORE-1.1.1.JAR"><a href="#l43_5f8063266f548b710ce06a090586a625f3d682b9">micrometer-core-1.1.1.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/io.micrometer/micrometer-core@1.1.1"><a href="https://ossindex.sonatype.org/component/pkg:maven/io.micrometer/micrometer-core@1.1.1" target="_blank">pkg:maven/io.micrometer/micrometer-core@1.1.1</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>50</td></tr><tr class="notvulnerable"><td data-sort-value="CLASSMATE-1.4.0.JAR"><a href="#l44_291658ac2ce2476256c7115943652c0accb5c857">classmate-1.4.0.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/com.fasterxml/classmate@1.4.0"><a href="https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml/classmate@1.4.0" target="_blank">pkg:maven/com.fasterxml/classmate@1.4.0</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>46</td></tr><tr class=" vulnerable"><td data-sort-value="MYSQL-CONNECTOR-JAVA-8.0.13.JAR"><a href="#l45_28015319e44ff50a8fee655e725fefc4990abeb1">mysql-connector-java-8.0.13.jar</a></td><td data-sort-value="cpe:2.3:a:mysql:mysql:8.0.13:*:*:*:*:*:*:*cpe:2.3:a:oracle:connector\/j:8.0.13:*:*:*:*:*:*:*cpe:2.3:a:oracle:mysql_connector\/j:8.0.13:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Amysql&amp;cpe_product=cpe%3A%2F%3Amysql%3Amysql&amp;cpe_version=cpe%3A%2F%3Amysql%3Amysql%3A8.0.13" target="_blank">cpe:2.3:a:mysql:mysql:8.0.13:*:*:*:*:*:*:*</a><br/><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aoracle&amp;cpe_product=cpe%3A%2F%3Aoracle%3Aconnector%2Fj&amp;cpe_version=cpe%3A%2F%3Aoracle%3Aconnector%2Fj%3A8.0.13" target="_blank">cpe:2.3:a:oracle:connector\/j:8.0.13:*:*:*:*:*:*:*</a><br/><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aoracle&amp;cpe_product=cpe%3A%2F%3Aoracle%3Amysql_connector%2Fj&amp;cpe_version=cpe%3A%2F%3Aoracle%3Amysql_connector%2Fj%3A8.0.13" target="_blank">cpe:2.3:a:oracle:mysql_connector\/j:8.0.13:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/mysql/mysql-connector-java@8.0.13"><a href="https://ossindex.sonatype.org/component/pkg:maven/mysql/mysql-connector-java@8.0.13" target="_blank">pkg:maven/mysql/mysql-connector-java@8.0.13</a></td><td data-sort-value="63.0">MEDIUM</td><td>1</td><td data-sort-value="0">Highest</td><td>45</td></tr><tr class=" vulnerable"><td data-sort-value="JACKSON-DATABIND-2.9.7.JAR"><a href="#l46_e6faad47abd3179666e89068485a1b88a195ceb7">jackson-databind-2.9.7.jar</a></td><td data-sort-value="cpe:2.3:a:fasterxml:jackson:2.9.7:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:2.9.7:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Afasterxml&amp;cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson&amp;cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson%3A2.9.7" target="_blank">cpe:2.3:a:fasterxml:jackson:2.9.7:*:*:*:*:*:*:*</a><br/><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Afasterxml&amp;cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&amp;cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.9.7" target="_blank">cpe:2.3:a:fasterxml:jackson-databind:2.9.7:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7"><a href="https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7" target="_blank">pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7</a></td><td data-sort-value="98.0">CRITICAL</td><td>24</td><td data-sort-value="0">Highest</td><td>40</td></tr><tr class="notvulnerable"><td data-sort-value="SNAKEYAML-1.23.JAR"><a href="#l47_ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68">snakeyaml-1.23.jar</a></td><td data-sort-value="cpe:2.3:a:snakeyaml_project:snakeyaml:1.23:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Asnakeyaml_project&amp;cpe_product=cpe%3A%2F%3Asnakeyaml_project%3Asnakeyaml&amp;cpe_version=cpe%3A%2F%3Asnakeyaml_project%3Asnakeyaml%3A1.23" target="_blank">cpe:2.3:a:snakeyaml_project:snakeyaml:1.23:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/org.yaml/snakeyaml@1.23"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.yaml/snakeyaml@1.23" target="_blank">pkg:maven/org.yaml/snakeyaml@1.23</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0">Highest</td><td>25</td></tr><tr class="notvulnerable"><td data-sort-value="JBOSS-LOGGING-3.3.2.FINAL.JAR"><a href="#l48_3789d00e859632e6c6206adc0c71625559e6e3b0">jboss-logging-3.3.2.Final.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.jboss.logging/jboss-logging@3.3.2.Final"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.jboss.logging/jboss-logging@3.3.2.Final" target="_blank">pkg:maven/org.jboss.logging/jboss-logging@3.3.2.Final</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>44</td></tr><tr class="notvulnerable"><td data-sort-value="HSQLDB-2.4.1.JAR"><a href="#l49_9daff99b4fbd6809fd46ab4327650ad00a1be6d4">hsqldb-2.4.1.jar</a></td><td data-sort-value="cpe:2.3:a:hyper:hyper:2.4.1:*:*:*:*:*:*:*cpe:2.3:a:hyper_project:hyper:2.4.1:*:*:*:*:*:*:*">cpe:2.3:a:hyper:hyper:2.4.1:*:*:*:*:*:*:*<br/>cpe:2.3:a:hyper_project:hyper:2.4.1:*:*:*:*:*:*:*</td><td data-sort-value="pkg:maven/org.hsqldb/hsqldb@2.4.1"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.hsqldb/hsqldb@2.4.1" target="_blank">pkg:maven/org.hsqldb/hsqldb@2.4.1</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="3">Low</td><td>36</td></tr><tr class="notvulnerable"><td data-sort-value="JAVAX.ANNOTATION-API-1.3.2.JAR"><a href="#l50_934c04d3cfef185a8008e7bf34331b79730a9d43">javax.annotation-api-1.3.2.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/javax.annotation/javax.annotation-api@1.3.2"><a href="https://ossindex.sonatype.org/component/pkg:maven/javax.annotation/javax.annotation-api@1.3.2" target="_blank">pkg:maven/javax.annotation/javax.annotation-api@1.3.2</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>39</td></tr><tr class="notvulnerable"><td data-sort-value="JACKSON-ANNOTATIONS-2.9.0.JAR"><a href="#l51_07c10d545325e3a6e72e06381afe469fd40eb701">jackson-annotations-2.9.0.jar</a></td><td data-sort-value="cpe:2.3:a:fasterxml:jackson:2.9.0:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Afasterxml&amp;cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson&amp;cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson%3A2.9.0" target="_blank">cpe:2.3:a:fasterxml:jackson:2.9.0:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.0"><a href="https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.0" target="_blank">pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.0</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0">Highest</td><td>36</td></tr><tr class="notvulnerable"><td data-sort-value="LATENCYUTILS-2.0.3.JAR"><a href="#l52_769c0b82cb2421c8256300e907298a9410a2a3d3">LatencyUtils-2.0.3.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.latencyutils/LatencyUtils@2.0.3"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.latencyutils/LatencyUtils@2.0.3" target="_blank">pkg:maven/org.latencyutils/LatencyUtils@2.0.3</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>15</td></tr><tr class="notvulnerable"><td data-sort-value="BOOTSTRAP-3.3.6.JAR: WEBJARS-REQUIREJS.JS"><a href="#l53_80f18f9b3ec47cf5854cb30dcd6b9548c32b9567">bootstrap-3.3.6.jar: webjars-requirejs.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="BOOTSTRAP-3.3.6.JAR: TOOLTIP.JS"><a href="#l54_03d4e6b9c40809e0d902461df8da25561a44ebf2">bootstrap-3.3.6.jar: tooltip.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="BOOTSTRAP-3.3.6.JAR: ALERT.JS"><a href="#l55_0d258e8d3bd2a88fbb3f56c6fadb79f533c38525">bootstrap-3.3.6.jar: alert.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="BOOTSTRAP-3.3.6.JAR: SCROLLSPY.JS"><a href="#l56_31eefe9e317463bd60a3613cefd19a431f863685">bootstrap-3.3.6.jar: scrollspy.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="BOOTSTRAP-3.3.6.JAR: AFFIX.JS"><a href="#l57_8886023d432a56c0cf15bb0d40f4f81cea09b8bf">bootstrap-3.3.6.jar: affix.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="BOOTSTRAP-3.3.6.JAR: NPM.JS"><a href="#l58_e2b7590d6ec1fdac66b01fdf66ae0879f53b1262">bootstrap-3.3.6.jar: npm.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="BOOTSTRAP-3.3.6.JAR: MODAL.JS"><a href="#l59_1f440c2caf9aec9ea303ecb0060da37b9614a289">bootstrap-3.3.6.jar: modal.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="BOOTSTRAP-3.3.6.JAR: DROPDOWN.JS"><a href="#l60_9854a6dcb26c946f1fb47c14014aef3a5262f76b">bootstrap-3.3.6.jar: dropdown.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="BOOTSTRAP-3.3.6.JAR: TRANSITION.JS"><a href="#l61_399599edcd049de09cef0c3fd7d662b5343c9de9">bootstrap-3.3.6.jar: transition.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="BOOTSTRAP-3.3.6.JAR: POPOVER.JS"><a href="#l62_144c6a2dc7a5052cd1fe45f61ecbbaf22351b14a">bootstrap-3.3.6.jar: popover.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="BOOTSTRAP-3.3.6.JAR: CAROUSEL.JS"><a href="#l63_815b7412fefeb0a27dfc6e250145071f2f1e6ead">bootstrap-3.3.6.jar: carousel.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="BOOTSTRAP-3.3.6.JAR: COLLAPSE.JS"><a href="#l64_bd1e9a435e6623b85c0987b83362d9b5ded17046">bootstrap-3.3.6.jar: collapse.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="BOOTSTRAP-3.3.6.JAR: BUTTON.JS"><a href="#l65_6541480c4f9f3dd2d6a5467dea62d53a5355d3da">bootstrap-3.3.6.jar: button.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="BOOTSTRAP-3.3.6.JAR: TAB.JS"><a href="#l66_75a8bdb9040581703e34221babea07114c33315a">bootstrap-3.3.6.jar: tab.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="PETCLINIC.WAR: SPRING-BOOT-STARTER-TOMCAT-2.1.1.RELEASE.JAR"><a href="#l67_4cbaa992fa5509edc74d9543ab5f8f14e20fb197">petclinic.war: spring-boot-starter-tomcat-2.1.1.RELEASE.jar</a></td><td data-sort-value="cpe:2.3:a:pivotal_software:spring_boot:2.1.1:release:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Apivotal_software&amp;cpe_product=cpe%3A%2F%3Apivotal_software%3Aspring_boot&amp;cpe_version=cpe%3A%2F%3Apivotal_software%3Aspring_boot%3A2.1.1" target="_blank">cpe:2.3:a:pivotal_software:spring_boot:2.1.1:release:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.1.1.RELEASE"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.1.1.RELEASE</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="1">High</td><td>25</td></tr><tr class="notvulnerable"><td data-sort-value="PETCLINIC.WAR: TOMCAT-EMBED-EL-9.0.13.JAR"><a href="#l68_5d8b3277df6197cb03233fe407f54012f7166c65">petclinic.war: tomcat-embed-el-9.0.13.jar</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@9.0.13"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@9.0.13" target="_blank">pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@9.0.13</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>36</td></tr><tr class=" vulnerable"><td data-sort-value="PETCLINIC.WAR: TOMCAT-EMBED-CORE-9.0.13.JAR"><a href="#l69_20c90a060e1e497e0c1398f59c058279a8ae203d">petclinic.war: tomcat-embed-core-9.0.13.jar</a></td><td data-sort-value="cpe:2.3:a:apache:tomcat:9.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache_software_foundation:tomcat:9.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.13:*:*:*:*:*:*:*"><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aapache&amp;cpe_product=cpe%3A%2F%3Aapache%3Atomcat&amp;cpe_version=cpe%3A%2F%3Aapache%3Atomcat%3A9.0.13" target="_blank">cpe:2.3:a:apache:tomcat:9.0.13:*:*:*:*:*:*:*</a><br/><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aapache_software_foundation&amp;cpe_product=cpe%3A%2F%3Aapache_software_foundation%3Atomcat&amp;cpe_version=cpe%3A%2F%3Aapache_software_foundation%3Atomcat%3A9.0.13" target="_blank">cpe:2.3:a:apache_software_foundation:tomcat:9.0.13:*:*:*:*:*:*:*</a><br/><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aapache_tomcat&amp;cpe_product=cpe%3A%2F%3Aapache_tomcat%3Aapache_tomcat&amp;cpe_version=cpe%3A%2F%3Aapache_tomcat%3Aapache_tomcat%3A9.0.13" target="_blank">cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.13:*:*:*:*:*:*:*</a></td><td data-sort-value="pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.13"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.13" target="_blank">pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.13</a></td><td data-sort-value="98.0">CRITICAL</td><td>8</td><td data-sort-value="0">Highest</td><td>37</td></tr><tr class="notvulnerable"><td data-sort-value="EHCACHE-3.6.2.JAR: SIZEOF-AGENT.JAR"><a href="#l70_3a738b513c9a2491d82d5522a20b497c574cd949">ehcache-3.6.2.jar: sizeof-agent.jar</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>8</td></tr><tr class="notvulnerable"><td data-sort-value="JQUERY-2.2.4.JAR: WEBJARS-REQUIREJS.JS"><a href="#l71_d18dc733350ad3549af2df096599e824c10f777e">jquery-2.2.4.jar: webjars-requirejs.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class=" vulnerable"><td data-sort-value="PETCLINIC.WAR: JQUERY-UI-1.11.4.JAR: JQUERY-UI.MIN.JS"><a href="#l72_7f650ee30c6a4d3eea04032039b20ff72997559b">petclinic.war: jquery-ui-1.11.4.jar: jquery-ui.min.js</a></td><td data-sort-value=""></td><td data-sort-value="pkg:javascript/jquery-ui-dialog@1.11.4"><a href="https://ossindex.sonatype.org/component/pkg:javascript/jquery-ui-dialog@1.11.4" target="_blank">pkg:javascript/jquery-ui-dialog@1.11.4</a></td><td data-sort-value="61.0">MEDIUM</td><td>1</td><td data-sort-value="0"></td><td>3</td></tr><tr class=" vulnerable"><td data-sort-value="PETCLINIC.WAR: JQUERY-UI-1.11.4.JAR: JQUERY-UI.JS"><a href="#l73_3efaf11e60ea8c541b6dc26f0ef09f195732587a">petclinic.war: jquery-ui-1.11.4.jar: jquery-ui.js</a></td><td data-sort-value=""></td><td data-sort-value="pkg:javascript/jquery-ui-dialog@1.11.4"><a href="https://ossindex.sonatype.org/component/pkg:javascript/jquery-ui-dialog@1.11.4" target="_blank">pkg:javascript/jquery-ui-dialog@1.11.4</a></td><td data-sort-value="61.0">MEDIUM</td><td>1</td><td data-sort-value="0"></td><td>3</td></tr><tr class="notvulnerable"><td data-sort-value="PETCLINIC.WAR: JQUERY-UI-1.11.4.JAR: WEBJARS-REQUIREJS.JS"><a href="#l74_03056311ea772e4b7b09a70f108cb2733ae13766">petclinic.war: jquery-ui-1.11.4.jar: webjars-requirejs.js</a></td><td data-sort-value=""></td><td data-sort-value=""></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>0</td></tr><tr class="notvulnerable"><td data-sort-value="PETCLINIC.WAR (SHADED: ORG.SPRINGFRAMEWORK.SAMPLES:SPRING-PETCLINIC:2.1.0.BUILD-SNAPSHOT)"><a href="#l75_996d3b4a71cee5cb1f65dd54a4b51c7eb98ceb10">petclinic.war (shaded: org.springframework.samples:spring-petclinic:2.1.0.BUILD-SNAPSHOT)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.springframework.samples/spring-petclinic@2.1.0.BUILD-SNAPSHOT"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.samples/spring-petclinic@2.1.0.BUILD-SNAPSHOT" target="_blank">pkg:maven/org.springframework.samples/spring-petclinic@2.1.0.BUILD-SNAPSHOT</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>7</td></tr><tr class="notvulnerable"><td data-sort-value="EHCACHE-3.6.2.JAR (SHADED: ORG.EHCACHE.MODULES:EHCACHE-107:3.6.2)"><a href="#l76_579fb15b4b599be1a071a5a23dff8612a371b232">ehcache-3.6.2.jar (shaded: org.ehcache.modules:ehcache-107:3.6.2)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.ehcache.modules/ehcache-107@3.6.2"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.ehcache.modules/ehcache-107@3.6.2" target="_blank">pkg:maven/org.ehcache.modules/ehcache-107@3.6.2</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>13</td></tr><tr class="notvulnerable"><td data-sort-value="EHCACHE-3.6.2.JAR (SHADED: ORG.EHCACHE.MODULES:EHCACHE-API:3.6.2)"><a href="#l77_6c18de71efb3b05a517ac6ed06acaaa6c971b972">ehcache-3.6.2.jar (shaded: org.ehcache.modules:ehcache-api:3.6.2)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.ehcache.modules/ehcache-api@3.6.2"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.ehcache.modules/ehcache-api@3.6.2" target="_blank">pkg:maven/org.ehcache.modules/ehcache-api@3.6.2</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>13</td></tr><tr class="notvulnerable"><td data-sort-value="EHCACHE-3.6.2.JAR (SHADED: ORG.EHCACHE.MODULES:EHCACHE-CORE:3.6.2)"><a href="#l78_e2486b29b3612da56f1ff7a0f9f7717e41876492">ehcache-3.6.2.jar (shaded: org.ehcache.modules:ehcache-core:3.6.2)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.ehcache.modules/ehcache-core@3.6.2"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.ehcache.modules/ehcache-core@3.6.2" target="_blank">pkg:maven/org.ehcache.modules/ehcache-core@3.6.2</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>13</td></tr><tr class="notvulnerable"><td data-sort-value="EHCACHE-3.6.2.JAR (SHADED: ORG.EHCACHE.MODULES:EHCACHE-IMPL:3.6.2)"><a href="#l79_366666b71c0c595d15e5a45449a38d1f3019d326">ehcache-3.6.2.jar (shaded: org.ehcache.modules:ehcache-impl:3.6.2)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.ehcache.modules/ehcache-impl@3.6.2"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.ehcache.modules/ehcache-impl@3.6.2" target="_blank">pkg:maven/org.ehcache.modules/ehcache-impl@3.6.2</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>13</td></tr><tr class="notvulnerable"><td data-sort-value="EHCACHE-3.6.2.JAR (SHADED: ORG.EHCACHE.MODULES:EHCACHE-XML:3.6.2)"><a href="#l80_307ac3366a1efda998f8a57827980f42086cc093">ehcache-3.6.2.jar (shaded: org.ehcache.modules:ehcache-xml:3.6.2)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.ehcache.modules/ehcache-xml@3.6.2"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.ehcache.modules/ehcache-xml@3.6.2" target="_blank">pkg:maven/org.ehcache.modules/ehcache-xml@3.6.2</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>13</td></tr><tr class="notvulnerable"><td data-sort-value="EHCACHE-3.6.2.JAR (SHADED: ORG.EHCACHE:SIZEOF:0.3.0)"><a href="#l81_18d4a015c7463bbec8d68a1698cf705b71cc934d">ehcache-3.6.2.jar (shaded: org.ehcache:sizeof:0.3.0)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.ehcache/sizeof@0.3.0"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.ehcache/sizeof@0.3.0" target="_blank">pkg:maven/org.ehcache/sizeof@0.3.0</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>13</td></tr><tr class="notvulnerable"><td data-sort-value="EHCACHE-3.6.2.JAR (SHADED: ORG.TERRACOTTA:OFFHEAP-STORE:2.4.0)"><a href="#l82_6b13d65d75adbd135491d1ac49209caf9f1a7011">ehcache-3.6.2.jar (shaded: org.terracotta:offheap-store:2.4.0)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.terracotta/offheap-store@2.4.0"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.terracotta/offheap-store@2.4.0" target="_blank">pkg:maven/org.terracotta/offheap-store@2.4.0</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>9</td></tr><tr class="notvulnerable"><td data-sort-value="EHCACHE-3.6.2.JAR (SHADED: ORG.TERRACOTTA:STATISTICS:2.1)"><a href="#l83_56e7b6d8a273bd82f2d7066b7063de656763f2b7">ehcache-3.6.2.jar (shaded: org.terracotta:statistics:2.1)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.terracotta/statistics@2.1"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.terracotta/statistics@2.1" target="_blank">pkg:maven/org.terracotta/statistics@2.1</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>9</td></tr><tr class="notvulnerable"><td data-sort-value="BYTE-BUDDY-1.9.5.JAR (SHADED: NET.BYTEBUDDY:BYTE-BUDDY-DEP:1.9.5)"><a href="#l84_fa363fecfc18a58e5fab569f8f45ce0268f6fac0">byte-buddy-1.9.5.jar (shaded: net.bytebuddy:byte-buddy-dep:1.9.5)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/net.bytebuddy/byte-buddy-dep@1.9.5"><a href="https://ossindex.sonatype.org/component/pkg:maven/net.bytebuddy/byte-buddy-dep@1.9.5" target="_blank">pkg:maven/net.bytebuddy/byte-buddy-dep@1.9.5</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>9</td></tr><tr class="notvulnerable"><td data-sort-value="MICROMETER-CORE-1.1.1.JAR (SHADED: ORG.PCOLLECTIONS:PCOLLECTIONS:3.0.3)"><a href="#l85_312cf913d2d027395cf9cb15a46af2e763e876c6">micrometer-core-1.1.1.jar (shaded: org.pcollections:pcollections:3.0.3)</a></td><td data-sort-value=""></td><td data-sort-value="pkg:maven/org.pcollections/pcollections@3.0.3"><a href="https://ossindex.sonatype.org/component/pkg:maven/org.pcollections/pcollections@3.0.3" target="_blank">pkg:maven/org.pcollections/pcollections@3.0.3</a></td><td data-sort-value="-10">&nbsp;</td><td>0</td><td data-sort-value="0"></td><td>9</td></tr></table><h2>Dependencies</h2> <h3 class="subsectionheader standardsubsection notvulnerable"><a name="l1_77bdcff7814076dfa61611b0db88487c515150b6"></a>cache-api-1.1.0.jar</h3><div class="subsectioncontent notvulnerable"><p><b>License:</b><pre class="indent">Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/cache-api-1.1.0.jar<br/><b>MD5:</b>&nbsp;ac907ad12e9a7ac5d41abf703855002f<br/><b>SHA1:</b>&nbsp;77bdcff7814076dfa61611b0db88487c515150b6<br/><b>SHA256:</b>6c980ad1ae4a6dda3bdb62986c3ef5b41ccf766e12353587ee4e4307e27e155a</p><h4 id="header1" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content1" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>javax</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>javax.cache.api</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>cache-api</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>cache</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>javax.cache</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>jsr107/jsr107spec</td><td>Highest</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>cache-api</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>spi</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>JSR107 API and SPI</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>javax</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>javax.cache.api</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>cache-api</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>cache</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>javax.cache</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>JSR107 API and SPI</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>cache-api</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>spi</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>JSR107 API and SPI</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>jsr107/jsr107spec</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.1.0</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.1.0</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>1.1.0</td><td>High</td></tr></table></div><h4 id="header2" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content2" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: cache-api-1.1.0.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/cache-api-1.1.0.jar</li><li>MD5:&nbsp;ac907ad12e9a7ac5d41abf703855002f</li><li>SHA1:&nbsp;77bdcff7814076dfa61611b0db88487c515150b6</li><li>SHA256:&nbsp;6c980ad1ae4a6dda3bdb62986c3ef5b41ccf766e12353587ee4e4307e27e155a</li></ul></li></ul></div><h4 id="header3" class="subsectionheader white">Identifiers</h4><div id="content3" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/javax.cache/cache-api@1.1.0" target="_blank">pkg:maven/javax.cache/cache-api@1.1.0</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l2_d87770282b4d3252da8994f4c45943d9b15ef6cb"></a>petclinic.war</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war<br/><b>MD5:</b>&nbsp;4cb7c2d5280bc080ed58e25fa3951fdb<br/><b>SHA1:</b>&nbsp;d87770282b4d3252da8994f4c45943d9b15ef6cb<br/><b>SHA256:</b>d1a7cbddcc8b7b4ca8e4350ed3e6fd0f8596218ece896e2714be79e5a1c88bd0</p><h4 id="header4" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content4" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>boot</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.springframework.samples</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-url</td><td>https://projects.spring.io/spring-boot/#/spring-boot-starter-parent/spring-petclinic</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>springframework</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>org</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>springframework</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>spring-boot-lib</td><td>WEB-INF/lib/</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>spring-boot-classes</td><td>WEB-INF/classes/</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>loader</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>petclinic</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>boot</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-url</td><td>https://projects.spring.io/spring-boot/#/spring-boot-starter-parent/spring-petclinic</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>spring-boot-lib</td><td>WEB-INF/lib/</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>spring-boot-classes</td><td>WEB-INF/classes/</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>classes</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>loader</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>petclinic</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>boot</td><td>Highest</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>petclinic</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>web-inf</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>spring-boot-version</td><td>2.1.1.RELEASE</td><td>Medium</td></tr><tr><td>Version</td><td>jar</td><td>package name</td><td>classes</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>2.1.0.BUILD-SNAPSHOT</td><td>High</td></tr><tr><td>Version</td><td>jar</td><td>package name</td><td>boot</td><td>Highest</td></tr><tr><td>Version</td><td>jar</td><td>package name</td><td>web-inf</td><td>Highest</td></tr></table></div><h4 id="header5" class="subsectionheader white">Identifiers</h4><div id="content5" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l3_0e472561e3847ad172f57bbee8061002c01f8e86"></a>maven-wrapper.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/.mvn/wrapper/maven-wrapper.jar<br/><b>MD5:</b>&nbsp;2c15757d3df2eb9b2c26b81f823bda76<br/><b>SHA1:</b>&nbsp;0e472561e3847ad172f57bbee8061002c01f8e86<br/><b>SHA256:</b>c4ad2d091e089e6293664b62a07fa6538eb9b74612247d4b51812ad4c571d3a1</p><h4 id="header6" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content6" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>wrapper</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>maven-wrapper</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>io.takari</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>apache</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>maven</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>cli</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>wrapper</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>maven-wrapper</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>maven-wrapper</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>maven-wrapper</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>maven</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>maven</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>wrapper</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>0.1.2-SNAPSHOT</td><td>High</td></tr></table></div><h4 id="header7" class="subsectionheader white">Identifiers</h4><div id="content7" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection"><a name="l4_1360e2bcd3016ce44a273d2a3b6569963bb0bd68"></a>bootstrap-3.3.6.jar</h3><div class="subsectioncontent"><p><b>Description:</b><pre>WebJar for Bootstrap</pre></p><p><b>License:</b><pre class="indent">Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar<br/><b>MD5:</b>&nbsp;c8124807e1d7deba936897cae7527b66<br/><b>SHA1:</b>&nbsp;1360e2bcd3016ce44a273d2a3b6569963bb0bd68<br/><b>SHA256:</b>27e4eb72ed1153541c3b8d1e57bf9dc6acb616002eae84c36b5e9ad6afd6009d</p><h4 id="header8" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content8" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>bootstrap</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>webjars</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Bootstrap</td><td>High</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>bootstrap</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://webjars.org</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>bootstrap</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>webjars</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Bootstrap</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://webjars.org</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>bootstrap</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>3.3.6</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.3.6</td><td>Highest</td></tr></table></div><h4 id="header9" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content9" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: bootstrap-3.3.6.jar: bootstrap.min.js.gz: bootstrap.min.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/bootstrap.min.js.gz/bootstrap.min.js</li><li>MD5:&nbsp;c5b5b2fa19bd66ff23211d9f844e0131</li><li>SHA1:&nbsp;791aa054a026bddc0de92bad6cf7a1c6e73713d5</li><li>SHA256:&nbsp;2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: bootstrap.min.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/bootstrap.min.js</li><li>MD5:&nbsp;c5b5b2fa19bd66ff23211d9f844e0131</li><li>SHA1:&nbsp;791aa054a026bddc0de92bad6cf7a1c6e73713d5</li><li>SHA256:&nbsp;2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a</li></ul></li><li>bootstrap-3.3.6.jar: bootstrap.js.gz: bootstrap.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/bootstrap.js.gz/bootstrap.js</li><li>MD5:&nbsp;ed69cf59ee487638489ff8742a469e43</li><li>SHA1:&nbsp;8cf4186ce86777b4b408ce308ca9f66dd421f509</li><li>SHA256:&nbsp;defc39740ac1859d8e2785ed473208409627e87addd5f78f2deaacb93a12d51d</li></ul></li><li>bootstrap-3.3.6.jar: bootstrap.min.js.gz: bootstrap.min.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/bootstrap.min.js.gz/bootstrap.min.js</li><li>MD5:&nbsp;c5b5b2fa19bd66ff23211d9f844e0131</li><li>SHA1:&nbsp;791aa054a026bddc0de92bad6cf7a1c6e73713d5</li><li>SHA256:&nbsp;2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: bootstrap.js.gz: bootstrap.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/bootstrap.js.gz/bootstrap.js</li><li>MD5:&nbsp;ed69cf59ee487638489ff8742a469e43</li><li>SHA1:&nbsp;8cf4186ce86777b4b408ce308ca9f66dd421f509</li><li>SHA256:&nbsp;defc39740ac1859d8e2785ed473208409627e87addd5f78f2deaacb93a12d51d</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar</li><li>MD5:&nbsp;c8124807e1d7deba936897cae7527b66</li><li>SHA1:&nbsp;1360e2bcd3016ce44a273d2a3b6569963bb0bd68</li><li>SHA256:&nbsp;27e4eb72ed1153541c3b8d1e57bf9dc6acb616002eae84c36b5e9ad6afd6009d</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: bootstrap.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/bootstrap.js</li><li>MD5:&nbsp;ed69cf59ee487638489ff8742a469e43</li><li>SHA1:&nbsp;8cf4186ce86777b4b408ce308ca9f66dd421f509</li><li>SHA256:&nbsp;defc39740ac1859d8e2785ed473208409627e87addd5f78f2deaacb93a12d51d</li></ul></li></ul></div><h4 id="header10" class="subsectionheader white">Identifiers</h4><div id="content10" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:javascript/bootstrap@3.3.6" target="_blank">pkg:javascript/bootstrap@3.3.6</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)</li><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.webjars/bootstrap@3.3.6" target="_blank">pkg:maven/org.webjars/bootstrap@3.3.6</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div><h4 id="header11" class="subsectionheader expandable collaspablesubsection white">Published Vulnerabilities</h4><div id="content11" class="subsectioncontent standardsubsection"><p><span class="underline"><b>CVE-2016-10735</b>&nbsp;(OSSINDEX)</span>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('bootstrap-3.3.6.jar', '1360e2bcd3016ce44a273d2a3b6569963bb0bd68', 'pkg:javascript\/bootstrap@3.3.6', 'vulnerabilityName', 'CVE-2016-10735')">suppress</button></p><p><pre>In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.</pre>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N</li></ul><br/>References:<ul><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/20efb6c8-d8b6-40cb-a6f7-e531181023b0">[CVE-2016-10735] In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible ...</a></li></ul></p><p>Vulnerable Software &amp; Versions (OSSINDEX):<ul><li class="vs1">cpe:2.3:a:org.webjars:bootstrap:3.3.6:*:*:*:*:*:*:*</li></ul></p><p><span class="underline"><b>CVE-2018-14040</b>&nbsp;(OSSINDEX)</span>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('bootstrap-3.3.6.jar', '1360e2bcd3016ce44a273d2a3b6569963bb0bd68', 'pkg:javascript\/bootstrap@3.3.6', 'vulnerabilityName', 'CVE-2018-14040')">suppress</button></p><p><pre>In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.</pre>CVSSv3:<ul><li>Base Score: MEDIUM (6.1)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</li></ul><br/>References:<ul><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/d8419399-889a-4681-ac38-de52c83e9cc7">[CVE-2018-14040]  Improper Neutralization of Input During Web Page Generation (&quot;Cross-site Scripting&quot;)</a></li></ul></p><p>Vulnerable Software &amp; Versions (OSSINDEX):<ul><li class="vs2">cpe:2.3:a:org.webjars:bootstrap:3.3.6:*:*:*:*:*:*:*</li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14041">CVE-2018-14041</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('bootstrap-3.3.6.jar', '1360e2bcd3016ce44a273d2a3b6569963bb0bd68', 'pkg:javascript\/bootstrap@3.3.6', 'cve', 'CVE-2018-14041')">suppress</button></p><p><pre>In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.</pre>CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (6.1)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</li></ul><br/>References:<ul><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/May/18">20190509 dotCMS v5.1.1 Vulnerabilities</a></li><li>FULLDISC - <a target="_blank" href="http://seclists.org/fulldisclosure/2019/May/13">20190510 Re: dotCMS v5.1.1 HTML Injection &amp; XSS Vulnerability</a></li><li>FULLDISC - <a target="_blank" href="http://seclists.org/fulldisclosure/2019/May/11">20190510 dotCMS v5.1.1 HTML Injection &amp; XSS Vulnerability</a></li><li>FULLDISC - <a target="_blank" href="http://seclists.org/fulldisclosure/2019/May/10">20190510 dotCMS v5.1.1 Vulnerabilities</a></li><li>MISC - <a target="_blank" href="http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html">http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html</a></li><li>MISC - <a target="_blank" href="http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html">http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html</a></li><li>MISC - <a target="_blank" href="https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/">https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/</a></li><li>MISC - <a target="_blank" href="https://github.com/twbs/bootstrap/issues/26423">https://github.com/twbs/bootstrap/issues/26423</a></li><li>MISC - <a target="_blank" href="https://github.com/twbs/bootstrap/issues/26627">https://github.com/twbs/bootstrap/issues/26627</a></li><li>MISC - <a target="_blank" href="https://github.com/twbs/bootstrap/pull/26630">https://github.com/twbs/bootstrap/pull/26630</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E">[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1456">RHSA-2019:1456</a></li><li>info - <a target="_blank" href="https://github.com/twbs/bootstrap/issues/20184">https://github.com/twbs/bootstrap/issues/20184</a></li></ul></p><p>Vulnerable Software &amp; Versions (NVD):<ul><li class="vs3">cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*</li><li class="vs3">cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*</li><li class="vs3">cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*</li><li class="vs3">cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*</li><li class="vs3">cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*</li><li class="vs3">cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2</li><li class="vs3">cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*</li><li class="vs3">cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*</li><li class="vs3">cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*</li><li class="vs3">cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*</li></ul></p><p><span class="underline"><b>CVE-2018-14042</b>&nbsp;(OSSINDEX)</span>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('bootstrap-3.3.6.jar', '1360e2bcd3016ce44a273d2a3b6569963bb0bd68', 'pkg:javascript\/bootstrap@3.3.6', 'vulnerabilityName', 'CVE-2018-14042')">suppress</button></p><p><pre>In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.</pre>CVSSv3:<ul><li>Base Score: MEDIUM (6.1)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</li></ul><br/>References:<ul><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/e98acd45-5fe5-45d1-8bf2-01631d6b1260">[CVE-2018-14042]  Improper Neutralization of Input During Web Page Generation (&quot;Cross-site Scripting&quot;)</a></li></ul></p><p>Vulnerable Software &amp; Versions (OSSINDEX):<ul><li class="vs4">cpe:2.3:a:org.webjars:bootstrap:3.3.6:*:*:*:*:*:*:*</li></ul></p><p><span class="underline"><b>CVE-2018-20676</b>&nbsp;(OSSINDEX)</span>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('bootstrap-3.3.6.jar', '1360e2bcd3016ce44a273d2a3b6569963bb0bd68', 'pkg:javascript\/bootstrap@3.3.6', 'vulnerabilityName', 'CVE-2018-20676')">suppress</button></p><p><pre>In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.</pre>CVSSv3:<ul><li>Base Score: MEDIUM (6.1)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</li></ul><br/>References:<ul><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/88d9ae04-16c2-4eee-9d6b-960afe3682ab">[CVE-2018-20676]  Improper Neutralization of Input During Web Page Generation (&quot;Cross-site Scripting&quot;)</a></li></ul></p><p>Vulnerable Software &amp; Versions (OSSINDEX):<ul><li class="vs5">cpe:2.3:a:org.webjars:bootstrap:3.3.6:*:*:*:*:*:*:*</li></ul></p><p><span class="underline"><b>CVE-2018-20677</b>&nbsp;(OSSINDEX)</span>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('bootstrap-3.3.6.jar', '1360e2bcd3016ce44a273d2a3b6569963bb0bd68', 'pkg:javascript\/bootstrap@3.3.6', 'vulnerabilityName', 'CVE-2018-20677')">suppress</button></p><p><pre>In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.</pre>CVSSv3:<ul><li>Base Score: MEDIUM (6.1)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</li></ul><br/>References:<ul><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/b50e5a59-fc61-4f4c-9872-5900d205a7d2">[CVE-2018-20677]  Improper Neutralization of Input During Web Page Generation (&quot;Cross-site Scripting&quot;)</a></li></ul></p><p>Vulnerable Software &amp; Versions (OSSINDEX):<ul><li class="vs6">cpe:2.3:a:org.webjars:bootstrap:3.3.6:*:*:*:*:*:*:*</li></ul></p><p><span class="underline"><b>CVE-2019-8331</b>&nbsp;(OSSINDEX)</span>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('bootstrap-3.3.6.jar', '1360e2bcd3016ce44a273d2a3b6569963bb0bd68', 'pkg:javascript\/bootstrap@3.3.6', 'vulnerabilityName', 'CVE-2019-8331')">suppress</button></p><p><pre>In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.</pre>CVSSv3:<ul><li>Base Score: MEDIUM (6.1)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</li></ul><br/>References:<ul><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/b919d516-c1db-4060-bb17-ef25a07f9fb3">[CVE-2019-8331]  Improper Neutralization of Input During Web Page Generation (&quot;Cross-site Scripting&quot;)</a></li></ul></p><p>Vulnerable Software &amp; Versions (OSSINDEX):<ul><li class="vs7">cpe:2.3:a:org.webjars:bootstrap:3.3.6:*:*:*:*:*:*:*</li></ul></p><p><span class="underline"><b>CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</b>&nbsp;(OSSINDEX)</span>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('bootstrap-3.3.6.jar', '1360e2bcd3016ce44a273d2a3b6569963bb0bd68', 'pkg:javascript\/bootstrap@3.3.6', 'vulnerabilityName', 'CWE-79: Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\')')">suppress</button></p><p><pre>The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.</pre>CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')<br/><br/>CVSSv3:<ul><li>Base Score: MEDIUM (6.1)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</li></ul><br/>References:<ul><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/3e831af5-428b-4712-874f-8f6ff932e2b2">CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/6dd9e321-93cd-4d79-b33a-ff7e01b15ad9">CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</a></li></ul></p><p>Vulnerable Software &amp; Versions (OSSINDEX):<ul><li class="vs8">cpe:2.3:a:org.webjars:bootstrap:3.3.6:*:*:*:*:*:*:*</li></ul></p></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l5_628ebb91f520053d4120b7b18bf78ff295d57461"></a>thymeleaf-3.0.11.RELEASE.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Modern server-side Java template engine for both web and standalone environments</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/thymeleaf-3.0.11.RELEASE.jar<br/><b>MD5:</b>&nbsp;e7aae6066ad45c57ba168a9689cf08e1<br/><b>SHA1:</b>&nbsp;628ebb91f520053d4120b7b18bf78ff295d57461<br/><b>SHA256:</b>c4decad2647404c3de7bf825e606008d5795738eaa0d12d5d38451de748f1961</p><h4 id="header12" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content12" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>The THYMELEAF team</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>thymeleaf</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>thymeleaf</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>thymeleaf</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>thymeleaf</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>The THYMELEAF team</td><td>Low</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>org.thymeleaf</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>thymeleaf</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-url</td><td>http://www.thymeleaf.org</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>The THYMELEAF team</td><td>High</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>thymeleaf</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://www.thymeleaf.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>thymeleaf</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.thymeleaf</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://www.thymeleaf.org</td><td>Highest</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>thymeleaf</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>The THYMELEAF team</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://www.thymeleaf.org</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>thymeleaf</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>thymeleaf</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>thymeleaf</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://www.thymeleaf.org</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>thymeleaf</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>thymeleaf</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-url</td><td>http://www.thymeleaf.org</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>thymeleaf</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>thymeleaf</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>thymeleaf</td><td>High</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>3.0.11.RELEASE</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>3.0.11.RELEASE</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.0.11.RELEASE</td><td>Highest</td></tr></table></div><h4 id="header13" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content13" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: thymeleaf-3.0.11.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/thymeleaf-3.0.11.RELEASE.jar</li><li>MD5:&nbsp;e7aae6066ad45c57ba168a9689cf08e1</li><li>SHA1:&nbsp;628ebb91f520053d4120b7b18bf78ff295d57461</li><li>SHA256:&nbsp;c4decad2647404c3de7bf825e606008d5795738eaa0d12d5d38451de748f1961</li></ul></li></ul></div><h4 id="header14" class="subsectionheader white">Identifiers</h4><div id="content14" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.thymeleaf/thymeleaf@3.0.11.RELEASE" target="_blank">pkg:maven/org.thymeleaf/thymeleaf@3.0.11.RELEASE</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l6_3fc99dcc9289f2ff0667f71c8f224875e8e48544"></a>spring-data-jpa-2.1.3.RELEASE.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Spring Data module for JPA repositories.</pre></p><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-data-jpa-2.1.3.RELEASE.jar<br/><b>MD5:</b>&nbsp;b3f08a48db984ec1eb8a2469608fa8c0<br/><b>SHA1:</b>&nbsp;3fc99dcc9289f2ff0667f71c8f224875e8e48544<br/><b>SHA256:</b>147e3f445039f3e8d7f3b8525587c415c26937fc737153c7a442419cd9d1edd5</p><h4 id="header15" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content15" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>springframework.data</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>springframework</td><td>Highest</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>spring-data-jpa</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://projects.spring.io/spring-data-jpa</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>spring-data-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Spring Data JPA</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>spring.data.jpa</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>data</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jpa</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>org.springframework.data.build</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>spring-data-jpa</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>spring-data-jpa</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>springframework.data</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>springframework</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>spring-data-parent</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Spring Data JPA</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>spring-data-jpa</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>data</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>jpa</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>spring.data.jpa</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>org.springframework.data.build</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>Spring Data JPA</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://projects.spring.io/spring-data-jpa</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.1.3.RELEASE</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>2.1.3.RELEASE</td><td>High</td></tr></table></div><h4 id="header16" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content16" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: spring-data-jpa-2.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-data-jpa-2.1.3.RELEASE.jar</li><li>MD5:&nbsp;b3f08a48db984ec1eb8a2469608fa8c0</li><li>SHA1:&nbsp;3fc99dcc9289f2ff0667f71c8f224875e8e48544</li><li>SHA256:&nbsp;147e3f445039f3e8d7f3b8525587c415c26937fc737153c7a442419cd9d1edd5</li></ul></li></ul></div><h4 id="header17" class="subsectionheader white">Identifiers</h4><div id="content17" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.data/spring-data-jpa@2.1.3.RELEASE" target="_blank">pkg:maven/org.springframework.data/spring-data-jpa@2.1.3.RELEASE</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l7_cb855558e6271b1b32e716d24cb85c7f583ce09e"></a>validation-api-2.0.1.Final.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>
        Bean Validation API
    </pre></p><p><b>License:</b><pre class="indent">Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/validation-api-2.0.1.Final.jar<br/><b>MD5:</b>&nbsp;5d02c034034a7a16725ceff787e191d6<br/><b>SHA1:</b>&nbsp;cb855558e6271b1b32e716d24cb85c7f583ce09e<br/><b>SHA256:</b>9873b46df1833c9ee8f5bc1ff6853375115dadd8897bcb5a0dffb5848835ee6c</p><h4 id="header18" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content18" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>javax</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://beanvalidation.org</td><td>Highest</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>validation-api</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>validation</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>javax.validation.api</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>java.validation</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>javax.validation</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>validation-api</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Bean Validation API</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>javax</td><td>Highest</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>validation-api</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>validation</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>javax.validation.api</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>java.validation</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://beanvalidation.org</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>Bean Validation API</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>javax.validation</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>validation-api</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Bean Validation API</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>2.0.1.Final</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.0.1.Final</td><td>Highest</td></tr></table></div><h4 id="header19" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content19" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: validation-api-2.0.1.Final.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/validation-api-2.0.1.Final.jar</li><li>MD5:&nbsp;5d02c034034a7a16725ceff787e191d6</li><li>SHA1:&nbsp;cb855558e6271b1b32e716d24cb85c7f583ce09e</li><li>SHA256:&nbsp;9873b46df1833c9ee8f5bc1ff6853375115dadd8897bcb5a0dffb5848835ee6c</li></ul></li></ul></div><h4 id="header20" class="subsectionheader white">Identifiers</h4><div id="content20" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/javax.validation/validation-api@2.0.1.Final" target="_blank">pkg:maven/javax.validation/validation-api@2.0.1.Final</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l8_26fb04f8b9827d5fffd2a2285dd6cdd4bcdacc93"></a>ehcache-3.6.2.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>End-user ehcache3 jar artifact</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/ehcache-3.6.2.jar<br/><b>MD5:</b>&nbsp;ebcfe7cc39c43d17df22a857e31af054<br/><b>SHA1:</b>&nbsp;26fb04f8b9827d5fffd2a2285dd6cdd4bcdacc93<br/><b>SHA256:</b>72f5053f4f670798e2bfbbe9bd0cdeec6d63ea5a99be6731679aaf213d26c391</p><h4 id="header21" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content21" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Ehcache</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>JavaSE-1.8</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>ehcache</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>ehcache</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>provider</td><td>gradle</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>terracotta</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://terracotta.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>http://ehcache.org</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>ehcache</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>build-time</td><td>2018-11-14T13:54:11-0800</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>ehcache</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.ehcache.ehcache</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://ehcache.org</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Ehcache</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>JavaSE-1.8</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>ehcache</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>ehcache 3</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>provider</td><td>gradle</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>ehcache</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>terracotta</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>ehcache</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>http://ehcache.org</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>ehcache</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>build-time</td><td>2018-11-14T13:54:11-0800</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://terracotta.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>ehcache</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.ehcache.ehcache</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>filter</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://ehcache.org</td><td>Medium</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>3.6.2</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.6.2</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>3.6.2</td><td>High</td></tr></table></div><h4 id="header22" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content22" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: ehcache-3.6.2.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/ehcache-3.6.2.jar</li><li>MD5:&nbsp;ebcfe7cc39c43d17df22a857e31af054</li><li>SHA1:&nbsp;26fb04f8b9827d5fffd2a2285dd6cdd4bcdacc93</li><li>SHA256:&nbsp;72f5053f4f670798e2bfbbe9bd0cdeec6d63ea5a99be6731679aaf213d26c391</li></ul></li></ul></div><h4 id="header23" class="subsectionheader white">Identifiers</h4><div id="content23" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.ehcache/ehcache@3.6.2" target="_blank">pkg:maven/org.ehcache/ehcache@3.6.2</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l9_448f8f6ae4a6f36b4c0b148b4312c60c0c7233ae"></a>sort.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/site/jacoco/jacoco-resources/sort.js<br/><b>MD5:</b>&nbsp;bb88882f3bead8e42f5677b93777bd74<br/><b>SHA1:</b>&nbsp;448f8f6ae4a6f36b4c0b148b4312c60c0c7233ae<br/><b>SHA256:</b>a6f0a4a8def0a6b76fbeb15b1603fc8b553813dc5520804c5367463c79fc31d2</p><h4 id="header24" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content24" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header25" class="subsectionheader white">Identifiers</h4><div id="content25" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l10_6505a72a097d9270f7a9e7bf42c4238283247755"></a>commons-lang3-3.8.1.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>
  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.
  </pre></p><p><b>License:</b><pre class="indent">https://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/commons-lang3-3.8.1.jar<br/><b>MD5:</b>&nbsp;540b1256d887a6993ecbef23371a3302<br/><b>SHA1:</b>&nbsp;6505a72a097d9270f7a9e7bf42c4238283247755<br/><b>SHA256:</b>dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68</p><h4 id="header26" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content26" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>commons</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>The Apache Software Foundation</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>commons-lang3</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>apache</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.apache.commons</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://commons.apache.org/proper/commons-lang/</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>commons-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>lang3</td><td>Highest</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>commons-lang3</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>org.apache.commons.lang3</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-url</td><td>http://commons.apache.org/proper/commons-lang/</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.apache.commons.lang3</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>The Apache Software Foundation</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>org.apache.commons</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Apache Commons Lang</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.7))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>apache.commons</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>http://commons.apache.org/proper/commons-lang/</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>commons</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>apache</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://commons.apache.org/proper/commons-lang/</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>commons-parent</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>Apache Commons Lang</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>commons-lang3</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>lang3</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>Apache Commons Lang</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>commons-lang3</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>org.apache.commons.lang3</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-url</td><td>http://commons.apache.org/proper/commons-lang/</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.apache.commons.lang3</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>org.apache.commons</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Apache Commons Lang</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.7))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>apache.commons</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>http://commons.apache.org/proper/commons-lang/</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>Apache Commons Lang</td><td>Medium</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>3.8.1</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>parent-version</td><td>3.8.1</td><td>Low</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.8.1</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>3.8.1</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>3.8.1</td><td>High</td></tr></table></div><h4 id="header27" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content27" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: commons-lang3-3.8.1.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/commons-lang3-3.8.1.jar</li><li>MD5:&nbsp;540b1256d887a6993ecbef23371a3302</li><li>SHA1:&nbsp;6505a72a097d9270f7a9e7bf42c4238283247755</li><li>SHA256:&nbsp;dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68</li></ul></li></ul></div><h4 id="header28" class="subsectionheader white">Identifiers</h4><div id="content28" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-lang3@3.8.1" target="_blank">pkg:maven/org.apache.commons/commons-lang3@3.8.1</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection"><a name="l11_b1e5325d35bfb27e42d57e9295510cad54ed8fdf"></a>spring-core-5.1.3.RELEASE.jar</h3><div class="subsectioncontent"><p><b>Description:</b><pre>Spring Core</pre></p><p><b>License:</b><pre class="indent">Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-core-5.1.3.RELEASE.jar<br/><b>MD5:</b>&nbsp;491ab79408bab73188e1e4d30805db25<br/><b>SHA1:</b>&nbsp;b1e5325d35bfb27e42d57e9295510cad54ed8fdf<br/><b>SHA256:</b>b8fd57c892b03997c6e99cbb2b0cdd601e3d063b0ed99f09dc0b02e820a9ac61</p><h4 id="header29" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content29" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>core</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>springframework</td><td>Low</td></tr><tr><td>Vendor</td><td>hint analyzer</td><td>vendor</td><td>pivotal software</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>spring-core</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>core</td><td>Low</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>org.springframework</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Spring Core</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>spring.core</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://projects.spring.io/spring-framework</td><td>Medium</td></tr><tr><td>Vendor</td><td>hint analyzer</td><td>vendor</td><td>SpringSource</td><td>Highest</td></tr><tr><td>Vendor</td><td>hint analyzer</td><td>vendor</td><td>vmware</td><td>Highest</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>spring-core</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>springframework</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Spring IO</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>spring-projects/spring-framework</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>core</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>core</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Spring Core</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>spring-projects/spring-framework</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>spring.core</td><td>Medium</td></tr><tr><td>Product</td><td>hint analyzer</td><td>product</td><td>springsource_spring_framework</td><td>Highest</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>spring-core</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>spring-core</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>spring-core</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Spring IO</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>spring-core</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>springframework</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://projects.spring.io/spring-framework</td><td>Low</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>5.1.3.RELEASE</td><td>High</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>5.1.3.RELEASE</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>5.1.3.RELEASE</td><td>Highest</td></tr></table></div><h4 id="header30" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content30" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: spring-beans-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-beans-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;899e362f119f5a8f2a67bd5aff2e5953</li><li>SHA1:&nbsp;9a15a7c84bd12516574bcaf87ffa38c1e65e8a2b</li><li>SHA256:&nbsp;6702b1f7b7440512b9fe7d04f48762ac8b4be65fc2554079a1da4d6285c581f3</li></ul></li><li>spring-aspects-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-aspects-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;93c1702ec2ab0697071d11f24cfea743</li><li>SHA1:&nbsp;abee7b02e9c69f2339dd75409e6beb1bb0c7fe5e</li><li>SHA256:&nbsp;f894b9c98ffd0994d00cc0ad2581920960f69f2204c823241b7a693803438f66</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-aspects@5.1.3.RELEASE" target="_blank">pkg:maven/org.springframework/spring-aspects@5.1.3.RELEASE</a></li></ul></li><li>petclinic.war: spring-orm-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-orm-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;879c608402b7ebe091b1f5ea19ce1b43</li><li>SHA1:&nbsp;b18a3b81dd2dc712cbb2aafaa7b581e9faf00506</li><li>SHA256:&nbsp;0e87365db10528eb1fd4e7392b00a3ab6b4997bd20c12745c76137c9b3179040</li></ul></li><li>spring-context-support-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-context-support-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;daa4dd8cfb44a9590d4ede8f56aff9f6</li><li>SHA1:&nbsp;8b99520030ab5f7eef5fa06a04294e6781d706c0</li><li>SHA256:&nbsp;4b8717a23db682921cb99709034b6f8ac80014550bff09eff02618df50359e69</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-context-support@5.1.3.RELEASE" target="_blank">pkg:maven/org.springframework/spring-context-support@5.1.3.RELEASE</a></li></ul></li><li>spring-aop-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-aop-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;e780b114c0bc7aeccfd78af502a04116</li><li>SHA1:&nbsp;c6b69e5c73e17dd15b5a07d96ecfa2d2e7955705</li><li>SHA256:&nbsp;fb67e4dfad7d137e390761f360b2f4cf74c6693c33f62c9d930afeb8c1ad8115</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-aop@5.1.3.RELEASE" target="_blank">pkg:maven/org.springframework/spring-aop@5.1.3.RELEASE</a></li></ul></li><li>petclinic.war: spring-webmvc-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-webmvc-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;348a63d8bbc2283b1c3987d785748d49</li><li>SHA1:&nbsp;2ff9c2ddccaafd5b55756ceb4a65f02acb3b847a</li><li>SHA256:&nbsp;197f872b5589c156af033a35dba506d4040040a36bbfcdb6cb7f83cada5799e4</li></ul></li><li>spring-jdbc-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-jdbc-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;4c9d2efac14eb1b9e00d107dc13d0f7d</li><li>SHA1:&nbsp;4bab0879114befbe41000d2e35dc7b311659b86c</li><li>SHA256:&nbsp;c6ed295cfe438e041505e068cff9159e446633d95950e1f14a28b29a50ab62de</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-jdbc@5.1.3.RELEASE" target="_blank">pkg:maven/org.springframework/spring-jdbc@5.1.3.RELEASE</a></li></ul></li><li>spring-web-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-web-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;358879170ace789a15ca8462bd389ac0</li><li>SHA1:&nbsp;c875df33e6c5ac0df53e727a08d42b316e69918b</li><li>SHA256:&nbsp;91366fdb24ab6e61d2ac657dc937e0385c718b14747ea96ac0cd1f923fdc626d</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-web@5.1.3.RELEASE" target="_blank">pkg:maven/org.springframework/spring-web@5.1.3.RELEASE</a></li></ul></li><li>petclinic.war: spring-core-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-core-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;491ab79408bab73188e1e4d30805db25</li><li>SHA1:&nbsp;b1e5325d35bfb27e42d57e9295510cad54ed8fdf</li><li>SHA256:&nbsp;b8fd57c892b03997c6e99cbb2b0cdd601e3d063b0ed99f09dc0b02e820a9ac61</li></ul></li><li>spring-tx-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-tx-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;59e84830b18a63d5059186c29cd6914b</li><li>SHA1:&nbsp;ddce255764fe4211c1b189a55384037132b5afd2</li><li>SHA256:&nbsp;21e330206983abc92423fe6804608b306bed43b7482c167625f844d75e0929f4</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-tx@5.1.3.RELEASE" target="_blank">pkg:maven/org.springframework/spring-tx@5.1.3.RELEASE</a></li></ul></li><li>spring-beans-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-beans-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;899e362f119f5a8f2a67bd5aff2e5953</li><li>SHA1:&nbsp;9a15a7c84bd12516574bcaf87ffa38c1e65e8a2b</li><li>SHA256:&nbsp;6702b1f7b7440512b9fe7d04f48762ac8b4be65fc2554079a1da4d6285c581f3</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-beans@5.1.3.RELEASE" target="_blank">pkg:maven/org.springframework/spring-beans@5.1.3.RELEASE</a></li></ul></li><li>petclinic.war: spring-tx-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-tx-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;59e84830b18a63d5059186c29cd6914b</li><li>SHA1:&nbsp;ddce255764fe4211c1b189a55384037132b5afd2</li><li>SHA256:&nbsp;21e330206983abc92423fe6804608b306bed43b7482c167625f844d75e0929f4</li></ul></li><li>spring-webmvc-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-webmvc-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;348a63d8bbc2283b1c3987d785748d49</li><li>SHA1:&nbsp;2ff9c2ddccaafd5b55756ceb4a65f02acb3b847a</li><li>SHA256:&nbsp;197f872b5589c156af033a35dba506d4040040a36bbfcdb6cb7f83cada5799e4</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-webmvc@5.1.3.RELEASE" target="_blank">pkg:maven/org.springframework/spring-webmvc@5.1.3.RELEASE</a></li></ul></li><li>petclinic.war: spring-context-support-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-context-support-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;daa4dd8cfb44a9590d4ede8f56aff9f6</li><li>SHA1:&nbsp;8b99520030ab5f7eef5fa06a04294e6781d706c0</li><li>SHA256:&nbsp;4b8717a23db682921cb99709034b6f8ac80014550bff09eff02618df50359e69</li></ul></li><li>spring-context-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-context-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;4f5d23868f6fc7bff18ff53cbe4c6749</li><li>SHA1:&nbsp;158929623ee0166fa930e88c3e2ca86a887088c0</li><li>SHA256:&nbsp;d572c43e9405905ac423d8b7e4af7af4c667358a4efa43cdecf3224a80c72f76</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-context@5.1.3.RELEASE" target="_blank">pkg:maven/org.springframework/spring-context@5.1.3.RELEASE</a></li></ul></li><li>petclinic.war: spring-aspects-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-aspects-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;93c1702ec2ab0697071d11f24cfea743</li><li>SHA1:&nbsp;abee7b02e9c69f2339dd75409e6beb1bb0c7fe5e</li><li>SHA256:&nbsp;f894b9c98ffd0994d00cc0ad2581920960f69f2204c823241b7a693803438f66</li></ul></li><li>spring-expression-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-expression-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;8f89198bcdf78f00d72a45fb288f6597</li><li>SHA1:&nbsp;628a471a077ab80f7fd66a5f5e42e2d67e6a9607</li><li>SHA256:&nbsp;0c1ac4ef565bc32b5d1c514e0dc011d0a5ac31050f9f5a2098c25386e38f0088</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-expression@5.1.3.RELEASE" target="_blank">pkg:maven/org.springframework/spring-expression@5.1.3.RELEASE</a></li></ul></li><li>petclinic.war: spring-context-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-context-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;4f5d23868f6fc7bff18ff53cbe4c6749</li><li>SHA1:&nbsp;158929623ee0166fa930e88c3e2ca86a887088c0</li><li>SHA256:&nbsp;d572c43e9405905ac423d8b7e4af7af4c667358a4efa43cdecf3224a80c72f76</li></ul></li><li>petclinic.war: spring-jdbc-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-jdbc-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;4c9d2efac14eb1b9e00d107dc13d0f7d</li><li>SHA1:&nbsp;4bab0879114befbe41000d2e35dc7b311659b86c</li><li>SHA256:&nbsp;c6ed295cfe438e041505e068cff9159e446633d95950e1f14a28b29a50ab62de</li></ul></li><li>petclinic.war: spring-expression-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-expression-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;8f89198bcdf78f00d72a45fb288f6597</li><li>SHA1:&nbsp;628a471a077ab80f7fd66a5f5e42e2d67e6a9607</li><li>SHA256:&nbsp;0c1ac4ef565bc32b5d1c514e0dc011d0a5ac31050f9f5a2098c25386e38f0088</li></ul></li><li>petclinic.war: spring-jcl-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-jcl-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;afdd840a2eee6920c0eb7a5e85b1d824</li><li>SHA1:&nbsp;d332735dbc9c3f48cac59fb832c5719eb62bbe4d</li><li>SHA256:&nbsp;3f89f3bb318bf1f60777b376f187ef1d901834310e26e56024b6da7d00988f7f</li></ul></li><li>petclinic.war: spring-web-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-web-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;358879170ace789a15ca8462bd389ac0</li><li>SHA1:&nbsp;c875df33e6c5ac0df53e727a08d42b316e69918b</li><li>SHA256:&nbsp;91366fdb24ab6e61d2ac657dc937e0385c718b14747ea96ac0cd1f923fdc626d</li></ul></li><li>spring-jcl-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-jcl-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;afdd840a2eee6920c0eb7a5e85b1d824</li><li>SHA1:&nbsp;d332735dbc9c3f48cac59fb832c5719eb62bbe4d</li><li>SHA256:&nbsp;3f89f3bb318bf1f60777b376f187ef1d901834310e26e56024b6da7d00988f7f</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-jcl@5.1.3.RELEASE" target="_blank">pkg:maven/org.springframework/spring-jcl@5.1.3.RELEASE</a></li></ul></li><li>petclinic.war: spring-aop-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-aop-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;e780b114c0bc7aeccfd78af502a04116</li><li>SHA1:&nbsp;c6b69e5c73e17dd15b5a07d96ecfa2d2e7955705</li><li>SHA256:&nbsp;fb67e4dfad7d137e390761f360b2f4cf74c6693c33f62c9d930afeb8c1ad8115</li></ul></li><li>spring-orm-5.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-orm-5.1.3.RELEASE.jar</li><li>MD5:&nbsp;879c608402b7ebe091b1f5ea19ce1b43</li><li>SHA1:&nbsp;b18a3b81dd2dc712cbb2aafaa7b581e9faf00506</li><li>SHA256:&nbsp;0e87365db10528eb1fd4e7392b00a3ab6b4997bd20c12745c76137c9b3179040</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-orm@5.1.3.RELEASE" target="_blank">pkg:maven/org.springframework/spring-orm@5.1.3.RELEASE</a></li></ul></li></ul></div><h4 id="header31" class="subsectionheader white">Identifiers</h4><div id="content31" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-core@5.1.3.RELEASE" target="_blank">pkg:maven/org.springframework/spring-core@5.1.3.RELEASE</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Apivotal_software&amp;cpe_product=cpe%3A%2F%3Apivotal_software%3Aspring_framework&amp;cpe_version=cpe%3A%2F%3Apivotal_software%3Aspring_framework%3A5.1.3" target="_blank">cpe:2.3:a:pivotal_software:spring_framework:5.1.3:release:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('spring-core-5.1.3.RELEASE.jar', 'b1e5325d35bfb27e42d57e9295510cad54ed8fdf', 'pkg:maven\/org.springframework\/spring-core@5.1.3.RELEASE', 'cpe', 'cpe:\/a:pivotal_software:spring_framework')">suppress</button></li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aspringsource&amp;cpe_product=cpe%3A%2F%3Aspringsource%3Aspring_framework&amp;cpe_version=cpe%3A%2F%3Aspringsource%3Aspring_framework%3A5.1.3" target="_blank">cpe:2.3:a:springsource:spring_framework:5.1.3:release:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('spring-core-5.1.3.RELEASE.jar', 'b1e5325d35bfb27e42d57e9295510cad54ed8fdf', 'pkg:maven\/org.springframework\/spring-core@5.1.3.RELEASE', 'cpe', 'cpe:\/a:springsource:spring_framework')">suppress</button></li><li>cpe:2.3:a:vmware:springsource_spring_framework:5.1.3:release:*:*:*:*:*:*&nbsp;&nbsp;(<i>Confidence</i>:Low)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('spring-core-5.1.3.RELEASE.jar', 'b1e5325d35bfb27e42d57e9295510cad54ed8fdf', 'pkg:maven\/org.springframework\/spring-core@5.1.3.RELEASE', 'cpe', 'cpe:\/a:vmware:springsource_spring_framework')">suppress</button></li></ul></div><h4 id="header32" class="subsectionheader expandable collaspablesubsection white">Published Vulnerabilities</h4><div id="content32" class="subsectioncontent standardsubsection"><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5398">CVE-2020-5398</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('spring-core-5.1.3.RELEASE.jar', 'b1e5325d35bfb27e42d57e9295510cad54ed8fdf', 'pkg:maven\/org.springframework\/spring-core@5.1.3.RELEASE', 'cve', 'CVE-2020-5398')">suppress</button></p><p><pre>In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a &quot;Content-Disposition&quot; header in the response where the filename attribute is derived from user supplied input.</pre>CWE-494 Download of Code Without Integrity Check<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.6)</li><li>Vector: /AV:N/AC:H/Au:N/C:C/I:C/A:C</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://pivotal.io/security/cve-2020-5398">https://pivotal.io/security/cve-2020-5398</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8@%3Ccommits.camel.apache.org%3E">[camel-commits] 20200220 [camel] branch camel-2.25.x updated: Updating Spring due to CVE-2020-5398</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/07e93ccb-05c0-405d-9df8-56a5acf32070">[CVE-2020-5398] In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1....</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs9', 'show all', 'show less');">show all</a>)<ul><li class="vs9"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Apivotal_software%3Aspring_framework">cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:* versions from (including) 5.1.1; versions up to (excluding) 5.1.13</a></li><li class="vs9">...</li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Apivotal_software%3Aspring_framework">cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:* versions from (including) 5.0.0; versions up to (excluding) 5.0.16</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Apivotal_software%3Aspring_framework">cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:* versions from (including) 5.1.1; versions up to (excluding) 5.1.13</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Apivotal_software%3Aspring_framework">cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:* versions from (including) 5.2.0; versions up to (excluding) 5.2.3</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Apivotal_software%3Aspring_framework%3A5.1.0%3A-">cpe:2.3:a:pivotal_software:spring_framework:5.1.0:-:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Apivotal_software%3Aspring_framework%3A5.1.0%3Arc1">cpe:2.3:a:pivotal_software:spring_framework:5.1.0:rc1:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Apivotal_software%3Aspring_framework%3A5.1.0%3Arc2">cpe:2.3:a:pivotal_software:spring_framework:5.1.0:rc2:*:*:*:*:*:*</a></li><li class="vs9 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Apivotal_software%3Aspring_framework%3A5.1.0%3Arc3">cpe:2.3:a:pivotal_software:spring_framework:5.1.0:rc3:*:*:*:*:*:*</a></li></ul></p></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l12_25665ac8c0b62f50e6488173233239120fc52c96"></a>javax.persistence-api-2.2.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Java(TM) Persistence API</pre></p><p><b>License:</b><pre class="indent">Eclipse Public License v1.0: http://www.eclipse.org/legal/epl-v10.html
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/javax.persistence-api-2.2.jar<br/><b>MD5:</b>&nbsp;e6520b3435f5b6d58eee415b5542abf8<br/><b>SHA1:</b>&nbsp;25665ac8c0b62f50e6488173233239120fc52c96<br/><b>SHA256:</b>5578b71b37999a5eaed3fea0d14aa61c60c6ec6328256f2b63472f336318baf4</p><h4 id="header33" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content33" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>javax.persistence-api</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>javax</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>Oracle Corporation</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>com.oracle</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>javax.persistence-api</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>java.persistence</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>net.java</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>javax.persistence-api</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>javaee/jpa-spec</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>javax.persistence</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>persistence</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>jvnet-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>extension-name</td><td>javax.persistence</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>javax.persistence-api</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>javax</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>version</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>javax.persistence-api</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>java.persistence</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>jvnet-parent</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>net.java</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>javax.persistence-api</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>javax.persistence</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>persistence</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>Java(TM) Persistence API jar</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>javaee/jpa-spec</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>extension-name</td><td>javax.persistence</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.2</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>2.2</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>2.2</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>2.2</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>parent-version</td><td>2.2</td><td>Low</td></tr></table></div><h4 id="header34" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content34" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: javax.persistence-api-2.2.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/javax.persistence-api-2.2.jar</li><li>MD5:&nbsp;e6520b3435f5b6d58eee415b5542abf8</li><li>SHA1:&nbsp;25665ac8c0b62f50e6488173233239120fc52c96</li><li>SHA256:&nbsp;5578b71b37999a5eaed3fea0d14aa61c60c6ec6328256f2b63472f336318baf4</li></ul></li></ul></div><h4 id="header35" class="subsectionheader white">Identifiers</h4><div id="content35" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/javax.persistence/javax.persistence-api@2.2" target="_blank">pkg:maven/javax.persistence/javax.persistence-api@2.2</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l13_c072c13dcb7f705471c40bafb1536171df850ab2"></a>javassist-3.23.1-GA.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>
  	Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
    simple.  It is a class library for editing bytecodes in Java.
  </pre></p><p><b>License:</b><pre class="indent">MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/javassist-3.23.1-GA.jar<br/><b>MD5:</b>&nbsp;c99b30482cfdcd42bdc301970a3b2d5d<br/><b>SHA1:</b>&nbsp;c072c13dcb7f705471c40bafb1536171df850ab2<br/><b>SHA256:</b>d2b14c09763523374624f32a09d6e31fcb174082a97addb5ae2d580b474fd806</p><h4 id="header36" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content36" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>javassist</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://www.javassist.org/</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>javassist</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>Shigeru Chiba, www.javassist.org</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>javassist</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>javassist</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Shigeru Chiba, www.javassist.org</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>javassist</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Javassist</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>bytecode</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>Javassist</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Shigeru Chiba, www.javassist.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>javassist</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>Javassist</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>javassist</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Javassist</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>javassist</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>javassist</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>javassist</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://www.javassist.org/</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>bytecode</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>specification-version</td><td>3.23.1-GA</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.23.1-GA</td><td>Highest</td></tr></table></div><h4 id="header37" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content37" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: javassist-3.23.1-GA.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/javassist-3.23.1-GA.jar</li><li>MD5:&nbsp;c99b30482cfdcd42bdc301970a3b2d5d</li><li>SHA1:&nbsp;c072c13dcb7f705471c40bafb1536171df850ab2</li><li>SHA256:&nbsp;d2b14c09763523374624f32a09d6e31fcb174082a97addb5ae2d580b474fd806</li></ul></li></ul></div><h4 id="header38" class="subsectionheader white">Identifiers</h4><div id="content38" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.javassist/javassist@3.23.1-GA" target="_blank">pkg:maven/org.javassist/javassist@3.23.1-GA</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l14_f87c5c1bbfc638309824140e68dfaaeb1bb479f3"></a>hibernate-core-5.3.7.Final.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Hibernate's core ORM functionality</pre></p><p><b>License:</b><pre class="indent">GNU Library General Public License v2.1 or later: http://www.opensource.org/licenses/LGPL-2.1</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/hibernate-core-5.3.7.Final.jar<br/><b>MD5:</b>&nbsp;20f0daf39f05db0085796d9813431e15<br/><b>SHA1:</b>&nbsp;f87c5c1bbfc638309824140e68dfaaeb1bb479f3<br/><b>SHA256:</b>862822a3ebf43aa38ff7d36346bb4cef1fc5a5c400b0a8f35d4a33df816202e9</p><h4 id="header39" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content39" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.hibernate.orm.core</td><td>Medium</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>hibernate-core</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>org.hibernate.orm.core</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://hibernate.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.hibernate.org/orm/5.3</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>Hibernate.org</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Hibernate.org</td><td>High</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>org.hibernate</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://hibernate.org/orm</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>hibernate</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.hibernate</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>hibernate</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-url</td><td>http://hibernate.org/orm</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>hibernate</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>Hibernate.org</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>hibernate-core</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Hibernate ORM - hibernate-core</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.hibernate.orm.core</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>version</td><td>Highest</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>hibernate-core</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>hibernate-core</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>org.hibernate.orm.core</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://hibernate.org/orm</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.hibernate.org/orm/5.3</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>hibernate-core</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>hibernate</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>hibernate</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-url</td><td>http://hibernate.org/orm</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>hibernate-core</td><td>High</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>hibernate-core</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>hibernate-core</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Hibernate ORM - hibernate-core</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>filter</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Hibernate.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://hibernate.org</td><td>Low</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>5.3.7.Final</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>5.3.7.Final</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>5.3.7.Final</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>5.3.7.Final</td><td>High</td></tr></table></div><h4 id="header40" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content40" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: hibernate-core-5.3.7.Final.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/hibernate-core-5.3.7.Final.jar</li><li>MD5:&nbsp;20f0daf39f05db0085796d9813431e15</li><li>SHA1:&nbsp;f87c5c1bbfc638309824140e68dfaaeb1bb479f3</li><li>SHA256:&nbsp;862822a3ebf43aa38ff7d36346bb4cef1fc5a5c400b0a8f35d4a33df816202e9</li></ul></li></ul></div><h4 id="header41" class="subsectionheader white">Identifiers</h4><div id="content41" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.hibernate/hibernate-core@5.3.7.Final" target="_blank">pkg:maven/org.hibernate/hibernate-core@5.3.7.Final</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l15_0af5364cd6679bfffb114f0dec8a157aaa283b76"></a>jul-to-slf4j-1.7.25.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>JUL to SLF4J bridge</pre></p><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jul-to-slf4j-1.7.25.jar<br/><b>MD5:</b>&nbsp;ab28124cb05fec600f2ffe37b94629e0<br/><b>SHA1:</b>&nbsp;0af5364cd6679bfffb114f0dec8a157aaa283b76<br/><b>SHA256:</b>416c5a0c145ad19526e108d44b6bf77b75412d47982cce6ce8d43abdbdbb0fac</p><h4 id="header42" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content42" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>slf4j</td><td>Highest</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jul-to-slf4j</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jul-to-slf4j</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>JUL to SLF4J bridge</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>slf4j-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>J2SE-1.5</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>org.slf4j</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>slf4j</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>jul.to.slf4j</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>bridge</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://www.slf4j.org</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>slf4j</td><td>Highest</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jul-to-slf4j</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>JUL to SLF4J bridge</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>J2SE-1.5</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>jul-to-slf4j</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://www.slf4j.org</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>org.slf4j</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>slf4j</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>jul.to.slf4j</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>slf4j-parent</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>bridge</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jul-to-slf4j</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.7.25</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.7.25</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>1.7.25</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>1.7.25</td><td>High</td></tr></table></div><h4 id="header43" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content43" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: jul-to-slf4j-1.7.25.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jul-to-slf4j-1.7.25.jar</li><li>MD5:&nbsp;ab28124cb05fec600f2ffe37b94629e0</li><li>SHA1:&nbsp;0af5364cd6679bfffb114f0dec8a157aaa283b76</li><li>SHA256:&nbsp;416c5a0c145ad19526e108d44b6bf77b75412d47982cce6ce8d43abdbdbb0fac</li></ul></li></ul></div><h4 id="header44" class="subsectionheader white">Identifiers</h4><div id="content44" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/jul-to-slf4j@1.7.25" target="_blank">pkg:maven/org.slf4j/jul-to-slf4j@1.7.25</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l16_a93ad36df9560de3a5312c1d14f69d938099fa64"></a>attoparser-2.0.5.RELEASE.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Powerful, fast and easy to use HTML and XML parser for Java</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/attoparser-2.0.5.RELEASE.jar<br/><b>MD5:</b>&nbsp;546b814a33d40124427225d6d1df8fd2<br/><b>SHA1:</b>&nbsp;a93ad36df9560de3a5312c1d14f69d938099fa64<br/><b>SHA256:</b>d4015d56147f696ed0a90078675bc940529f907e7b2dfc1fad754e8033da8796</p><h4 id="header45" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content45" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.attoparser.org</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>attoparser</td><td>High</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>org.attoparser</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>The ATTOPARSER team</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>attoparser</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>attoparser</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>attoparser</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.attoparser</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>attoparser</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://www.attoparser.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-url</td><td>http://www.attoparser.org</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>attoparser</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>The ATTOPARSER team</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.attoparser</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>The ATTOPARSER team</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>attoparser</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://www.attoparser.org</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.attoparser.org</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>attoparser</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>attoparser</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>attoparser</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>attoparser</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>attoparser</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.attoparser</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>attoparser</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>attoparser</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>The ATTOPARSER team</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>attoparser</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-url</td><td>http://www.attoparser.org</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>attoparser</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://www.attoparser.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://www.attoparser.org</td><td>Medium</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>attoparser</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>2.0.5.RELEASE</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>2.0.5.RELEASE</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.0.5.RELEASE</td><td>Highest</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>2.0.5.RELEASE</td><td>Highest</td></tr></table></div><h4 id="header46" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content46" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: attoparser-2.0.5.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/attoparser-2.0.5.RELEASE.jar</li><li>MD5:&nbsp;546b814a33d40124427225d6d1df8fd2</li><li>SHA1:&nbsp;a93ad36df9560de3a5312c1d14f69d938099fa64</li><li>SHA256:&nbsp;d4015d56147f696ed0a90078675bc940529f907e7b2dfc1fad754e8033da8796</li></ul></li></ul></div><h4 id="header47" class="subsectionheader white">Identifiers</h4><div id="content47" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.attoparser/attoparser@2.0.5.RELEASE" target="_blank">pkg:maven/org.attoparser/attoparser@2.0.5.RELEASE</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l17_38ceb06ae54ba0524d14a85fe84ed03aecef5078"></a>byte-buddy-1.9.5.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>
        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
    </pre></p><p><b>License:</b><pre class="indent"><a href="http://www.apache.org/licenses/LICENSE-2.0.txt">http://www.apache.org/licenses/LICENSE-2.0.txt</a></pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/byte-buddy-1.9.5.jar<br/><b>MD5:</b>&nbsp;91e1ae2956ff94969942b86d01f73c71<br/><b>SHA1:</b>&nbsp;38ceb06ae54ba0524d14a85fe84ed03aecef5078<br/><b>SHA256:</b>193e7dde8bc8bff90ff73843eda9a611624c5c364cdf0beebebae1a8be34b80f</p><h4 id="header48" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content48" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>net</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>byte-buddy</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>build</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>net.bytebuddy.byte-buddy</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Byte Buddy (without dependencies)</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>multi-release</td><td>true</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>net.bytebuddy</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>bytebuddy</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>byte-buddy-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>asm</td><td>Highest</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>byte-buddy</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>build</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>net.bytebuddy.byte-buddy</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Byte Buddy (without dependencies)</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>net.bytebuddy</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>asm</td><td>Highest</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>byte-buddy</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>net</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>multi-release</td><td>true</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>byte-buddy-parent</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>byte-buddy</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>bytebuddy</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>Byte Buddy (without dependencies)</td><td>Medium</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>1.9.5</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.9.5</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.9.5</td><td>Highest</td></tr></table></div><h4 id="header49" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content49" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: byte-buddy-1.9.5.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/byte-buddy-1.9.5.jar</li><li>MD5:&nbsp;91e1ae2956ff94969942b86d01f73c71</li><li>SHA1:&nbsp;38ceb06ae54ba0524d14a85fe84ed03aecef5078</li><li>SHA256:&nbsp;193e7dde8bc8bff90ff73843eda9a611624c5c364cdf0beebebae1a8be34b80f</li></ul></li></ul></div><h4 id="header50" class="subsectionheader white">Identifiers</h4><div id="content50" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/net.bytebuddy/byte-buddy@1.9.5" target="_blank">pkg:maven/net.bytebuddy/byte-buddy@1.9.5</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l18_83cd2cd674a217ade95a4bb83a8a14f351f48bd0"></a>antlr-2.7.7.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>
    A framework for constructing recognizers, compilers,
    and translators from grammatical descriptions containing
    Java, C#, C++, or Python actions.
  </pre></p><p><b>License:</b><pre class="indent">BSD License: http://www.antlr.org/license.html</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/antlr-2.7.7.jar<br/><b>MD5:</b>&nbsp;f8f1352c52a4c6a500b597596501fc64<br/><b>SHA1:</b>&nbsp;83cd2cd674a217ade95a4bb83a8a14f351f48bd0<br/><b>SHA256:</b>88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c</p><h4 id="header51" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content51" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>antlr</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://www.antlr.org/</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>antlr</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>antlr</td><td>High</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>antlr</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>antlr</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>AntLR Parser Generator</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://www.antlr.org/</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>antlr</td><td>High</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>antlr</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>antlr</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>antlr</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>AntLR Parser Generator</td><td>High</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>2.7.7</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.7.7</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>2.7.7</td><td>High</td></tr></table></div><h4 id="header52" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content52" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: antlr-2.7.7.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/antlr-2.7.7.jar</li><li>MD5:&nbsp;f8f1352c52a4c6a500b597596501fc64</li><li>SHA1:&nbsp;83cd2cd674a217ade95a4bb83a8a14f351f48bd0</li><li>SHA256:&nbsp;88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c</li></ul></li></ul></div><h4 id="header53" class="subsectionheader white">Identifiers</h4><div id="content53" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/antlr/antlr@2.7.7" target="_blank">pkg:maven/antlr/antlr@2.7.7</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l19_6c66db1c636ee90beb4c65fe34abd8ba9396bca6"></a>HikariCP-3.2.0.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Ultimate JDBC Connection Pool</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/HikariCP-3.2.0.jar<br/><b>MD5:</b>&nbsp;ce78a822d3e6a6ae9bb1ed2fce078ae5<br/><b>SHA1:</b>&nbsp;6c66db1c636ee90beb4c65fe34abd8ba9396bca6<br/><b>SHA256:</b>b008de68bbd85811f4b6e8f0860d0966c6acb4f2e75fabd46ec2094569cbefeb</p><h4 id="header54" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content54" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>hikari</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Zaxxer.com</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>HikariCP</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>pool</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>https://github.com/brettwooldridge</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>HikariCP</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>zaxxer</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>com.zaxxer.hikari</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>zaxxer</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>brettwooldridge/HikariCP</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>brettwooldridge</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>HikariCP</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>com.zaxxer.HikariCP</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>HikariCP</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>hikari</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>HikariCP</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>pool</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>https://github.com/brettwooldridge</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>HikariCP</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>zaxxer</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>brettwooldridge/HikariCP</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>HikariCP</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>com.zaxxer.hikari</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>zaxxer</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Zaxxer.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>brettwooldridge</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>com.zaxxer.HikariCP</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>3.2.0</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.2.0</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>3.2.0</td><td>High</td></tr></table></div><h4 id="header55" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content55" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: HikariCP-3.2.0.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/HikariCP-3.2.0.jar</li><li>MD5:&nbsp;ce78a822d3e6a6ae9bb1ed2fce078ae5</li><li>SHA1:&nbsp;6c66db1c636ee90beb4c65fe34abd8ba9396bca6</li><li>SHA256:&nbsp;b008de68bbd85811f4b6e8f0860d0966c6acb4f2e75fabd46ec2094569cbefeb</li></ul></li></ul></div><h4 id="header56" class="subsectionheader white">Identifiers</h4><div id="content56" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/com.zaxxer/HikariCP@3.2.0" target="_blank">pkg:maven/com.zaxxer/HikariCP@3.2.0</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l20_268f0fe4df3eefe052b57c87ec48517d64fb2a10"></a>log4j-api-2.11.1.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>The Apache Log4j API</pre></p><p><b>License:</b><pre class="indent">https://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/log4j-api-2.11.1.jar<br/><b>MD5:</b>&nbsp;fc110208241ce5b48bd07464ecc7e137<br/><b>SHA1:</b>&nbsp;268f0fe4df3eefe052b57c87ec48517d64fb2a10<br/><b>SHA256:</b>493b37b5a6c49c4f5fb609b966375e4dc1783df436587584ca1dc7e861d0742b</p><h4 id="header57" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content57" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>The Apache Software Foundation</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>apache</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.apache.logging.log4j.api</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>apache.logging.log4j</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-url</td><td>https://logging.apache.org/log4j/2.x/log4j-api/</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>log4j-api</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>log4j-api</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.apache.logging.log4j</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>https://www.apache.org/</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Apache Log4j API</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>log4j</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>logging</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>org</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>multi-release</td><td>true</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>The Apache Software Foundation</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.7))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>log4jreleasemanager</td><td>Ralph Goers</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>log4jreleasekey</td><td>B3D8E1BA</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>log4j</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>org.apache.logging.log4j</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>apache</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.apache.logging.log4j.api</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>apache.logging.log4j</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>Apache Log4j API</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-url</td><td>https://logging.apache.org/log4j/2.x/log4j-api/</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>log4j-api</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>Apache Log4j API</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>https://www.apache.org/</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Apache Log4j API</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>logging</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>org</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>multi-release</td><td>true</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>log4j-api</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.7))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>log4jreleasemanager</td><td>Ralph Goers</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>log4jreleasekey</td><td>B3D8E1BA</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>log4j</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>log4j</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>Apache Log4j API</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>org.apache.logging.log4j</td><td>Medium</td></tr><tr><td>Version</td><td>Manifest</td><td>log4jreleaseversion</td><td>2.11.1</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.11.1</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>2.11.1</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>2.11.1</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>2.11.1</td><td>High</td></tr></table></div><h4 id="header58" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content58" class="subsectioncontent standardsubsection hidden"><ul><li>log4j-to-slf4j-2.11.1.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/log4j-to-slf4j-2.11.1.jar</li><li>MD5:&nbsp;381d23cff5d658c836443483325df400</li><li>SHA1:&nbsp;1097acadf76aa4dd721ec5807566003ae9d975de</li><li>SHA256:&nbsp;ade27136788da38fe2b0f2b331c8f2e1a07c4e64dd45bf3d09efc49ecddfecc4</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.11.1" target="_blank">pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.11.1</a></li></ul></li><li>petclinic.war: log4j-to-slf4j-2.11.1.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/log4j-to-slf4j-2.11.1.jar</li><li>MD5:&nbsp;381d23cff5d658c836443483325df400</li><li>SHA1:&nbsp;1097acadf76aa4dd721ec5807566003ae9d975de</li><li>SHA256:&nbsp;ade27136788da38fe2b0f2b331c8f2e1a07c4e64dd45bf3d09efc49ecddfecc4</li></ul></li><li>petclinic.war: log4j-api-2.11.1.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/log4j-api-2.11.1.jar</li><li>MD5:&nbsp;fc110208241ce5b48bd07464ecc7e137</li><li>SHA1:&nbsp;268f0fe4df3eefe052b57c87ec48517d64fb2a10</li><li>SHA256:&nbsp;493b37b5a6c49c4f5fb609b966375e4dc1783df436587584ca1dc7e861d0742b</li></ul></li></ul></div><h4 id="header59" class="subsectionheader white">Identifiers</h4><div id="content59" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.apache.logging.log4j/log4j-api@2.11.1" target="_blank">pkg:maven/org.apache.logging.log4j/log4j-api@2.11.1</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aapache&amp;cpe_product=cpe%3A%2F%3Aapache%3Alog4j&amp;cpe_version=cpe%3A%2F%3Aapache%3Alog4j%3A2.11.1" target="_blank">cpe:2.3:a:apache:log4j:2.11.1:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('log4j-api-2.11.1.jar', '268f0fe4df3eefe052b57c87ec48517d64fb2a10', 'pkg:maven\/org.apache.logging.log4j\/log4j-api@2.11.1', 'cpe', 'cpe:\/a:apache:log4j')">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection"><a name="l21_cc18955ff1e36d5abd39a14bfe82b19154330a34"></a>commons-compress-1.9.jar</h3><div class="subsectioncontent"><p><b>Description:</b><pre>
Apache Commons Compress software defines an API for working with
compression and archive formats.
These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional
Unix Compress, DEFLATE and ar, cpio, jar, tar, zip, dump, 7z, arj.
  </pre></p><p><b>License:</b><pre class="indent"><a href="http://www.apache.org/licenses/LICENSE-2.0.txt">http://www.apache.org/licenses/LICENSE-2.0.txt</a></pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/commons-compress-1.9.jar<br/><b>MD5:</b>&nbsp;6c9ce8534b9e4c17e5dea7a97425245c<br/><b>SHA1:</b>&nbsp;cc18955ff1e36d5abd39a14bfe82b19154330a34<br/><b>SHA256:</b>b8e0a1700023359a2b4d9f04b9287d7b9aa200f4feac1079812337eef2dcb8e2</p><h4 id="header60" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content60" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>commons</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>The Apache Software Foundation</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>commons-compress</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>apache</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>compress</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-build</td><td>trunk@r1629495; 2014-10-06 06:52:07+0200</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://commons.apache.org/proper/commons-compress/</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>commons-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>extension-name</td><td>org.apache.commons.compress</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.apache</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.apache.commons.compress</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>http://commons.apache.org/proper/commons-compress/</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Apache Commons Compress</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>commons-compress</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>The Apache Software Foundation</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>org.apache.commons</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>apache.commons</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>commons</td><td>Highest</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>commons-compress</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>apache</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>Apache Commons Compress</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>compress</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>commons-parent</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>Apache Commons Compress</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://commons.apache.org/proper/commons-compress/</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>Apache Commons Compress</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-build</td><td>trunk@r1629495; 2014-10-06 06:52:07+0200</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>commons-compress</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>extension-name</td><td>org.apache.commons.compress</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.apache.commons.compress</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>http://commons.apache.org/proper/commons-compress/</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Apache Commons Compress</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>org.apache.commons</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>apache.commons</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.9</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>parent-version</td><td>1.9</td><td>Low</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.9</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>1.9</td><td>High</td></tr></table></div><h4 id="header61" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content61" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: commons-compress-1.9.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/commons-compress-1.9.jar</li><li>MD5:&nbsp;6c9ce8534b9e4c17e5dea7a97425245c</li><li>SHA1:&nbsp;cc18955ff1e36d5abd39a14bfe82b19154330a34</li><li>SHA256:&nbsp;b8e0a1700023359a2b4d9f04b9287d7b9aa200f4feac1079812337eef2dcb8e2</li></ul></li></ul></div><h4 id="header62" class="subsectionheader white">Identifiers</h4><div id="content62" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-compress@1.9" target="_blank">pkg:maven/org.apache.commons/commons-compress@1.9</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aapache&amp;cpe_product=cpe%3A%2F%3Aapache%3Acommons-compress&amp;cpe_version=cpe%3A%2F%3Aapache%3Acommons-compress%3A1.9" target="_blank">cpe:2.3:a:apache:commons-compress:1.9:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('commons-compress-1.9.jar', 'cc18955ff1e36d5abd39a14bfe82b19154330a34', 'pkg:maven\/org.apache.commons\/commons-compress@1.9', 'cpe', 'cpe:\/a:apache:commons-compress')">suppress</button></li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aapache&amp;cpe_product=cpe%3A%2F%3Aapache%3Acommons_compress&amp;cpe_version=cpe%3A%2F%3Aapache%3Acommons_compress%3A1.9" target="_blank">cpe:2.3:a:apache:commons_compress:1.9:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('commons-compress-1.9.jar', 'cc18955ff1e36d5abd39a14bfe82b19154330a34', 'pkg:maven\/org.apache.commons\/commons-compress@1.9', 'cpe', 'cpe:\/a:apache:commons_compress')">suppress</button></li></ul></div><h4 id="header63" class="subsectionheader expandable collaspablesubsection white">Published Vulnerabilities</h4><div id="content63" class="subsectioncontent standardsubsection"><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11771">CVE-2018-11771</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('commons-compress-1.9.jar', 'cc18955ff1e36d5abd39a14bfe82b19154330a34', 'pkg:maven\/org.apache.commons\/commons-compress@1.9', 'cve', 'CVE-2018-11771')">suppress</button></p><p><pre>When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.</pre>CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (5.5)</li><li>Vector: /AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/105139">105139</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b8da751fc0ca949534cdf2744111da6bb0349d2798fac94b0a50f330@%3Cannounce.apache.org%3E">[announce] 20180816 [CVE-2018-11771] Apache Commons Compress 1.7 to 1.17 denial of service vulnerability</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f28052d04cb8dbaae39bfd3dc8438e58c2a8be306a3f381f4728d7c1@%3Ccommits.commons.apache.org%3E">[commons-commits] 20190827 [commons-compress] branch master updated: record CVE-2019-12402</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b907e70bc422905d7962fd18f863f746bf7b4e7ed9da25c148580c61@%3Cnotifications.commons.apache.org%3E">[commons-notifications] 20190827 svn commit: r1049290 - in /websites/production/commons/content/proper/commons-compress: changes-report.html security-reports.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b8ef29df0f1d55aa741170748352ae8e425c7b1d286b2f257711a2dd@%3Cdev.creadur.apache.org%3E">[creadur-dev] 20190530 [Discuss] RAT-244 - update to language level 1.7 due to CVE issues in RAT</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E">[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9cdd32af7d73e943452167d15801db39e8130409ebb9efb243b3f41@%3Ccommits.tinkerpop.apache.org%3E">[tinkerpop-commits] 20190923 [GitHub] [tinkerpop] justinchuch opened a new pull request #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/35f60d6d0407c13c39411038ba1aca71d92595ed7041beff4d07f2ee@%3Ccommits.tinkerpop.apache.org%3E">[tinkerpop-commits] 20190923 [GitHub] [tinkerpop] robertdale commented on issue #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/e3eae9e6fc021c4c22dda59a335d21c12eecab480b48115a2f098ef6@%3Ccommits.tinkerpop.apache.org%3E">[tinkerpop-commits] 20190923 [GitHub] [tinkerpop] spmallette commented on issue #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/c7954dc1e8fafd7ca1449f078953b419ebf8936e087f235f3bd024be@%3Ccommits.tinkerpop.apache.org%3E">[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch commented on issue #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/714c6ac1b1b50f8557e7342903ef45f1538a7bc60a0b47d6e48c273d@%3Ccommits.tinkerpop.apache.org%3E">[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] spmallette commented on issue #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/3565494c263dfeb4dcb2a71cb24d09a1ca285cd6ac74edc025a3af8a@%3Ccommits.tinkerpop.apache.org%3E">[tinkerpop-commits] 20190930 [GitHub] [tinkerpop] spmallette merged pull request #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/eeecc1669242b28a3777ae13c68b376b0148d589d3d8170340d61120@%3Cdev.tinkerpop.apache.org%3E">[tinkerpop-dev] 20190924 [GitHub] [tinkerpop] justinchuch commented on issue #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/6c79965066c30d4e330e04d911d3761db41b82c89ae38d9a6b37a6f1@%3Cdev.tinkerpop.apache.org%3E">[tinkerpop-dev] 20190924 [GitHub] [tinkerpop] spmallette commented on issue #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/0adb631517766e793e18a59723e2df08ced41eb9a57478f14781c9f7@%3Cdev.tinkerpop.apache.org%3E">[tinkerpop-dev] 20190930 [GitHub] [tinkerpop] spmallette closed pull request #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/0583dc15-9926-4edb-80df-8ecf11eee145">[CVE-2018-11771]  Resource Management Errors</a></li><li>SECTRACK - <a target="_blank" href="http://www.securitytracker.com/id/1041503">1041503</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs10"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Acommons-compress">cpe:2.3:a:apache:commons-compress:*:*:*:*:*:*:*:* versions from (including) 1.7.0; versions up to (including) 1.17.0</a></li></ul></p></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l22_3dce5dbb3571aa820c677fadd8349bfa8f00c199"></a>dom4j-2.1.1.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>flexible XML framework for Java</pre></p><p><b>License:</b><pre class="indent">BSD 3-clause New License: https://github.com/dom4j/dom4j/blob/master/LICENSE</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/dom4j-2.1.1.jar<br/><b>MD5:</b>&nbsp;f5710c1d5f5627ae5ce850a0b12ea87a<br/><b>SHA1:</b>&nbsp;3dce5dbb3571aa820c677fadd8349bfa8f00c199<br/><b>SHA256:</b>a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128</p><h4 id="header64" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content64" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>dom4j</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>dom4j</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://dom4j.github.io/</td><td>Highest</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>org.dom4j</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>dom4j</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>dom4j</td><td>High</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>dom4j</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://dom4j.github.io/</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>dom4j</td><td>Highest</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>dom4j</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>dom4j</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>dom4j</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>dom4j</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>2.1.1</td><td>High</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>2.1.1</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.1.1</td><td>Highest</td></tr></table></div><h4 id="header65" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content65" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: dom4j-2.1.1.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/dom4j-2.1.1.jar</li><li>MD5:&nbsp;f5710c1d5f5627ae5ce850a0b12ea87a</li><li>SHA1:&nbsp;3dce5dbb3571aa820c677fadd8349bfa8f00c199</li><li>SHA256:&nbsp;a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128</li></ul></li></ul></div><h4 id="header66" class="subsectionheader white">Identifiers</h4><div id="content66" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.dom4j/dom4j@2.1.1" target="_blank">pkg:maven/org.dom4j/dom4j@2.1.1</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Adom4j_project&amp;cpe_product=cpe%3A%2F%3Adom4j_project%3Adom4j&amp;cpe_version=cpe%3A%2F%3Adom4j_project%3Adom4j%3A2.1.1" target="_blank">cpe:2.3:a:dom4j_project:dom4j:2.1.1:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('dom4j-2.1.1.jar', '3dce5dbb3571aa820c677fadd8349bfa8f00c199', 'pkg:maven\/org.dom4j\/dom4j@2.1.1', 'cpe', 'cpe:\/a:dom4j_project:dom4j')">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection"><a name="l23_c3dc40b1b5f24c56afa36fd9a463bb9f378ac4ab"></a>jquery-2.2.4.jar</h3><div class="subsectioncontent"><p><b>Description:</b><pre>WebJar for jQuery</pre></p><p><b>License:</b><pre class="indent">MIT License: https://github.com/jquery/jquery/blob/master/MIT-LICENSE.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jquery-2.2.4.jar<br/><b>MD5:</b>&nbsp;4af65e569248d8a2411f66498d720280<br/><b>SHA1:</b>&nbsp;c3dc40b1b5f24c56afa36fd9a463bb9f378ac4ab<br/><b>SHA256:</b>de28c4da0ea9f16101352dd3582ec8021ee5e2de5f45104ca171876003d54db6</p><h4 id="header67" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content67" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>jquery</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jquery</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>webjars</td><td>Highest</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jquery</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://webjars.org</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jquery</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>jquery</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>webjars</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://webjars.org</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jquery</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>2.2.4</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.2.4</td><td>Highest</td></tr></table></div><h4 id="header68" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content68" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: jquery-2.2.4.jar: jquery.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jquery-2.2.4.jar/META-INF/resources/webjars/jquery/2.2.4/jquery.js</li><li>MD5:&nbsp;888d4551b8db7c41cda28d95e494f998</li><li>SHA1:&nbsp;26e6b63b81813d8ad942c90d369df2673602b812</li><li>SHA256:&nbsp;893e90f6230962e42231635df650f20544ad22affc3ee396df768eaa6bc5a6a2</li></ul></li><li>petclinic.war: jquery-2.2.4.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jquery-2.2.4.jar</li><li>MD5:&nbsp;4af65e569248d8a2411f66498d720280</li><li>SHA1:&nbsp;c3dc40b1b5f24c56afa36fd9a463bb9f378ac4ab</li><li>SHA256:&nbsp;de28c4da0ea9f16101352dd3582ec8021ee5e2de5f45104ca171876003d54db6</li></ul></li><li>petclinic.war: jquery-2.2.4.jar: jquery.min.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jquery-2.2.4.jar/META-INF/resources/webjars/jquery/2.2.4/jquery.min.js</li><li>MD5:&nbsp;c3d3a0b713e6c70640e085f48304ab7e</li><li>SHA1:&nbsp;d32b38755b438acc6057df082bd32fef20f9a594</li><li>SHA256:&nbsp;76fefbf42da309e4a436e343dd305bdf5264f51b7e735da28b365c362b1bcdf3</li></ul></li></ul></div><h4 id="header69" class="subsectionheader white">Identifiers</h4><div id="content69" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:javascript/jquery@2.2.4" target="_blank">pkg:javascript/jquery@2.2.4</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)</li><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.webjars/jquery@2.2.4" target="_blank">pkg:maven/org.webjars/jquery@2.2.4</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div><h4 id="header70" class="subsectionheader expandable collaspablesubsection white">Published Vulnerabilities</h4><div id="content70" class="subsectioncontent standardsubsection"><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9251">CVE-2015-9251</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jquery-2.2.4.jar', 'c3dc40b1b5f24c56afa36fd9a463bb9f378ac4ab', 'pkg:javascript\/jquery@2.2.4', 'cve', 'CVE-2015-9251')">suppress</button></p><p><pre>jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.</pre>CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (6.1)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/105658">105658</a></li><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/May/18">20190509 dotCMS v5.1.1 Vulnerabilities</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html">http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html</a></li><li>CONFIRM - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html">https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html</a></li><li>CONFIRM - <a target="_blank" href="https://www.tenable.com/security/tns-2019-08">https://www.tenable.com/security/tns-2019-08</a></li><li>FULLDISC - <a target="_blank" href="http://seclists.org/fulldisclosure/2019/May/13">20190510 Re: dotCMS v5.1.1 HTML Injection &amp; XSS Vulnerability</a></li><li>FULLDISC - <a target="_blank" href="http://seclists.org/fulldisclosure/2019/May/11">20190510 dotCMS v5.1.1 HTML Injection &amp; XSS Vulnerability</a></li><li>FULLDISC - <a target="_blank" href="http://seclists.org/fulldisclosure/2019/May/10">20190510 dotCMS v5.1.1 Vulnerabilities</a></li><li>MISC - <a target="_blank" href="http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html">http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html</a></li><li>MISC - <a target="_blank" href="http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html">http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html</a></li><li>MISC - <a target="_blank" href="http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html">http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html</a></li><li>MISC - <a target="_blank" href="https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc">https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc</a></li><li>MISC - <a target="_blank" href="https://github.com/jquery/jquery/issues/2432">https://github.com/jquery/jquery/issues/2432</a></li><li>MISC - <a target="_blank" href="https://github.com/jquery/jquery/pull/2588">https://github.com/jquery/jquery/pull/2588</a></li><li>MISC - <a target="_blank" href="https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2">https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2</a></li><li>MISC - <a target="_blank" href="https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04">https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04</a></li><li>MISC - <a target="_blank" href="https://snyk.io/vuln/npm:jquery:20150627">https://snyk.io/vuln/npm:jquery:20150627</a></li><li>MISC - <a target="_blank" href="https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf">https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html">https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html">https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E">[flink-dev] 20190811 Apache flink 1.7.2 security issues</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E">[flink-user] 20190811 Apache flink 1.7.2 security issues</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E">[flink-user] 20190813 Apache flink 1.7.2 security issues</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E">[flink-user] 20190813 Re: Apache flink 1.7.2 security issues</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E">[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0481">RHSA-2020:0481</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0729">RHSA-2020:0729</a></li><li>info - <a target="_blank" href="http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/">http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/</a></li><li>info - <a target="_blank" href="http://research.insecurelabs.org/jquery/test/">http://research.insecurelabs.org/jquery/test/</a></li><li>info - <a target="_blank" href="https://github.com/jquery/jquery/issues/2432">https://github.com/jquery/jquery/issues/2432</a></li><li>info - <a target="_blank" href="https://nvd.nist.gov/vuln/detail/CVE-2015-9251">https://nvd.nist.gov/vuln/detail/CVE-2015-9251</a></li></ul></p><p>Vulnerable Software &amp; Versions (NVD):<ul><li class="vs11">cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7</li><li class="vs11">cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0</li><li class="vs11">cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7</li><li class="vs11">cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0</li><li class="vs11">cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5</li><li class="vs11">cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2</li><li class="vs11">cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12</li><li class="vs11">cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6</li><li class="vs11">cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7</li><li class="vs11">cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7</li><li class="vs11">cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1</li><li class="vs11">cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7</li><li class="vs11">cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4</li><li class="vs11">cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7</li><li class="vs11">cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6</li><li class="vs11">cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*</li><li class="vs11">cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*</li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11358">CVE-2019-11358</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jquery-2.2.4.jar', 'c3dc40b1b5f24c56afa36fd9a463bb9f378ac4ab', 'pkg:javascript\/jquery@2.2.4', 'cve', 'CVE-2019-11358')">suppress</button></p><p><pre>jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.</pre>CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (6.1)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/108023">108023</a></li><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/Apr/32">20190421 [SECURITY] [DSA 4434-1] drupal7 security update</a></li><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/May/18">20190509 dotCMS v5.1.1 Vulnerabilities</a></li><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/Jun/12">20190612 [SECURITY] [DSA 4460-1] mediawiki security update</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190919-0001/">https://security.netapp.com/advisory/ntap-20190919-0001/</a></li><li>CONFIRM - <a target="_blank" href="https://www.synology.com/security/advisory/Synology_SA_19_19">https://www.synology.com/security/advisory/Synology_SA_19_19</a></li><li>CONFIRM - <a target="_blank" href="https://www.tenable.com/security/tns-2019-08">https://www.tenable.com/security/tns-2019-08</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4434">DSA-4434</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4460">DSA-4460</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/">FEDORA-2019-1a3edd7e8a</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/">FEDORA-2019-2a0ce0c58c</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/">FEDORA-2019-7eaf0bbe7c</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/">FEDORA-2019-a06dffab1c</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/">FEDORA-2019-eba8e44ee6</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/">FEDORA-2019-f563e66380</a></li><li>FULLDISC - <a target="_blank" href="http://seclists.org/fulldisclosure/2019/May/13">20190510 Re: dotCMS v5.1.1 HTML Injection &amp; XSS Vulnerability</a></li><li>FULLDISC - <a target="_blank" href="http://seclists.org/fulldisclosure/2019/May/11">20190510 dotCMS v5.1.1 HTML Injection &amp; XSS Vulnerability</a></li><li>FULLDISC - <a target="_blank" href="http://seclists.org/fulldisclosure/2019/May/10">20190510 dotCMS v5.1.1 Vulnerabilities</a></li><li>MISC - <a target="_blank" href="http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html">http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html</a></li><li>MISC - <a target="_blank" href="http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html">http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html</a></li><li>MISC - <a target="_blank" href="http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html">http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html</a></li><li>MISC - <a target="_blank" href="https://backdropcms.org/security/backdrop-sa-core-2019-009">https://backdropcms.org/security/backdrop-sa-core-2019-009</a></li><li>MISC - <a target="_blank" href="https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/">https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/</a></li><li>MISC - <a target="_blank" href="https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b">https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b</a></li><li>MISC - <a target="_blank" href="https://github.com/jquery/jquery/pull/4333">https://github.com/jquery/jquery/pull/4333</a></li><li>MISC - <a target="_blank" href="https://snyk.io/vuln/SNYK-JS-JQUERY-174006">https://snyk.io/vuln/SNYK-JS-JQUERY-174006</a></li><li>MISC - <a target="_blank" href="https://www.drupal.org/sa-core-2019-006">https://www.drupal.org/sa-core-2019-006</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html">https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MISC - <a target="_blank" href="https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/">https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E">[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E">[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E">[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E">[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E">[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html">[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html">[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html">[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2019/06/03/2">[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E">[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHBA-2019:1570">RHBA-2019:1570</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1456">RHSA-2019:1456</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2587">RHSA-2019:2587</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3023">RHSA-2019:3023</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3024">RHSA-2019:3024</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html">openSUSE-SU-2019:1839</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html">openSUSE-SU-2019:1872</a></li><li>info - <a target="_blank" href="https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/">https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/</a></li><li>info - <a target="_blank" href="https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b">https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b</a></li><li>info - <a target="_blank" href="https://nvd.nist.gov/vuln/detail/CVE-2019-11358">https://nvd.nist.gov/vuln/detail/CVE-2019-11358</a></li></ul></p><p>Vulnerable Software &amp; Versions (NVD):<ul><li class="vs12">cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9</li><li class="vs12">cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0</li><li class="vs12">cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6</li><li class="vs12">cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15</li><li class="vs12">cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15</li><li class="vs12">cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66</li></ul></p></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l24_8b9f94b4d7b11217f08ec21204b5ce52ea366166"></a>thymeleaf-extras-java8time-3.0.2.RELEASE.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Modern server-side Java template engine for both web and standalone environments</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/thymeleaf-extras-java8time-3.0.2.RELEASE.jar<br/><b>MD5:</b>&nbsp;207b35ccae061d3856980fa170091c15<br/><b>SHA1:</b>&nbsp;8b9f94b4d7b11217f08ec21204b5ce52ea366166<br/><b>SHA256:</b>154d91a7c996d24dd5f978d429f8222b0dbb50da216ed35c06829527af2c4032</p><h4 id="header71" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content71" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>extras</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>The THYMELEAF team</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>thymeleaf.extras</td><td>Highest</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>thymeleaf-extras-java8time</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>thymeleaf-extras-java8time</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>extras</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>thymeleaf</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.thymeleaf.extras</td><td>Medium</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>org.thymeleaf.extras</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>thymeleaf</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>java8time</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>The THYMELEAF team</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-url</td><td>http://www.thymeleaf.org</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>thymeleaf-extras-java8time</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>The THYMELEAF team</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>thymeleaf-extras-java8time</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://www.thymeleaf.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>java8time</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://www.thymeleaf.org</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>extras</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>The THYMELEAF team</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>thymeleaf.extras</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://www.thymeleaf.org</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>thymeleaf-extras-java8time</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>thymeleaf-extras-java8time</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>thymeleaf-extras-java8time</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>thymeleaf-extras-java8time</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>extras</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>thymeleaf</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>java8time</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://www.thymeleaf.org</td><td>Low</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>thymeleaf-extras-java8time</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>util</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-url</td><td>http://www.thymeleaf.org</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>thymeleaf-extras-java8time</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>java8time</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>thymeleaf-extras-java8time</td><td>Highest</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>3.0.2.RELEASE</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.0.2.RELEASE</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>3.0.2.RELEASE</td><td>High</td></tr></table></div><h4 id="header72" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content72" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: thymeleaf-extras-java8time-3.0.2.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/thymeleaf-extras-java8time-3.0.2.RELEASE.jar</li><li>MD5:&nbsp;207b35ccae061d3856980fa170091c15</li><li>SHA1:&nbsp;8b9f94b4d7b11217f08ec21204b5ce52ea366166</li><li>SHA256:&nbsp;154d91a7c996d24dd5f978d429f8222b0dbb50da216ed35c06829527af2c4032</li></ul></li></ul></div><h4 id="header73" class="subsectionheader white">Identifiers</h4><div id="content73" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.thymeleaf.extras/thymeleaf-extras-java8time@3.0.2.RELEASE" target="_blank">pkg:maven/org.thymeleaf.extras/thymeleaf-extras-java8time@3.0.2.RELEASE</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l25_e006adf5cf3cca2181d16bd640ecb80148ec0fce"></a>javax.transaction-api-1.3.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Project GlassFish Java Transaction API</pre></p><p><b>License:</b><pre class="indent">CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.transaction/blob/master/LICENSE</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/javax.transaction-api-1.3.jar<br/><b>MD5:</b>&nbsp;6e9cb1684621821248b6823143ae26c0<br/><b>SHA1:</b>&nbsp;e006adf5cf3cca2181d16bd640ecb80148ec0fce<br/><b>SHA256:</b>603df5e4fc1eeae8f5e5d363a8be6c1fa47d0df1df8739a05cbcb9fafd6df2da</p><h4 id="header74" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content74" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>javax.transaction-api</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>java.transaction</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>javax</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>Oracle Corporation</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://jta-spec.java.net</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>GlassFish Community</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>net.java</td><td>Medium</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>javax.transaction-api</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>transaction</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>GlassFish Community</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>extension-name</td><td>javax.transaction</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>javax.transaction-api</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>jvnet-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>${extension.name} API</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.glassfish</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>https://glassfish.java.net</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>javax.transaction</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>https://glassfish.java.net</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>javax.transaction-api</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>java.transaction</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>javax</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>jvnet-parent</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>net.java</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>javax.transaction-api</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://jta-spec.java.net</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>transaction</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>extension-name</td><td>javax.transaction</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>https://glassfish.java.net</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>javax.transaction-api</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>${extension.name} API</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>javax.transaction API</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>https://glassfish.java.net</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>GlassFish Community</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>javax.transaction</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.3</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>parent-version</td><td>1.3</td><td>Low</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>1.3</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.3</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>1.3</td><td>High</td></tr></table></div><h4 id="header75" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content75" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: javax.transaction-api-1.3.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/javax.transaction-api-1.3.jar</li><li>MD5:&nbsp;6e9cb1684621821248b6823143ae26c0</li><li>SHA1:&nbsp;e006adf5cf3cca2181d16bd640ecb80148ec0fce</li><li>SHA256:&nbsp;603df5e4fc1eeae8f5e5d363a8be6c1fa47d0df1df8739a05cbcb9fafd6df2da</li></ul></li></ul></div><h4 id="header76" class="subsectionheader white">Identifiers</h4><div id="content76" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/javax.transaction/javax.transaction-api@1.3" target="_blank">pkg:maven/javax.transaction/javax.transaction-api@1.3</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l26_35a3dd576bc3ad5832d0a7d7242b3b140095727b"></a>spring-boot-2.1.1.RELEASE.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Spring Boot</pre></p><p><b>License:</b><pre class="indent">Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-boot-2.1.1.RELEASE.jar<br/><b>MD5:</b>&nbsp;060e35ce75f6a0cf2ead0430eba49f42<br/><b>SHA1:</b>&nbsp;35a3dd576bc3ad5832d0a7d7242b3b140095727b<br/><b>SHA256:</b>8ac4cc87cdaeaa699e0489a246d3352601bbcc8422a98edc80a3a466544b70c8</p><h4 id="header77" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content77" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>boot</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Pivotal Software, Inc.</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>springframework</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Spring Boot</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>spring-boot-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>boot</td><td>Highest</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>spring-boot</td><td>High</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>org.springframework.boot</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>https://spring.io</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>spring-boot</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>spring.boot</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>springframework.boot</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>boot</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Spring Boot</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>boot</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Pivotal Software, Inc.</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>spring-boot</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>Spring Boot</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>org.springframework.boot</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>spring-boot</td><td>Highest</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>spring-boot</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>spring-boot-parent</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>spring.boot</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>springframework.boot</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>https://spring.io</td><td>Low</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>2.1.1.RELEASE</td><td>High</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>2.1.1.RELEASE</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.1.1.RELEASE</td><td>Highest</td></tr></table></div><h4 id="header78" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content78" class="subsectioncontent standardsubsection hidden"><ul><li>spring-boot-starter-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-boot-starter-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;00a21b65a2cb2121431117eec97d6607</li><li>SHA1:&nbsp;71df6742de72887214813ff03ae0b6ec4bbcf899</li><li>SHA256:&nbsp;686888a0bb6e0e10c34b7df1e8699036b606f7249a1bb716f5aac45c930615d4</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot-starter@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot-starter@2.1.1.RELEASE</a></li></ul></li><li>petclinic.war: spring-boot-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-boot-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;060e35ce75f6a0cf2ead0430eba49f42</li><li>SHA1:&nbsp;35a3dd576bc3ad5832d0a7d7242b3b140095727b</li><li>SHA256:&nbsp;8ac4cc87cdaeaa699e0489a246d3352601bbcc8422a98edc80a3a466544b70c8</li></ul></li><li>petclinic.war: spring-boot-autoconfigure-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-boot-autoconfigure-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;3958f1579dab9d028c9431b44529e7ce</li><li>SHA1:&nbsp;b8238b78cefe6d964f996599556af9ac8669a83d</li><li>SHA256:&nbsp;8a120f079e60e9eb0dd4544487805da3f0da00a039457512164914004b86f45e</li></ul></li><li>spring-boot-starter-logging-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-boot-starter-logging-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;0db23cdae35928f7f756b7011d0e661a</li><li>SHA1:&nbsp;f0cba1cfbc46eb02a3af3555e1136ef3890a1bbf</li><li>SHA256:&nbsp;0a00ed99f3f30fc597b1accd66354bfb235778f17c839445aae26ed0c6741ba2</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot-starter-logging@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot-starter-logging@2.1.1.RELEASE</a></li></ul></li><li>petclinic.war: spring-boot-starter-web-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-boot-starter-web-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;db37f50396206d8f3e5e07979b9ae949</li><li>SHA1:&nbsp;fccdac7bbd88561a33868101813d9210bd7a13b9</li><li>SHA256:&nbsp;feb69f7b10eff88f5eeb7fa6c8fcf1e29bbe31805f49ced6a1b484d7bbf63995</li></ul></li><li>spring-boot-starter-actuator-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-boot-starter-actuator-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;d57f453bfa11331b46ee1c8bf9d40ab9</li><li>SHA1:&nbsp;065b5ee49303dc91c140760fa2baa06be5199387</li><li>SHA256:&nbsp;fbf729198b0aac226e4226451a412894798971301256d36d1bee9f80cc1774f3</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.1.1.RELEASE</a></li></ul></li><li>petclinic.war: spring-boot-starter-thymeleaf-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-boot-starter-thymeleaf-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;a0daa7a8d6d70d2180b6155b177950bd</li><li>SHA1:&nbsp;16f0928673f4d5e45b9998a5688db2f93758a963</li><li>SHA256:&nbsp;c62952fb3af1cb0cf50c6d85fe1f4d7648b70ad577d9ffa45704a1840d08a382</li></ul></li><li>petclinic.war: spring-boot-starter-actuator-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-boot-starter-actuator-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;d57f453bfa11331b46ee1c8bf9d40ab9</li><li>SHA1:&nbsp;065b5ee49303dc91c140760fa2baa06be5199387</li><li>SHA256:&nbsp;fbf729198b0aac226e4226451a412894798971301256d36d1bee9f80cc1774f3</li></ul></li><li>spring-boot-starter-data-jpa-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-boot-starter-data-jpa-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;85d0f451994e7659c5aae733abc9ca71</li><li>SHA1:&nbsp;4ebdf1cad10e8596f778850a0fc9e8c6b9fd6dc5</li><li>SHA256:&nbsp;ce291415b8de980c474dde89d263fe9c4681eec7da47dcc3742890b4f957442d</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.1.1.RELEASE</a></li></ul></li><li>petclinic.war: spring-boot-starter-cache-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-boot-starter-cache-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;8de58fc1e3a3029a14bfbd3289d5caa2</li><li>SHA1:&nbsp;3409e912b823d3b3d9829c7064e3f070d5a74842</li><li>SHA256:&nbsp;a2f0dc25b5d88a7320ba9b821a3f7fd08d4525e91f67820b395085da9f8c9105</li></ul></li><li>spring-boot-starter-thymeleaf-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-boot-starter-thymeleaf-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;a0daa7a8d6d70d2180b6155b177950bd</li><li>SHA1:&nbsp;16f0928673f4d5e45b9998a5688db2f93758a963</li><li>SHA256:&nbsp;c62952fb3af1cb0cf50c6d85fe1f4d7648b70ad577d9ffa45704a1840d08a382</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot-starter-thymeleaf@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot-starter-thymeleaf@2.1.1.RELEASE</a></li></ul></li><li>spring-boot-starter-aop-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-boot-starter-aop-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;718e20069a4329a76748237eb6f3d2e5</li><li>SHA1:&nbsp;2a21823a30c590f384041353b0dec09a824446c6</li><li>SHA256:&nbsp;74366bb4eb41da47035f2741b67c2963f9c4eabf9f30d40e17b5deceabb5ed33</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot-starter-aop@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot-starter-aop@2.1.1.RELEASE</a></li></ul></li><li>petclinic.war: spring-boot-actuator-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-boot-actuator-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;942122672aeeb977ee03a06ee9294fda</li><li>SHA1:&nbsp;10fc3b2d5b65bb490c0bf96aa2c016c343cd89ac</li><li>SHA256:&nbsp;1f46eae9e81e3c5677c5e3bd66a6013018ba7d1596d7222e64e87b27c651e60a</li></ul></li><li>spring-boot-actuator-autoconfigure-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-boot-actuator-autoconfigure-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;8b883b8ed0a2530584b616bf066d1acb</li><li>SHA1:&nbsp;b1dee8c53471db2b6af1a55c1d8db32b3811ea0d</li><li>SHA256:&nbsp;ea5930feb4da67d15963cf7ad9037e6c0abdd87df8762bd69263255b312d5e80</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.1.1.RELEASE</a></li></ul></li><li>petclinic.war: spring-boot-starter-aop-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-boot-starter-aop-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;718e20069a4329a76748237eb6f3d2e5</li><li>SHA1:&nbsp;2a21823a30c590f384041353b0dec09a824446c6</li><li>SHA256:&nbsp;74366bb4eb41da47035f2741b67c2963f9c4eabf9f30d40e17b5deceabb5ed33</li></ul></li><li>petclinic.war: spring-boot-starter-logging-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-boot-starter-logging-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;0db23cdae35928f7f756b7011d0e661a</li><li>SHA1:&nbsp;f0cba1cfbc46eb02a3af3555e1136ef3890a1bbf</li><li>SHA256:&nbsp;0a00ed99f3f30fc597b1accd66354bfb235778f17c839445aae26ed0c6741ba2</li></ul></li><li>spring-boot-starter-jdbc-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-boot-starter-jdbc-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;4043b6cf5445bb854b881665d6788cfd</li><li>SHA1:&nbsp;4574a8388a721ed62bb80cd791ef3abcba835fba</li><li>SHA256:&nbsp;f22ce5bbab519ed9c35a51f3b9ce4b21b9bcf13db7a0d24605d5cf1ea311668c</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot-starter-jdbc@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot-starter-jdbc@2.1.1.RELEASE</a></li></ul></li><li>petclinic.war: spring-boot-actuator-autoconfigure-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-boot-actuator-autoconfigure-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;8b883b8ed0a2530584b616bf066d1acb</li><li>SHA1:&nbsp;b1dee8c53471db2b6af1a55c1d8db32b3811ea0d</li><li>SHA256:&nbsp;ea5930feb4da67d15963cf7ad9037e6c0abdd87df8762bd69263255b312d5e80</li></ul></li><li>spring-boot-starter-cache-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-boot-starter-cache-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;8de58fc1e3a3029a14bfbd3289d5caa2</li><li>SHA1:&nbsp;3409e912b823d3b3d9829c7064e3f070d5a74842</li><li>SHA256:&nbsp;a2f0dc25b5d88a7320ba9b821a3f7fd08d4525e91f67820b395085da9f8c9105</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot-starter-cache@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot-starter-cache@2.1.1.RELEASE</a></li></ul></li><li>spring-boot-autoconfigure-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-boot-autoconfigure-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;3958f1579dab9d028c9431b44529e7ce</li><li>SHA1:&nbsp;b8238b78cefe6d964f996599556af9ac8669a83d</li><li>SHA256:&nbsp;8a120f079e60e9eb0dd4544487805da3f0da00a039457512164914004b86f45e</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.1.1.RELEASE</a></li></ul></li><li>spring-boot-actuator-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-boot-actuator-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;942122672aeeb977ee03a06ee9294fda</li><li>SHA1:&nbsp;10fc3b2d5b65bb490c0bf96aa2c016c343cd89ac</li><li>SHA256:&nbsp;1f46eae9e81e3c5677c5e3bd66a6013018ba7d1596d7222e64e87b27c651e60a</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot-actuator@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot-actuator@2.1.1.RELEASE</a></li></ul></li><li>spring-boot-starter-web-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-boot-starter-web-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;db37f50396206d8f3e5e07979b9ae949</li><li>SHA1:&nbsp;fccdac7bbd88561a33868101813d9210bd7a13b9</li><li>SHA256:&nbsp;feb69f7b10eff88f5eeb7fa6c8fcf1e29bbe31805f49ced6a1b484d7bbf63995</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot-starter-web@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot-starter-web@2.1.1.RELEASE</a></li></ul></li><li>petclinic.war: spring-boot-starter-jdbc-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-boot-starter-jdbc-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;4043b6cf5445bb854b881665d6788cfd</li><li>SHA1:&nbsp;4574a8388a721ed62bb80cd791ef3abcba835fba</li><li>SHA256:&nbsp;f22ce5bbab519ed9c35a51f3b9ce4b21b9bcf13db7a0d24605d5cf1ea311668c</li></ul></li><li>spring-boot-starter-json-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-boot-starter-json-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;f681bb8db595fbf6db274680e3431ccf</li><li>SHA1:&nbsp;5fc133c1c1858020dd8df5192eaeea747c8b6e60</li><li>SHA256:&nbsp;4b2a7f44e8e8d7527be768d0ca34242effd3cf0bfeb04cd5ec7571fb867b137e</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot-starter-json@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot-starter-json@2.1.1.RELEASE</a></li></ul></li><li>petclinic.war: spring-boot-starter-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-boot-starter-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;00a21b65a2cb2121431117eec97d6607</li><li>SHA1:&nbsp;71df6742de72887214813ff03ae0b6ec4bbcf899</li><li>SHA256:&nbsp;686888a0bb6e0e10c34b7df1e8699036b606f7249a1bb716f5aac45c930615d4</li></ul></li><li>petclinic.war: spring-boot-starter-json-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-boot-starter-json-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;f681bb8db595fbf6db274680e3431ccf</li><li>SHA1:&nbsp;5fc133c1c1858020dd8df5192eaeea747c8b6e60</li><li>SHA256:&nbsp;4b2a7f44e8e8d7527be768d0ca34242effd3cf0bfeb04cd5ec7571fb867b137e</li></ul></li><li>petclinic.war: spring-boot-starter-data-jpa-2.1.1.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-boot-starter-data-jpa-2.1.1.RELEASE.jar</li><li>MD5:&nbsp;85d0f451994e7659c5aae733abc9ca71</li><li>SHA1:&nbsp;4ebdf1cad10e8596f778850a0fc9e8c6b9fd6dc5</li><li>SHA256:&nbsp;ce291415b8de980c474dde89d263fe9c4681eec7da47dcc3742890b4f957442d</li></ul></li></ul></div><h4 id="header79" class="subsectionheader white">Identifiers</h4><div id="content79" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot@2.1.1.RELEASE</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Apivotal_software&amp;cpe_product=cpe%3A%2F%3Apivotal_software%3Aspring_boot&amp;cpe_version=cpe%3A%2F%3Apivotal_software%3Aspring_boot%3A2.1.1" target="_blank">cpe:2.3:a:pivotal_software:spring_boot:2.1.1:release:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:High)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('spring-boot-2.1.1.RELEASE.jar', '35a3dd576bc3ad5832d0a7d7242b3b140095727b', 'pkg:maven\/org.springframework.boot\/spring-boot@2.1.1.RELEASE', 'cpe', 'cpe:\/a:pivotal_software:spring_boot')">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l27_b95cf0c3dae022898b5f1c652e087c68e89dab6c"></a>spring-data-commons-2.1.3.RELEASE.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/spring-data-commons-2.1.3.RELEASE.jar<br/><b>MD5:</b>&nbsp;400598cf98ee04eecdfbbf876f678aa8<br/><b>SHA1:</b>&nbsp;b95cf0c3dae022898b5f1c652e087c68e89dab6c<br/><b>SHA256:</b>b776b00d817061580c2e39f72a2a24aa0c5a28edab91e80f0786b5c5fddd6063</p><h4 id="header80" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content80" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>spring.data.commons</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Spring Data Core</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>core</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>springframework.data</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>springframework</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>spring-data-commons</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>spring-data-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>data</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>org.springframework.data.build</td><td>Medium</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>spring-data-commons</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>spring.data.commons</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>spring-data-commons</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Spring Data Core</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>core</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>springframework.data</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>springframework</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>spring-data-parent</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>Spring Data Core</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>data</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>org.springframework.data.build</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>spring-data-commons</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.1.3.RELEASE</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>2.1.3.RELEASE</td><td>High</td></tr></table></div><h4 id="header81" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content81" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: spring-data-commons-2.1.3.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/spring-data-commons-2.1.3.RELEASE.jar</li><li>MD5:&nbsp;400598cf98ee04eecdfbbf876f678aa8</li><li>SHA1:&nbsp;b95cf0c3dae022898b5f1c652e087c68e89dab6c</li><li>SHA256:&nbsp;b776b00d817061580c2e39f72a2a24aa0c5a28edab91e80f0786b5c5fddd6063</li></ul></li></ul></div><h4 id="header82" class="subsectionheader white">Identifiers</h4><div id="content82" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.data/spring-data-commons@2.1.3.RELEASE" target="_blank">pkg:maven/org.springframework.data/spring-data-commons@2.1.3.RELEASE</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l28_7b53b64816f5eda1b77f8a2830bdb828f8318a90"></a>prettify.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/site/jacoco/jacoco-resources/prettify.js<br/><b>MD5:</b>&nbsp;ca542347ebfb8350ece6bbc956c219a4<br/><b>SHA1:</b>&nbsp;7b53b64816f5eda1b77f8a2830bdb828f8318a90<br/><b>SHA256:</b>36d605c47018e0360ee889093d97f8976676a48792c8aca09599a04c79ed2cdd</p><h4 id="header83" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content83" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header84" class="subsectionheader white">Identifiers</h4><div id="content84" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l29_85262acf3ca9816f9537ca47d5adeabaead7cb16"></a>javax.activation-api-1.2.0.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>JavaBeans Activation Framework API jar</pre></p><p><b>License:</b><pre class="indent">https://github.com/javaee/activation/blob/master/LICENSE.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/javax.activation-api-1.2.0.jar<br/><b>MD5:</b>&nbsp;5e50e56bcf4a3ef3bc758f69f7643c3b<br/><b>SHA1:</b>&nbsp;85262acf3ca9816f9537ca47d5adeabaead7cb16<br/><b>SHA256:</b>43fdef0b5b6ceb31b0424b208b930c74ab58fac2ceeb7b3f6fd3aeb8b5ca4393</p><h4 id="header85" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content85" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>javax.activation-api</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest (hint)</td><td>specification-vendor</td><td>sun</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>javax</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>Oracle</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>activation</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>originally-created-by</td><td>1.8.0_141 (Oracle Corporation)</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>com.sun.activation</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>all</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>extension-name</td><td>javax.activation</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>JavaBeans Activation Framework API jar</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.oracle.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>javax.activation</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest (hint)</td><td>Implementation-Vendor</td><td>sun</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>java.activation</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>com.sun</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>javax.activation-api</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>Oracle</td><td>High</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>javax.activation-api</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>javax.activation-api</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>all</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>javax</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>JavaBeans Activation Framework API jar</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>activation</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>originally-created-by</td><td>1.8.0_141 (Oracle Corporation)</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>com.sun.activation</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>extension-name</td><td>javax.activation</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>JavaBeans Activation Framework API jar</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.oracle.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>javax.activation</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>javax.activation-api</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>java.activation</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>javax.activation.javax.activation-api</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>javax.activation.javax.activation-api</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>javax.activation-api</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.2.0</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>1.2.0</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.2.0</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>1.2.0</td><td>High</td></tr></table></div><h4 id="header86" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content86" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: javax.activation-api-1.2.0.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/javax.activation-api-1.2.0.jar</li><li>MD5:&nbsp;5e50e56bcf4a3ef3bc758f69f7643c3b</li><li>SHA1:&nbsp;85262acf3ca9816f9537ca47d5adeabaead7cb16</li><li>SHA256:&nbsp;43fdef0b5b6ceb31b0424b208b930c74ab58fac2ceeb7b3f6fd3aeb8b5ca4393</li></ul></li></ul></div><h4 id="header87" class="subsectionheader white">Identifiers</h4><div id="content87" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/javax.activation/javax.activation-api@1.2.0" target="_blank">pkg:maven/javax.activation/javax.activation-api@1.2.0</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l30_965a18fdf939ee75e41f7918532d37b3a8350535"></a>hibernate-commons-annotations-5.0.4.Final.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Common reflection code used in support of annotation processing</pre></p><p><b>License:</b><pre class="indent">GNU Lesser General Public License v2.1 or later: http://www.gnu.org/licenses/lgpl-2.1.html</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/hibernate-commons-annotations-5.0.4.Final.jar<br/><b>MD5:</b>&nbsp;1b78fde0083b0fc394eb1e491df3308c<br/><b>SHA1:</b>&nbsp;965a18fdf939ee75e41f7918532d37b3a8350535<br/><b>SHA256:</b>b509d514d33265c0e8d872a3bf93df9da1c4d8760bdeec274b73c3310976c4f8</p><h4 id="header88" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content88" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>org.hibernate.commons.annotations</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>annotations</td><td>Low</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>org.hibernate.common</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://hibernate.org</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://hibernate.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>Hibernate.org</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>annotations</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>hibernate-commons-annotations</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Hibernate.org</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.hibernate</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>common</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>hibernate</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>common</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.hibernate.common.hibernate-commons-annotations</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-url</td><td>http://hibernate.org</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Hibernate Commons Annotations</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>hibernate</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>hibernate-commons-annotations</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>hibernate.common</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>hibernate-commons-annotations</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>org.hibernate.commons.annotations</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>annotations</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>version</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>hibernate-commons-annotations</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://hibernate.org</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>annotations</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>reflection</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>common</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>hibernate</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>common</td><td>Low</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>hibernate-commons-annotations</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.hibernate.common.hibernate-commons-annotations</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-url</td><td>http://hibernate.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Hibernate Commons Annotations</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>hibernate-commons-annotations</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>hibernate.common</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Hibernate.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://hibernate.org</td><td>Low</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>5.0.4.Final</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>5.0.4.Final</td><td>High</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>5.0.4.Final</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>5.0.4.Final</td><td>Highest</td></tr></table></div><h4 id="header89" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content89" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: hibernate-commons-annotations-5.0.4.Final.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/hibernate-commons-annotations-5.0.4.Final.jar</li><li>MD5:&nbsp;1b78fde0083b0fc394eb1e491df3308c</li><li>SHA1:&nbsp;965a18fdf939ee75e41f7918532d37b3a8350535</li><li>SHA256:&nbsp;b509d514d33265c0e8d872a3bf93df9da1c4d8760bdeec274b73c3310976c4f8</li></ul></li></ul></div><h4 id="header90" class="subsectionheader white">Identifiers</h4><div id="content90" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.4.Final" target="_blank">pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.4.Final</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection"><a name="l31_6cfa91035974bf658079f1e92e9c6f9878af0eb3"></a>jquery-ui-1.11.4.jar</h3><div class="subsectioncontent"><p><b>Description:</b><pre>WebJar for jQuery UI</pre></p><p><b>License:</b><pre class="indent">MIT License: https://github.com/jquery/jquery-ui/blob/master/MIT-LICENSE.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jquery-ui-1.11.4.jar<br/><b>MD5:</b>&nbsp;8137524c07320f6c4863f2dfab9008ea<br/><b>SHA1:</b>&nbsp;6cfa91035974bf658079f1e92e9c6f9878af0eb3<br/><b>SHA256:</b>3c932cfd6ddb3ff3e3a4edfb5180e4d803d875746cf46b9153f3b443572f97a6</p><h4 id="header91" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content91" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jquery-ui</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jquery-ui</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>webjars</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>jQuery UI</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://webjars.org</td><td>Highest</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jquery-ui</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>webjars</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>jQuery UI</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://webjars.org</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jquery-ui</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.11.4</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.11.4</td><td>High</td></tr></table></div><h4 id="header92" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content92" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: jquery-ui-1.11.4.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jquery-ui-1.11.4.jar</li><li>MD5:&nbsp;8137524c07320f6c4863f2dfab9008ea</li><li>SHA1:&nbsp;6cfa91035974bf658079f1e92e9c6f9878af0eb3</li><li>SHA256:&nbsp;3c932cfd6ddb3ff3e3a4edfb5180e4d803d875746cf46b9153f3b443572f97a6</li></ul></li></ul></div><h4 id="header93" class="subsectionheader white">Identifiers</h4><div id="content93" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.webjars/jquery-ui@1.11.4" target="_blank">pkg:maven/org.webjars/jquery-ui@1.11.4</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Ajquery&amp;cpe_product=cpe%3A%2F%3Ajquery%3Ajquery_ui&amp;cpe_version=cpe%3A%2F%3Ajquery%3Ajquery_ui%3A1.11.4" target="_blank">cpe:2.3:a:jquery:jquery_ui:1.11.4:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:High)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('jquery-ui-1.11.4.jar', '6cfa91035974bf658079f1e92e9c6f9878af0eb3', 'pkg:maven\/org.webjars\/jquery-ui@1.11.4', 'cpe', 'cpe:\/a:jquery:jquery_ui')">suppress</button></li></ul></div><h4 id="header94" class="subsectionheader expandable collaspablesubsection white">Published Vulnerabilities</h4><div id="content94" class="subsectioncontent standardsubsection"><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7103">CVE-2016-7103</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jquery-ui-1.11.4.jar', '6cfa91035974bf658079f1e92e9c6f9878af0eb3', 'pkg:maven\/org.webjars\/jquery-ui@1.11.4', 'cve', 'CVE-2016-7103')">suppress</button></p><p><pre>Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.</pre>CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (6.1)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/104823">104823</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html">http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/jquery/api.jqueryui.com/issues/281">https://github.com/jquery/api.jqueryui.com/issues/281</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6">https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6</a></li><li>CONFIRM - <a target="_blank" href="https://jqueryui.com/changelog/1.12.0/">https://jqueryui.com/changelog/1.12.0/</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190416-0007/">https://security.netapp.com/advisory/ntap-20190416-0007/</a></li><li>CONFIRM - <a target="_blank" href="https://www.tenable.com/security/tns-2016-19">https://www.tenable.com/security/tns-2016-19</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/">FEDORA-2019-a96124345a</a></li><li>MISC - <a target="_blank" href="https://nodesecurity.io/advisories/127">https://nodesecurity.io/advisories/127</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html">https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html">https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E">[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E">[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/762dfcfb-790c-4c7e-9ef9-ec6aaf55b963">[CVE-2016-7103]  Improper Neutralization of Input During Web Page Generation (&quot;Cross-site Scripting&quot;)</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2932.html">RHSA-2016:2932</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2933.html">RHSA-2016:2933</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2017-0161.html">RHSA-2017:0161</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs13"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Ajquery%3Ajquery_ui">cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:* versions up to (excluding) 1.12.0</a></li></ul></p></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l32_af4232bf90ecd33c71147d67185dbb1cfe8f33df"></a>hibernate-validator-6.0.13.Final.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Hibernate's Bean Validation (JSR-380) reference implementation.</pre></p><p><b>License:</b><pre class="indent"><a href="http://www.apache.org/licenses/LICENSE-2.0.txt">http://www.apache.org/licenses/LICENSE-2.0.txt</a></pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/hibernate-validator-6.0.13.Final.jar<br/><b>MD5:</b>&nbsp;5aeb763eed9acf9afffa861e541c2e24<br/><b>SHA1:</b>&nbsp;af4232bf90ecd33c71147d67185dbb1cfe8f33df<br/><b>SHA256:</b>62e11d55188d97ea7e044fc6bf24da261e5c6b13ab971b758f8578afbb3de965</p><h4 id="header95" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content95" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.hibernate.validator.hibernate-validator</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-url</td><td>http://hibernate.org/validator/</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>org.hibernate.validator</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>engine</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Hibernate Validator Engine</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>org.hibernate.validator</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>hibernate.validator</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>hibernate-validator-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>hibernate</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>validator</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.hibernate.validator</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>hibernate-validator</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>hibernate-validator</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>org.hibernate.validator</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.hibernate.validator.hibernate-validator</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>Bean Validation</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-url</td><td>http://hibernate.org/validator/</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>org.hibernate.validator</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>engine</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>hibernate-validator-parent</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Hibernate Validator Engine</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>hibernate-validator</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>hibernate.validator</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>hibernate</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>validator</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>hibernate-validator</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>Hibernate Validator Engine</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>hibernate-validator</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>org.hibernate.validator</td><td>Medium</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>6.0.13.Final</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>6.0.13.Final</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>6.0.13.Final</td><td>High</td></tr></table></div><h4 id="header96" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content96" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: hibernate-validator-6.0.13.Final.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/hibernate-validator-6.0.13.Final.jar</li><li>MD5:&nbsp;5aeb763eed9acf9afffa861e541c2e24</li><li>SHA1:&nbsp;af4232bf90ecd33c71147d67185dbb1cfe8f33df</li><li>SHA256:&nbsp;62e11d55188d97ea7e044fc6bf24da261e5c6b13ab971b758f8578afbb3de965</li></ul></li></ul></div><h4 id="header97" class="subsectionheader white">Identifiers</h4><div id="content97" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.hibernate.validator/hibernate-validator@6.0.13.Final" target="_blank">pkg:maven/org.hibernate.validator/hibernate-validator@6.0.13.Final</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Ahibernate&amp;cpe_product=cpe%3A%2F%3Ahibernate%3Ahibernate-validator&amp;cpe_version=cpe%3A%2F%3Ahibernate%3Ahibernate-validator%3A6.0.13" target="_blank">cpe:2.3:a:hibernate:hibernate-validator:6.0.13:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('hibernate-validator-6.0.13.Final.jar', 'af4232bf90ecd33c71147d67185dbb1cfe8f33df', 'pkg:maven\/org.hibernate.validator\/hibernate-validator@6.0.13.Final', 'cpe', 'cpe:\/a:hibernate:hibernate-validator')">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l33_da76ca59f6a57ee3102f8f9bd9cee742973efa8a"></a>slf4j-api-1.7.25.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>The slf4j API</pre></p><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/slf4j-api-1.7.25.jar<br/><b>MD5:</b>&nbsp;caafe376afb7086dcbee79f780394ca3<br/><b>SHA1:</b>&nbsp;da76ca59f6a57ee3102f8f9bd9cee742973efa8a<br/><b>SHA256:</b>18c4a0095d5c1da6b817592e767bb23d29dd2f560ad74df75ff3961dbde25b79</p><h4 id="header98" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content98" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>slf4j-api</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>slf4j</td><td>Highest</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>slf4j-api</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>slf4j.api</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>slf4j-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>J2SE-1.5</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>org.slf4j</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>slf4j</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>SLF4J API Module</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://www.slf4j.org</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>slf4j</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>slf4j-api</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>slf4j-api</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>J2SE-1.5</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>slf4j-api</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>SLF4J API Module</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://www.slf4j.org</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>slf4j.api</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>org.slf4j</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>slf4j</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>slf4j-api</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>slf4j-parent</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.7.25</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.7.25</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>1.7.25</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>1.7.25</td><td>High</td></tr></table></div><h4 id="header99" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content99" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: slf4j-api-1.7.25.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/slf4j-api-1.7.25.jar</li><li>MD5:&nbsp;caafe376afb7086dcbee79f780394ca3</li><li>SHA1:&nbsp;da76ca59f6a57ee3102f8f9bd9cee742973efa8a</li><li>SHA256:&nbsp;18c4a0095d5c1da6b817592e767bb23d29dd2f560ad74df75ff3961dbde25b79</li></ul></li></ul></div><h4 id="header100" class="subsectionheader white">Identifiers</h4><div id="content100" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/slf4j-api@1.7.25" target="_blank">pkg:maven/org.slf4j/slf4j-api@1.7.25</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l34_de7bf0adf13b5e9c4811f95edf18279da193c0c6"></a>thymeleaf-spring5-3.0.11.RELEASE.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Modern server-side Java template engine for both web and standalone environments</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/thymeleaf-spring5-3.0.11.RELEASE.jar<br/><b>MD5:</b>&nbsp;1bdc874e083d38ce3f8dca1e94d4a411<br/><b>SHA1:</b>&nbsp;de7bf0adf13b5e9c4811f95edf18279da193c0c6<br/><b>SHA256:</b>c2effd0f4a27419a83bed98f08aab913d00dfa66255768f11821f48867789d73</p><h4 id="header101" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content101" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>The THYMELEAF team</td><td>High</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>thymeleaf-spring5</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>thymeleaf</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>thymeleaf-spring5</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>thymeleaf.spring5</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>thymeleaf</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>The THYMELEAF team</td><td>Low</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>org.thymeleaf</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-url</td><td>http://www.thymeleaf.org</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>spring5</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>The THYMELEAF team</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://www.thymeleaf.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>thymeleaf</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.thymeleaf</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>spring5</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://www.thymeleaf.org</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>thymeleaf-spring5</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>The THYMELEAF team</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>thymeleaf-spring5</td><td>High</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>thymeleaf-spring5</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://www.thymeleaf.org</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>thymeleaf-spring5</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>thymeleaf.spring5</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>thymeleaf</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>thymeleaf-spring5</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://www.thymeleaf.org</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-url</td><td>http://www.thymeleaf.org</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>spring5</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>thymeleaf</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>thymeleaf-spring5</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>spring5</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>thymeleaf-spring5</td><td>High</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>3.0.11.RELEASE</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>3.0.11.RELEASE</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.0.11.RELEASE</td><td>Highest</td></tr></table></div><h4 id="header102" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content102" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: thymeleaf-spring5-3.0.11.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/thymeleaf-spring5-3.0.11.RELEASE.jar</li><li>MD5:&nbsp;1bdc874e083d38ce3f8dca1e94d4a411</li><li>SHA1:&nbsp;de7bf0adf13b5e9c4811f95edf18279da193c0c6</li><li>SHA256:&nbsp;c2effd0f4a27419a83bed98f08aab913d00dfa66255768f11821f48867789d73</li></ul></li></ul></div><h4 id="header103" class="subsectionheader white">Identifiers</h4><div id="content103" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.thymeleaf/thymeleaf-spring5@3.0.11.RELEASE" target="_blank">pkg:maven/org.thymeleaf/thymeleaf-spring5@3.0.11.RELEASE</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l35_864344400c3d4d92dfeb0a305dc87d953677c03c"></a>logback-core-1.2.3.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>logback-core module</pre></p><p><b>License:</b><pre class="indent"><a href="http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html">http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html</a></pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/logback-core-1.2.3.jar<br/><b>MD5:</b>&nbsp;841fc80c6edff60d947a3872a2db4d45<br/><b>SHA1:</b>&nbsp;864344400c3d4d92dfeb0a305dc87d953677c03c<br/><b>SHA256:</b>5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22</p><h4 id="header104" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content104" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>logback-core</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>core</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>JavaSE-1.6</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Logback Core Module</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>qos</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>logback-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>logback</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>ch.qos.logback.core</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>logback-core</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>ch</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>ch.qos.logback</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.qos.ch</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>originally-created-by</td><td>Apache Maven Bundle Plugin</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>logback-parent</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>logback-core</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>core</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>Logback Core Module</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-requiredexecutionenvironment</td><td>JavaSE-1.6</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Logback Core Module</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>qos</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>logback</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>ch.qos.logback.core</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>ch</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>ch.qos.logback</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>logback-core</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.qos.ch</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>originally-created-by</td><td>Apache Maven Bundle Plugin</td><td>Low</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.2.3</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.2.3</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>1.2.3</td><td>High</td></tr></table></div><h4 id="header105" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content105" class="subsectioncontent standardsubsection hidden"><ul><li>logback-classic-1.2.3.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/logback-classic-1.2.3.jar</li><li>MD5:&nbsp;64f7a68f931aed8e5ad8243470440f0b</li><li>SHA1:&nbsp;7c4f3c474fb2c041d8028740440937705ebb473a</li><li>SHA256:&nbsp;fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback/logback-classic@1.2.3" target="_blank">pkg:maven/ch.qos.logback/logback-classic@1.2.3</a></li></ul></li><li>petclinic.war: logback-core-1.2.3.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/logback-core-1.2.3.jar</li><li>MD5:&nbsp;841fc80c6edff60d947a3872a2db4d45</li><li>SHA1:&nbsp;864344400c3d4d92dfeb0a305dc87d953677c03c</li><li>SHA256:&nbsp;5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22</li></ul></li><li>petclinic.war: logback-classic-1.2.3.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/logback-classic-1.2.3.jar</li><li>MD5:&nbsp;64f7a68f931aed8e5ad8243470440f0b</li><li>SHA1:&nbsp;7c4f3c474fb2c041d8028740440937705ebb473a</li><li>SHA256:&nbsp;fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0</li></ul></li></ul></div><h4 id="header106" class="subsectionheader white">Identifiers</h4><div id="content106" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback/logback-core@1.2.3" target="_blank">pkg:maven/ch.qos.logback/logback-core@1.2.3</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Alogback&amp;cpe_product=cpe%3A%2F%3Alogback%3Alogback&amp;cpe_version=cpe%3A%2F%3Alogback%3Alogback%3A1.2.3" target="_blank">cpe:2.3:a:logback:logback:1.2.3:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('logback-core-1.2.3.jar', '864344400c3d4d92dfeb0a305dc87d953677c03c', 'pkg:maven\/ch.qos.logback\/logback-core@1.2.3', 'cpe', 'cpe:\/a:logback:logback')">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l36_87e90bbd44accfb331783ac30dac2d166c41ba6d"></a>webjars-locator-core-0.35.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>WebJar Locator Core functionality</pre></p><p><b>License:</b><pre class="indent">MIT: https://github.com/webjars/webjars-locator-core/blob/master/LICENSE.md</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/webjars-locator-core-0.35.jar<br/><b>MD5:</b>&nbsp;138ac8f027ad83339ae87d2beb91ac2a<br/><b>SHA1:</b>&nbsp;87e90bbd44accfb331783ac30dac2d166c41ba6d<br/><b>SHA256:</b>6c189b2be77637fc5ac1eaf1101ade6cbafa5c692f8c2e013c6d9060459258ea</p><h4 id="header107" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content107" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>webjars-locator-core</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>webjars-locator-core</td><td>High</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>webjars-locator-core</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>webjars</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>webjars</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>webjars</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://webjars.org</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>webjars-locator-core</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>webjars-locator-core</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>webjars</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>webjars</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://webjars.org</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>webjars-locator-core</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>0.35</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>0.35</td><td>High</td></tr></table></div><h4 id="header108" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content108" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: webjars-locator-core-0.35.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/webjars-locator-core-0.35.jar</li><li>MD5:&nbsp;138ac8f027ad83339ae87d2beb91ac2a</li><li>SHA1:&nbsp;87e90bbd44accfb331783ac30dac2d166c41ba6d</li><li>SHA256:&nbsp;6c189b2be77637fc5ac1eaf1101ade6cbafa5c692f8c2e013c6d9060459258ea</li></ul></li></ul></div><h4 id="header109" class="subsectionheader white">Identifiers</h4><div id="content109" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.webjars/webjars-locator-core@0.35" target="_blank">pkg:maven/org.webjars/webjars-locator-core@0.35</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l37_4b7f0e0dc527fab032e9800ed231080fdc3ac015"></a>jackson-core-2.9.7.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Core Jackson processing abstractions (aka Streaming API), implementation for JSON</pre></p><p><b>License:</b><pre class="indent"><a href="http://www.apache.org/licenses/LICENSE-2.0.txt">http://www.apache.org/licenses/LICENSE-2.0.txt</a></pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jackson-core-2.9.7.jar<br/><b>MD5:</b>&nbsp;ae90e61fef491afefbc9c225b6497753<br/><b>SHA1:</b>&nbsp;4b7f0e0dc527fab032e9800ed231080fdc3ac015<br/><b>SHA256:</b>9e5bc0efabd9f0cac5c1fdd9ae35b16332ed22a0ee19a356de370a18a8cb6c84</p><h4 id="header110" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content110" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>com.fasterxml.jackson.core.jackson-core</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>core</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>json</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jackson</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jackson-core</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>base</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>com.fasterxml.jackson</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Jackson-core</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>fasterxml.jackson.core</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>FasterXML/jackson-core</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>FasterXML</td><td>High</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jackson-core</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>com.fasterxml.jackson.core</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>fasterxml</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>jackson-base</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>https://github.com/FasterXML/jackson-core</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-build-date</td><td>2018-09-19 02:41:39+0000</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>com.fasterxml.jackson.core</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>FasterXML</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>Jackson-core</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>com.fasterxml.jackson.core.jackson-core</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>core</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>version</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>FasterXML/jackson-core</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>json</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>jackson</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>base</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>com.fasterxml.jackson</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Jackson-core</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>fasterxml.jackson.core</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>Jackson-core</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>Jackson-core</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jackson-core</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>com.fasterxml.jackson.core</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>fasterxml</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>jackson-base</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>https://github.com/FasterXML/jackson-core</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-build-date</td><td>2018-09-19 02:41:39+0000</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>filter</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jackson-core</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>2.9.7</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>2.9.7</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.9.7</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>2.9.7</td><td>High</td></tr></table></div><h4 id="header111" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content111" class="subsectioncontent standardsubsection hidden"><ul><li>jackson-datatype-jsr310-2.9.7.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jackson-datatype-jsr310-2.9.7.jar</li><li>MD5:&nbsp;54458f8367bd111103c7cd0fdc34aed3</li><li>SHA1:&nbsp;cbd919f1ce67533e07b98dd493247e8dbabc26b2</li><li>SHA256:&nbsp;231ca383e0f71d5e372ad0aa5165e1a9767a0ce28ec3e6f5992b2b394aa3abd4</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.7" target="_blank">pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.7</a></li></ul></li><li>petclinic.war: jackson-module-parameter-names-2.9.7.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jackson-module-parameter-names-2.9.7.jar</li><li>MD5:&nbsp;d53815c464671eb7b6d537f0499da619</li><li>SHA1:&nbsp;f2bdd7696beffa2dbc5dc62cd24c3906a40ffcff</li><li>SHA256:&nbsp;3e2e224238d923b5396599a6ce753a74cebf69b17c0af1f0448a59f8a03c4bc2</li></ul></li><li>petclinic.war: jackson-core-2.9.7.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jackson-core-2.9.7.jar</li><li>MD5:&nbsp;ae90e61fef491afefbc9c225b6497753</li><li>SHA1:&nbsp;4b7f0e0dc527fab032e9800ed231080fdc3ac015</li><li>SHA256:&nbsp;9e5bc0efabd9f0cac5c1fdd9ae35b16332ed22a0ee19a356de370a18a8cb6c84</li></ul></li><li>petclinic.war: jackson-datatype-jsr310-2.9.7.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jackson-datatype-jsr310-2.9.7.jar</li><li>MD5:&nbsp;54458f8367bd111103c7cd0fdc34aed3</li><li>SHA1:&nbsp;cbd919f1ce67533e07b98dd493247e8dbabc26b2</li><li>SHA256:&nbsp;231ca383e0f71d5e372ad0aa5165e1a9767a0ce28ec3e6f5992b2b394aa3abd4</li></ul></li><li>jackson-module-parameter-names-2.9.7.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jackson-module-parameter-names-2.9.7.jar</li><li>MD5:&nbsp;d53815c464671eb7b6d537f0499da619</li><li>SHA1:&nbsp;f2bdd7696beffa2dbc5dc62cd24c3906a40ffcff</li><li>SHA256:&nbsp;3e2e224238d923b5396599a6ce753a74cebf69b17c0af1f0448a59f8a03c4bc2</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.7" target="_blank">pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.7</a></li></ul></li><li>petclinic.war: jackson-datatype-jdk8-2.9.7.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jackson-datatype-jdk8-2.9.7.jar</li><li>MD5:&nbsp;63744a203cc4dbb97ecd4bb66e911255</li><li>SHA1:&nbsp;98d8f190db07f97c64c0ea3af5792f718a6c2cc1</li><li>SHA256:&nbsp;ec67a3d5e6abc7c7c611dd02ad270bbac0ca9a98b32c6cc821fb011a5863b99e</li></ul></li><li>jackson-datatype-jdk8-2.9.7.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jackson-datatype-jdk8-2.9.7.jar</li><li>MD5:&nbsp;63744a203cc4dbb97ecd4bb66e911255</li><li>SHA1:&nbsp;98d8f190db07f97c64c0ea3af5792f718a6c2cc1</li><li>SHA256:&nbsp;ec67a3d5e6abc7c7c611dd02ad270bbac0ca9a98b32c6cc821fb011a5863b99e</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.7" target="_blank">pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.7</a></li></ul></li></ul></div><h4 id="header112" class="subsectionheader white">Identifiers</h4><div id="content112" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.7" target="_blank">pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.7</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Afasterxml&amp;cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson&amp;cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson%3A2.9.7" target="_blank">cpe:2.3:a:fasterxml:jackson:2.9.7:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('jackson-core-2.9.7.jar', '4b7f0e0dc527fab032e9800ed231080fdc3ac015', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-core@2.9.7', 'cpe', 'cpe:\/a:fasterxml:jackson')">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l38_7b90360afb2b860e09e8347112800d12c12b2a13"></a>unbescape-1.1.6.RELEASE.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Advanced yet easy-to-use escape/unescape library for Java</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/unbescape-1.1.6.RELEASE.jar<br/><b>MD5:</b>&nbsp;d95ed94e1624e307a1958ee105ccbf39<br/><b>SHA1:</b>&nbsp;7b90360afb2b860e09e8347112800d12c12b2a13<br/><b>SHA256:</b>597cf87d5b1a4f385b9d1cec974b7b483abb3ee85fc5b3f8b62af8e4bec95c2c</p><h4 id="header113" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content113" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-url</td><td>http://www.unbescape.org</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>unbescape</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>The UNBESCAPE team</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>unbescape</td><td>Highest</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>org.unbescape</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>unbescape</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>unbescape</td><td>Medium</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>unbescape</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.unbescape</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>unbescape</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>The UNBESCAPE team</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>The UNBESCAPE team</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://www.unbescape.org</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.unbescape</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://www.unbescape.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.unbescape.org</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>unbescape</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>unbescape</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-url</td><td>http://www.unbescape.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://www.unbescape.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>unbescape</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>unbescape</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>unbescape</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>unbescape</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>unbescape</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>java</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>unbescape</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>unbescape</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>unbescape</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>The UNBESCAPE team</td><td>Low</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>unbescape</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://www.unbescape.org</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.unbescape</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.unbescape.org</td><td>Low</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.1.6.RELEASE</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>1.1.6.RELEASE</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>1.1.6.RELEASE</td><td>High</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>1.1.6.RELEASE</td><td>Highest</td></tr></table></div><h4 id="header114" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content114" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: unbescape-1.1.6.RELEASE.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/unbescape-1.1.6.RELEASE.jar</li><li>MD5:&nbsp;d95ed94e1624e307a1958ee105ccbf39</li><li>SHA1:&nbsp;7b90360afb2b860e09e8347112800d12c12b2a13</li><li>SHA256:&nbsp;597cf87d5b1a4f385b9d1cec974b7b483abb3ee85fc5b3f8b62af8e4bec95c2c</li></ul></li></ul></div><h4 id="header115" class="subsectionheader white">Identifiers</h4><div id="content115" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.unbescape/unbescape@1.1.6.RELEASE" target="_blank">pkg:maven/org.unbescape/unbescape@1.1.6.RELEASE</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l39_e4631ce165eb400edecfa32e03d3f1be53dee754"></a>HdrHistogram-2.1.9.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>
        HdrHistogram supports the recording and analyzing sampled data value
        counts across a configurable integer value range with configurable value
        precision within the range. Value precision is expressed as the number of
        significant digits in the value recording, and provides control over value
        quantization behavior across the value range and the subsequent value
        resolution at any given level.
    </pre></p><p><b>License:</b><pre class="indent">Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/HdrHistogram-2.1.9.jar<br/><b>MD5:</b>&nbsp;ee302e5e7489719991aa0ca2dd67febd<br/><b>SHA1:</b>&nbsp;e4631ce165eb400edecfa32e03d3f1be53dee754<br/><b>SHA256:</b>95d40913be28dfd439cefea9170c40898ea84f11f25e6ff8de50339b8a7b5e3e</p><h4 id="header116" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content116" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>hdrhistogram</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://hdrhistogram.github.io/HdrHistogram/</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>hdrhistogram</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>HdrHistogram</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>HdrHistogram</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.hdrhistogram.HdrHistogram</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.hdrhistogram</td><td>Medium</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>HdrHistogram</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>version</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>hdrhistogram</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://hdrhistogram.github.io/HdrHistogram/</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>HdrHistogram</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>HdrHistogram</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>HdrHistogram</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>hdrhistogram</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>HdrHistogram</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>HdrHistogram</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.hdrhistogram.HdrHistogram</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>HdrHistogram</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>2.1.9</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>2.1.9</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.1.9</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>2.1.9</td><td>High</td></tr></table></div><h4 id="header117" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content117" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: HdrHistogram-2.1.9.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/HdrHistogram-2.1.9.jar</li><li>MD5:&nbsp;ee302e5e7489719991aa0ca2dd67febd</li><li>SHA1:&nbsp;e4631ce165eb400edecfa32e03d3f1be53dee754</li><li>SHA256:&nbsp;95d40913be28dfd439cefea9170c40898ea84f11f25e6ff8de50339b8a7b5e3e</li></ul></li></ul></div><h4 id="header118" class="subsectionheader white">Identifiers</h4><div id="content118" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.hdrhistogram/HdrHistogram@2.1.9" target="_blank">pkg:maven/org.hdrhistogram/HdrHistogram@2.1.9</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l40_8531ad5ac454cc2deb9d4d32c40c4d7451939b5d"></a>jaxb-api-2.3.1.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>JAXB (JSR 222) API</pre></p><p><b>License:</b><pre class="indent">https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jaxb-api-2.3.1.jar<br/><b>MD5:</b>&nbsp;bcf270d320f645ad19f5edb60091e87f<br/><b>SHA1:</b>&nbsp;8531ad5ac454cc2deb9d4d32c40c4d7451939b5d<br/><b>SHA256:</b>88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06</p><h4 id="header119" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content119" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>Oracle Corporation</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>javax</td><td>Highest</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jaxb-api</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jaxb-api</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-build-id</td><td>UNKNOWN-7de2ca118a0cfc4a373872915aef59148dff5f93, 2018-09-12T06:28:43-0700</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>xml</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>Oracle Corporation</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>jaxb-api</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>bind</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.oracle.com/</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>jaxb-api-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>multi-release</td><td>true</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version&gt;=1.8))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.glassfish</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>extension-name</td><td>javax.xml.bind</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jaxb</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>javax.xml.bind</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jaxb-api</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>javax</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>jaxb-api</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>jaxb-api-parent</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jaxb-api</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-build-id</td><td>UNKNOWN-7de2ca118a0cfc4a373872915aef59148dff5f93, 2018-09-12T06:28:43-0700</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>xml</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>jaxb-api</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>bind</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.oracle.com/</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>multi-release</td><td>true</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version&gt;=1.8))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>extension-name</td><td>javax.xml.bind</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>jaxb-api</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>jaxb</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>javax.xml.bind</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>2.3.1</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.3.1</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>2.3.1</td><td>High</td></tr></table></div><h4 id="header120" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content120" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: jaxb-api-2.3.1.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jaxb-api-2.3.1.jar</li><li>MD5:&nbsp;bcf270d320f645ad19f5edb60091e87f</li><li>SHA1:&nbsp;8531ad5ac454cc2deb9d4d32c40c4d7451939b5d</li><li>SHA256:&nbsp;88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06</li></ul></li></ul></div><h4 id="header121" class="subsectionheader white">Identifiers</h4><div id="content121" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/javax.xml.bind/jaxb-api@2.3.1" target="_blank">pkg:maven/javax.xml.bind/jaxb-api@2.3.1</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l41_d2502817521477faf0712c49a6ee2a5388787fc7"></a>aspectjweaver-1.9.2.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>The AspectJ weaver introduces advices to java classes</pre></p><p><b>License:</b><pre class="indent">Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/aspectjweaver-1.9.2.jar<br/><b>MD5:</b>&nbsp;04981b83d23c4f69d4b63ade89faa693<br/><b>SHA1:</b>&nbsp;d2502817521477faf0712c49a6ee2a5388787fc7<br/><b>SHA256:</b>b98ad94989052b195150edf1f85db2ee10f33e140d416f19f03c9746da16b691</p><h4 id="header122" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content122" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>aspectjweaver</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>name</td><td>org/aspectj/weaver/</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>aspectj.org</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>AspectJ weaver</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>org.aspectj.weaver</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>aspectj</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>aspectj</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>weaver</td><td>Low</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>org.aspectj</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>org</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>aspectj</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>weaver</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>aspectj.org</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>can-redefine-classes</td><td>true</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>aspectjweaver</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://www.aspectj.org</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>org.aspectj.weaver</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>name</td><td>org/aspectj/weaver/</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>aspectjweaver</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>AspectJ weaver</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>org.aspectj.weaver</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>aspectj</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>weaver</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>org</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>aspectj</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>weaver</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>AspectJ Weaver Classes</td><td>Medium</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>aspectjweaver</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>can-redefine-classes</td><td>true</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://www.aspectj.org</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>aspectjweaver</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.9.2</td><td>High</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>1.9.2</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>1.9.2</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.9.2</td><td>Highest</td></tr></table></div><h4 id="header123" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content123" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: aspectjweaver-1.9.2.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/aspectjweaver-1.9.2.jar</li><li>MD5:&nbsp;04981b83d23c4f69d4b63ade89faa693</li><li>SHA1:&nbsp;d2502817521477faf0712c49a6ee2a5388787fc7</li><li>SHA256:&nbsp;b98ad94989052b195150edf1f85db2ee10f33e140d416f19f03c9746da16b691</li></ul></li></ul></div><h4 id="header124" class="subsectionheader white">Identifiers</h4><div id="content124" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.aspectj/aspectjweaver@1.9.2" target="_blank">pkg:maven/org.aspectj/aspectjweaver@1.9.2</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l42_7060f67764565b9ee9d467e3ed0cb8a9c601b23a"></a>jandex-2.0.5.Final.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Parent POM for JBoss projects. Provides default project build configuration.</pre></p><p><b>License:</b><pre class="indent">Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jandex-2.0.5.Final.jar<br/><b>MD5:</b>&nbsp;8faa3033123cfc8470107d2ae4ebe76d<br/><b>SHA1:</b>&nbsp;7060f67764565b9ee9d467e3ed0cb8a9c601b23a<br/><b>SHA256:</b>9112a9c33175b8c64b999ecf47b649fdf1cd6fa8262d0677895e976ed2891f0b</p><h4 id="header125" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content125" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>java-vendor</td><td>Oracle Corporation</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jandex</td><td>Highest</td></tr><tr><td>Vendor</td><td>hint analyzer</td><td>vendor</td><td>redhat</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>build-timestamp</td><td>Wed, 7 Mar 2018 12:02:16 +1100</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>JBoss by Red Hat</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jandex</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>os-arch</td><td>x86_64</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.jboss</td><td>Medium</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jandex</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-url</td><td>http://www.jboss.org/jandex</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>jboss</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Java Annotation Indexer</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>os-name</td><td>Mac OS X</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>jboss-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.jboss.jandex</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>org.jboss</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jboss</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>indexer</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.jboss.org</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>JBoss by Red Hat</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>jandex</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>Java Annotation Indexer</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jandex</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>jboss-parent</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>build-timestamp</td><td>Wed, 7 Mar 2018 12:02:16 +1100</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>os-arch</td><td>x86_64</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jandex</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-url</td><td>http://www.jboss.org/jandex</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>jboss</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Java Annotation Indexer</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>os-name</td><td>Mac OS X</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.jboss.jandex</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>Java Annotation Indexer</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>org.jboss</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>jboss</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>indexer</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>Java Annotation Indexer</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.jboss.org</td><td>Low</td></tr><tr><td>Version</td><td>pom</td><td>parent-version</td><td>2.0.5.Final</td><td>Low</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>2.0.5.Final</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.0.5.Final</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>2.0.5.Final</td><td>High</td></tr></table></div><h4 id="header126" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content126" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: jandex-2.0.5.Final.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jandex-2.0.5.Final.jar</li><li>MD5:&nbsp;8faa3033123cfc8470107d2ae4ebe76d</li><li>SHA1:&nbsp;7060f67764565b9ee9d467e3ed0cb8a9c601b23a</li><li>SHA256:&nbsp;9112a9c33175b8c64b999ecf47b649fdf1cd6fa8262d0677895e976ed2891f0b</li></ul></li></ul></div><h4 id="header127" class="subsectionheader white">Identifiers</h4><div id="content127" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.jboss/jandex@2.0.5.Final" target="_blank">pkg:maven/org.jboss/jandex@2.0.5.Final</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l43_5f8063266f548b710ce06a090586a625f3d682b9"></a>micrometer-core-1.1.1.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Application monitoring instrumentation facade</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/micrometer-core-1.1.1.jar<br/><b>MD5:</b>&nbsp;ebbcb12672c10a146579f1833ed32fa8<br/><b>SHA1:</b>&nbsp;5f8063266f548b710ce06a090586a625f3d682b9<br/><b>SHA256:</b>8411499768b0965aae8752133c2a2933382be732848da4e5dd4099cca01ff186</p><h4 id="header128" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content128" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>built-status</td><td>integration</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>micrometer-core</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>micrometer-core</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>built-os</td><td>Mac OS X</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>module-origin</td><td>micrometer-metrics/micrometer.git</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>build-number</td><td>LOCAL</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>core</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>build-job</td><td>LOCAL</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>module-source</td><td>/micrometer-core</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>io</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>module-owner</td><td>jschneider@pivotal.io</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>branch</td><td>1.1.x</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>io.micrometer</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>build-date</td><td>2018-11-29_15:56:39</td><td>Low</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>io.micrometer</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>change</td><td>affa3ac</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>micrometer</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>micrometer-core</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>build-host</td><td>Jons-MBP-3</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>micrometer-metrics/micrometer</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>module-email</td><td>jschneider@pivotal.io</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>core</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>build-number</td><td>LOCAL</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>module-source</td><td>/micrometer-core</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>micrometer-metrics/micrometer</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>io.micrometer#micrometer-core;1.1.1</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>instrument</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>micrometer</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>micrometer-core</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>module-email</td><td>jschneider@pivotal.io</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>micrometer-core</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>built-status</td><td>integration</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>micrometer-core</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>built-os</td><td>Mac OS X</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>module-origin</td><td>micrometer-metrics/micrometer.git</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>core</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>build-job</td><td>LOCAL</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>micrometer</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>module-owner</td><td>jschneider@pivotal.io</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>io</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>branch</td><td>1.1.x</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>io.micrometer</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>build-date</td><td>2018-11-29_15:56:39</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>change</td><td>affa3ac</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>build-host</td><td>Jons-MBP-3</td><td>Low</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>micrometer-core</td><td>Highest</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>1.1.1</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.1.1</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.1.1</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>1.1.1</td><td>High</td></tr></table></div><h4 id="header129" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content129" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: micrometer-core-1.1.1.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/micrometer-core-1.1.1.jar</li><li>MD5:&nbsp;ebbcb12672c10a146579f1833ed32fa8</li><li>SHA1:&nbsp;5f8063266f548b710ce06a090586a625f3d682b9</li><li>SHA256:&nbsp;8411499768b0965aae8752133c2a2933382be732848da4e5dd4099cca01ff186</li></ul></li></ul></div><h4 id="header130" class="subsectionheader white">Identifiers</h4><div id="content130" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/io.micrometer/micrometer-core@1.1.1" target="_blank">pkg:maven/io.micrometer/micrometer-core@1.1.1</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l44_291658ac2ce2476256c7115943652c0accb5c857"></a>classmate-1.4.0.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Library for introspecting types with full generic information
        including resolving of field and method types.
    </pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/classmate-1.4.0.jar<br/><b>MD5:</b>&nbsp;85716d3adddffaaacb5e316be6681bf0<br/><b>SHA1:</b>&nbsp;291658ac2ce2476256c7115943652c0accb5c857<br/><b>SHA256:</b>2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803</p><h4 id="header131" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content131" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>com.fasterxml.classmate</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>com.fasterxml</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>fasterxml.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://github.com/FasterXML/java-classmate</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>oss-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>types</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>classmate</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>fasterxml.com</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>ClassMate</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>fasterxml.com</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>classmate</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://fasterxml.com</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>fasterxml</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>com.fasterxml</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-build-date</td><td>2018-03-28 01:35:30+0000</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>classmate</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>com.fasterxml.classmate</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>http://github.com/FasterXML/java-classmate</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>fasterxml</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>com.fasterxml.classmate</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>types</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>ClassMate</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>ClassMate</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>classmate</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>classmate</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>fasterxml</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>com.fasterxml</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-build-date</td><td>2018-03-28 01:35:30+0000</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>classmate</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>com.fasterxml.classmate</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>http://github.com/FasterXML/java-classmate</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>oss-parent</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>filter</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://github.com/FasterXML/java-classmate</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>ClassMate</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>fasterxml</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://fasterxml.com</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>ClassMate</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>fasterxml.com</td><td>Low</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.4.0</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>parent-version</td><td>1.4.0</td><td>Low</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.4.0</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>1.4.0</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>1.4.0</td><td>High</td></tr></table></div><h4 id="header132" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content132" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: classmate-1.4.0.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/classmate-1.4.0.jar</li><li>MD5:&nbsp;85716d3adddffaaacb5e316be6681bf0</li><li>SHA1:&nbsp;291658ac2ce2476256c7115943652c0accb5c857</li><li>SHA256:&nbsp;2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803</li></ul></li></ul></div><h4 id="header133" class="subsectionheader white">Identifiers</h4><div id="content133" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml/classmate@1.4.0" target="_blank">pkg:maven/com.fasterxml/classmate@1.4.0</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection"><a name="l45_28015319e44ff50a8fee655e725fefc4990abeb1"></a>mysql-connector-java-8.0.13.jar</h3><div class="subsectioncontent"><p><b>Description:</b><pre>JDBC Type 4 driver for MySQL</pre></p><p><b>License:</b><pre class="indent">The GNU General Public License, v2 with FOSS exception</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/mysql-connector-java-8.0.13.jar<br/><b>MD5:</b>&nbsp;00d209d2b845dc8821daea70f71ee00b<br/><b>SHA1:</b>&nbsp;28015319e44ff50a8fee655e725fefc4990abeb1<br/><b>SHA256:</b>e8325549df60b514995bd001aa69a88bd64e271f37e4d4e7c2a6caa951522342</p><h4 id="header134" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content134" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>com.mysql.cj</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>Oracle Corporation</td><td>Low</td></tr><tr><td>Vendor</td><td>hint analyzer</td><td>vendor</td><td>oracle</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://dev.mysql.com/doc/connector-j/en/</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>mysql</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Oracle Corporation</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>mysql</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>MySQL Connector/J</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>cj</td><td>Low</td></tr><tr><td>Vendor</td><td>hint analyzer (hint)</td><td>vendor</td><td>sun</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://www.oracle.com</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest (hint)</td><td>Implementation-Vendor</td><td>sun</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>com.mysql</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>cj</td><td>Highest</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>mysql-connector-java</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>Oracle</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>mysql-connector-java</td><td>Low</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>mysql</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>mysql</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>com.mysql.cj</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://dev.mysql.com/doc/connector-j/en/</td><td>Medium</td></tr><tr><td>Product</td><td>hint analyzer</td><td>product</td><td>mysql_connectors</td><td>Highest</td></tr><tr><td>Product</td><td>hint analyzer</td><td>product</td><td>mysql_connector_j</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>mysql</td><td>Highest</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>mysql-connector-java</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>Oracle Corporation's JDBC and XDevAPI Driver for MySQL</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>driver</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>MySQL Connector/J</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>jdbc</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>cj</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>JDBC</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>mysql-connector-java</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>MySQL Connector/J</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>cj</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Oracle Corporation</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>mysql-connector-java</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>xdevapi</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://www.oracle.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>mysql</td><td>Highest</td></tr><tr><td>Product</td><td>hint analyzer</td><td>product</td><td>mysql_connector/j</td><td>Highest</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>8.0.13</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>8.0.13</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>8.0.13</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>8.0.13</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>8.0.13</td><td>High</td></tr></table></div><h4 id="header135" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content135" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: mysql-connector-java-8.0.13.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/mysql-connector-java-8.0.13.jar</li><li>MD5:&nbsp;00d209d2b845dc8821daea70f71ee00b</li><li>SHA1:&nbsp;28015319e44ff50a8fee655e725fefc4990abeb1</li><li>SHA256:&nbsp;e8325549df60b514995bd001aa69a88bd64e271f37e4d4e7c2a6caa951522342</li></ul></li></ul></div><h4 id="header136" class="subsectionheader white">Identifiers</h4><div id="content136" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/mysql/mysql-connector-java@8.0.13" target="_blank">pkg:maven/mysql/mysql-connector-java@8.0.13</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Amysql&amp;cpe_product=cpe%3A%2F%3Amysql%3Amysql&amp;cpe_version=cpe%3A%2F%3Amysql%3Amysql%3A8.0.13" target="_blank">cpe:2.3:a:mysql:mysql:8.0.13:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('mysql-connector-java-8.0.13.jar', '28015319e44ff50a8fee655e725fefc4990abeb1', 'pkg:maven\/mysql\/mysql-connector-java@8.0.13', 'cpe', 'cpe:\/a:mysql:mysql')">suppress</button></li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aoracle&amp;cpe_product=cpe%3A%2F%3Aoracle%3Aconnector%2Fj&amp;cpe_version=cpe%3A%2F%3Aoracle%3Aconnector%2Fj%3A8.0.13" target="_blank">cpe:2.3:a:oracle:connector\/j:8.0.13:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('mysql-connector-java-8.0.13.jar', '28015319e44ff50a8fee655e725fefc4990abeb1', 'pkg:maven\/mysql\/mysql-connector-java@8.0.13', 'cpe', 'cpe:\/a:oracle:connector%2fj')">suppress</button></li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aoracle&amp;cpe_product=cpe%3A%2F%3Aoracle%3Amysql_connector%2Fj&amp;cpe_version=cpe%3A%2F%3Aoracle%3Amysql_connector%2Fj%3A8.0.13" target="_blank">cpe:2.3:a:oracle:mysql_connector\/j:8.0.13:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('mysql-connector-java-8.0.13.jar', '28015319e44ff50a8fee655e725fefc4990abeb1', 'pkg:maven\/mysql\/mysql-connector-java@8.0.13', 'cpe', 'cpe:\/a:oracle:mysql_connector%2fj')">suppress</button></li></ul></div><h4 id="header137" class="subsectionheader expandable collaspablesubsection white">Published Vulnerabilities</h4><div id="content137" class="subsectioncontent standardsubsection"><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2692">CVE-2019-2692</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('mysql-connector-java-8.0.13.jar', '28015319e44ff50a8fee655e725fefc4990abeb1', 'pkg:maven\/mysql\/mysql-connector-java@8.0.13', 'cve', 'CVE-2019-2692')">suppress</button></p><p><pre>Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: LOW (3.5)</li><li>Vector: /AV:L/AC:H/Au:S/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (6.3)</li><li>Vector: /AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/107925">107925</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190423-0002/">https://security.netapp.com/advisory/ntap-20190423-0002/</a></li><li>MISC - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html">http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs14"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Amysql_connector%252fj">cpe:2.3:a:oracle:mysql_connector\/j:*:*:*:*:*:*:*:* versions up to (including) 8.0.15</a></li></ul></p></div></div><h3 class="subsectionheader standardsubsection"><a name="l46_e6faad47abd3179666e89068485a1b88a195ceb7"></a>jackson-databind-2.9.7.jar</h3><div class="subsectioncontent"><p><b>Description:</b><pre>General data-binding functionality for Jackson: works on core streaming API</pre></p><p><b>License:</b><pre class="indent"><a href="http://www.apache.org/licenses/LICENSE-2.0.txt">http://www.apache.org/licenses/LICENSE-2.0.txt</a></pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jackson-databind-2.9.7.jar<br/><b>MD5:</b>&nbsp;2916db8b36f4078f07dd9580bccec6c2<br/><b>SHA1:</b>&nbsp;e6faad47abd3179666e89068485a1b88a195ceb7<br/><b>SHA256:</b>675376decfc070b039d2be773a97002f1ee1e1346d95bd99feee0d56683a92bf</p><h4 id="header138" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content138" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jackson-databind</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://github.com/FasterXML/jackson</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jackson</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>com.fasterxml.jackson</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>com.fasterxml.jackson.databind</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>com.fasterxml.jackson.core.jackson-databind</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>fasterxml.jackson.core</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>databind</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>jackson-databind</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>FasterXML</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-build-date</td><td>2018-09-19 02:48:44+0000</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>fasterxml</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jackson-databind</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>jackson-base</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.7))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>http://github.com/FasterXML/jackson</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>com.fasterxml.jackson.core</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>FasterXML</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>jackson-databind</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://github.com/FasterXML/jackson</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jackson-databind</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>jackson</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>com.fasterxml.jackson</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>com.fasterxml.jackson.databind</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>com.fasterxml.jackson.core.jackson-databind</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>fasterxml.jackson.core</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>databind</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>jackson-databind</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>jackson-databind</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>jackson-databind</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-build-date</td><td>2018-09-19 02:48:44+0000</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>fasterxml</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>jackson-base</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.7))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>http://github.com/FasterXML/jackson</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jackson-databind</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>2.9.7</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>2.9.7</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.9.7</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>2.9.7</td><td>High</td></tr></table></div><h4 id="header139" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content139" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: jackson-databind-2.9.7.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jackson-databind-2.9.7.jar</li><li>MD5:&nbsp;2916db8b36f4078f07dd9580bccec6c2</li><li>SHA1:&nbsp;e6faad47abd3179666e89068485a1b88a195ceb7</li><li>SHA256:&nbsp;675376decfc070b039d2be773a97002f1ee1e1346d95bd99feee0d56683a92bf</li></ul></li></ul></div><h4 id="header140" class="subsectionheader white">Identifiers</h4><div id="content140" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7" target="_blank">pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Afasterxml&amp;cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson&amp;cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson%3A2.9.7" target="_blank">cpe:2.3:a:fasterxml:jackson:2.9.7:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cpe', 'cpe:\/a:fasterxml:jackson')">suppress</button></li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Afasterxml&amp;cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&amp;cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.9.7" target="_blank">cpe:2.3:a:fasterxml:jackson-databind:2.9.7:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cpe', 'cpe:\/a:fasterxml:jackson-databind')">suppress</button></li></ul></div><h4 id="header141" class="subsectionheader expandable collaspablesubsection white">Published Vulnerabilities</h4><div id="content141" class="subsectioncontent standardsubsection"><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000873">CVE-2018-1000873</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2018-1000873')">suppress</button></p><p><pre>Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (6.5)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=1665601">https://bugzilla.redhat.com/show_bug.cgi?id=1665601</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-modules-java8/issues/90">https://github.com/FasterXML/jackson-modules-java8/issues/90</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-modules-java8/pull/87">https://github.com/FasterXML/jackson-modules-java8/pull/87</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html">https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E">[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/292c11e9-cf66-4d76-aaf7-b63a091f8891">[CVE-2018-1000873]  Improper Input Validation</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs15', 'show all', 'show less');">show all</a>)<ul><li class="vs15"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions up to (excluding) 2.9.8</a></li><li class="vs15">...</li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions up to (excluding) 2.9.8</a></li><li class="vs15 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Ajboss_enterprise_application_platform%3A7.0">cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19360">CVE-2018-19360</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2018-19360')">suppress</button></p><p><pre>FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.</pre>CWE-502 Deserialization of Untrusted Data<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/107985">107985</a></li><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/May/68">20190527 [SECURITY] [DSA 4452-1] jackson-databind security update</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b">https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2186">https://github.com/FasterXML/jackson-databind/issues/2186</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8">https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8</a></li><li>CONFIRM - <a target="_blank" href="https://issues.apache.org/jira/browse/TINKERPOP-2121">https://issues.apache.org/jira/browse/TINKERPOP-2121</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190530-0003/">https://security.netapp.com/advisory/ntap-20190530-0003/</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4452">DSA-4452</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html">https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html">https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html">[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E">[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E">[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E">[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/dc5c85aa-ec0c-42b9-a11b-935184041ee7">[CVE-2018-19360]  Deserialization of Untrusted Data</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHBA-2019:0959">RHBA-2019:0959</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:0782">RHSA-2019:0782</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:0877">RHSA-2019:0877</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1782">RHSA-2019:1782</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1797">RHSA-2019:1797</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1822">RHSA-2019:1822</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1823">RHSA-2019:1823</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2804">RHSA-2019:2804</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2858">RHSA-2019:2858</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3002">RHSA-2019:3002</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3140">RHSA-2019:3140</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3149">RHSA-2019:3149</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3892">RHSA-2019:3892</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:4037">RHSA-2019:4037</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs16', 'show all', 'show less');">show all</a>)<ul><li class="vs16"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.8</a></li><li class="vs16">...</li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.6.0; versions up to (including) 2.6.7.2</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (excluding) 2.7.9.5</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.8.0; versions up to (excluding) 2.8.11.3</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.8</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Abusiness_process_management_suite%3A12.1.3.0.0">cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Abusiness_process_management_suite%3A12.2.1.3.0">cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management%3A15.1">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management%3A15.2">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management%3A16.1">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management%3A16.2">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management%3A18.8">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_unifier">cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_unifier%3A16.1">cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_unifier%3A16.2">cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_unifier%3A18.8">cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aretail_workforce_management_software%3A1.60.9.0.0">cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Awebcenter_portal%3A12.2.1.3.0">cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Aautomation_manager%3A7.3.1">cpe:2.3:a:redhat:automation_manager:7.3.1:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Adecision_manager%3A7.3.1">cpe:2.3:a:redhat:decision_manager:7.3.1:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Ajboss_bpm_suite%3A6.4.11">cpe:2.3:a:redhat:jboss_bpm_suite:6.4.11:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Ajboss_brms%3A6.4.10">cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*</a></li><li class="vs16 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Aopenshift_container_platform%3A3.11">cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19361">CVE-2018-19361</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2018-19361')">suppress</button></p><p><pre>FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.</pre>CWE-502 Deserialization of Untrusted Data<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/107985">107985</a></li><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/May/68">20190527 [SECURITY] [DSA 4452-1] jackson-databind security update</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b">https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2186">https://github.com/FasterXML/jackson-databind/issues/2186</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8">https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8</a></li><li>CONFIRM - <a target="_blank" href="https://issues.apache.org/jira/browse/TINKERPOP-2121">https://issues.apache.org/jira/browse/TINKERPOP-2121</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190530-0003/">https://security.netapp.com/advisory/ntap-20190530-0003/</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4452">DSA-4452</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html">https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html">https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html">[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E">[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E">[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E">[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/5a041483-5b69-47f8-b8a9-e631830ceaf9">[CVE-2018-19361]  Deserialization of Untrusted Data</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHBA-2019:0959">RHBA-2019:0959</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:0782">RHSA-2019:0782</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:0877">RHSA-2019:0877</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1782">RHSA-2019:1782</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1797">RHSA-2019:1797</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1822">RHSA-2019:1822</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1823">RHSA-2019:1823</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2804">RHSA-2019:2804</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2858">RHSA-2019:2858</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3002">RHSA-2019:3002</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3140">RHSA-2019:3140</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3149">RHSA-2019:3149</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3892">RHSA-2019:3892</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:4037">RHSA-2019:4037</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs17', 'show all', 'show less');">show all</a>)<ul><li class="vs17"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.8</a></li><li class="vs17">...</li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.6.0; versions up to (including) 2.6.7.2</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (excluding) 2.7.9.5</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.8.0; versions up to (excluding) 2.8.11.3</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.8</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Abusiness_process_management_suite%3A12.1.3.0.0">cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Abusiness_process_management_suite%3A12.2.1.3.0">cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management%3A15.1">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management%3A15.2">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management%3A16.1">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management%3A16.2">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management%3A18.8">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_unifier">cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_unifier%3A16.1">cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_unifier%3A16.2">cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_unifier%3A18.8">cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aretail_workforce_management_software%3A1.60.9.0.0">cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Awebcenter_portal%3A12.2.1.3.0">cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Aautomation_manager%3A7.3.1">cpe:2.3:a:redhat:automation_manager:7.3.1:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Adecision_manager%3A7.3.1">cpe:2.3:a:redhat:decision_manager:7.3.1:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Ajboss_bpm_suite%3A6.4.11">cpe:2.3:a:redhat:jboss_bpm_suite:6.4.11:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Ajboss_brms%3A6.4.10">cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*</a></li><li class="vs17 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Aopenshift_container_platform%3A3.11">cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19362">CVE-2018-19362</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2018-19362')">suppress</button></p><p><pre>FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.</pre>CWE-502 Deserialization of Untrusted Data<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/107985">107985</a></li><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/May/68">20190527 [SECURITY] [DSA 4452-1] jackson-databind security update</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b">https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2186">https://github.com/FasterXML/jackson-databind/issues/2186</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8">https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8</a></li><li>CONFIRM - <a target="_blank" href="https://issues.apache.org/jira/browse/TINKERPOP-2121">https://issues.apache.org/jira/browse/TINKERPOP-2121</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190530-0003/">https://security.netapp.com/advisory/ntap-20190530-0003/</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4452">DSA-4452</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html">https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html">https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html">[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E">[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E">[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E">[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/5afe3c10-61cc-4ca0-99ae-c6ba8f330b45">[CVE-2018-19362]  Deserialization of Untrusted Data</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHBA-2019:0959">RHBA-2019:0959</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:0782">RHSA-2019:0782</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:0877">RHSA-2019:0877</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1782">RHSA-2019:1782</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1797">RHSA-2019:1797</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1822">RHSA-2019:1822</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1823">RHSA-2019:1823</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2804">RHSA-2019:2804</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2858">RHSA-2019:2858</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3002">RHSA-2019:3002</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3140">RHSA-2019:3140</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3149">RHSA-2019:3149</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3892">RHSA-2019:3892</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:4037">RHSA-2019:4037</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs18', 'show all', 'show less');">show all</a>)<ul><li class="vs18"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.8</a></li><li class="vs18">...</li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.6.0; versions up to (including) 2.6.7.2</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (excluding) 2.7.9.5</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.8.0; versions up to (excluding) 2.8.11.3</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.8</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Abusiness_process_management_suite%3A12.1.3.0.0">cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Abusiness_process_management_suite%3A12.2.1.3.0">cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management%3A15.1">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management%3A15.2">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management%3A16.1">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management%3A16.2">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_p6_enterprise_project_portfolio_management%3A18.8">cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_unifier">cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_unifier%3A16.1">cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_unifier%3A16.2">cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aprimavera_unifier%3A18.8">cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Aretail_workforce_management_software%3A1.60.9.0.0">cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aoracle%3Awebcenter_portal%3A12.2.1.3.0">cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Aautomation_manager%3A7.3.1">cpe:2.3:a:redhat:automation_manager:7.3.1:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Adecision_manager%3A7.3.1">cpe:2.3:a:redhat:decision_manager:7.3.1:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Ajboss_bpm_suite%3A6.4.11">cpe:2.3:a:redhat:jboss_bpm_suite:6.4.11:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Ajboss_brms%3A6.4.10">cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*</a></li><li class="vs18 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Aopenshift_container_platform%3A3.11">cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12086">CVE-2019-12086</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2019-12086')">suppress</button></p><p><pre>A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.</pre>CWE-200 Information Exposure<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/109227">109227</a></li><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/May/68">20190527 [SECURITY] [DSA 4452-1] jackson-databind security update</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9">https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190530-0003/">https://security.netapp.com/advisory/ntap-20190530-0003/</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4452">DSA-4452</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/">FEDORA-2019-99ff6aa32c</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/">FEDORA-2019-ae6a703b8f</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/">FEDORA-2019-fb23eccc03</a></li><li>MISC - <a target="_blank" href="http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/">http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2326">https://github.com/FasterXML/jackson-databind/issues/2326</a></li><li>MISC - <a target="_blank" href="https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062">https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html">https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E">[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to &gt;= 2.9.9.3 to address security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html">[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E">[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E">[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029">[CVE-2019-12086]  Information Exposure</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2858">RHSA-2019:2858</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2935">RHSA-2019:2935</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2936">RHSA-2019:2936</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2937">RHSA-2019:2937</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2938">RHSA-2019:2938</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2998">RHSA-2019:2998</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3044">RHSA-2019:3044</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3045">RHSA-2019:3045</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3046">RHSA-2019:3046</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3050">RHSA-2019:3050</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3149">RHSA-2019:3149</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3200">RHSA-2019:3200</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs19', 'show all', 'show less');">show all</a>)<ul><li class="vs19"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.9</a></li><li class="vs19">...</li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.7.9.5</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.8.0; versions up to (including) 2.8.11.3</a></li><li class="vs19 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.9</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12384">CVE-2019-12384</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2019-12384')">suppress</button></p><p><pre>FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.</pre>CWE-502 Deserialization of Untrusted Data<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (5.9)</li><li>Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</li></ul><br/>References:<ul><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/Oct/6">20191007 [SECURITY] [DSA 4542-1] jackson-databind security update</a></li><li>CONFIRM - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html">https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190703-0002/">https://security.netapp.com/advisory/ntap-20190703-0002/</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4542">DSA-4542</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/">FEDORA-2019-99ff6aa32c</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/">FEDORA-2019-ae6a703b8f</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/">FEDORA-2019-fb23eccc03</a></li><li>MISC - <a target="_blank" href="https://blog.doyensec.com/2019/07/22/jackson-gadgets.html">https://blog.doyensec.com/2019/07/22/jackson-gadgets.html</a></li><li>MISC - <a target="_blank" href="https://doyensec.com/research.html">https://doyensec.com/research.html</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad">https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E">[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to &gt;= 2.9.9.3 to address security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E">[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E">[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/33d59f1d-83ff-4527-9707-c3f1507b6125">[CVE-2019-12384]  Deserialization of Untrusted Data</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1820">RHSA-2019:1820</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2720">RHSA-2019:2720</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2858">RHSA-2019:2858</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2935">RHSA-2019:2935</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2936">RHSA-2019:2936</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2937">RHSA-2019:2937</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2938">RHSA-2019:2938</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2998">RHSA-2019:2998</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3149">RHSA-2019:3149</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3200">RHSA-2019:3200</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3292">RHSA-2019:3292</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3297">RHSA-2019:3297</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3901">RHSA-2019:3901</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:4352">RHSA-2019:4352</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs20', 'show all', 'show less');">show all</a>)<ul><li class="vs20"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.9.1</a></li><li class="vs20">...</li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.7.9.5</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.8.0; versions up to (including) 2.8.11.3</a></li><li class="vs20 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.9.1</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12814">CVE-2019-12814</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2019-12814')">suppress</button></p><p><pre>A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.</pre>CWE-200 Information Exposure<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (5.9)</li><li>Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2341">https://github.com/FasterXML/jackson-databind/issues/2341</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190625-0006/">https://security.netapp.com/advisory/ntap-20190625-0006/</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/">FEDORA-2019-99ff6aa32c</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/">FEDORA-2019-ae6a703b8f</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/">FEDORA-2019-fb23eccc03</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html">https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E">[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E">[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to &gt;= 2.9.9.3 to address security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html">[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E">[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E">[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E">[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E">[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E">[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E">[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E">[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E">[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E">[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/3e008100-e0d4-45bf-afd2-9d5e9b13efa7">[CVE-2019-12814]  Information Exposure</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2858">RHSA-2019:2858</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2935">RHSA-2019:2935</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2936">RHSA-2019:2936</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2937">RHSA-2019:2937</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2938">RHSA-2019:2938</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3044">RHSA-2019:3044</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3045">RHSA-2019:3045</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3046">RHSA-2019:3046</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3050">RHSA-2019:3050</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3149">RHSA-2019:3149</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3200">RHSA-2019:3200</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3292">RHSA-2019:3292</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3297">RHSA-2019:3297</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs21', 'show all', 'show less');">show all</a>)<ul><li class="vs21"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.9.1</a></li><li class="vs21">...</li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.7.9.5</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.8.0; versions up to (including) 2.8.11.3</a></li><li class="vs21 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.9.1</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14379">CVE-2019-14379</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2019-14379')">suppress</button></p><p><pre>SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190814-0001/">https://security.netapp.com/advisory/ntap-20190814-0001/</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/">FEDORA-2019-99ff6aa32c</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/">FEDORA-2019-ae6a703b8f</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/">FEDORA-2019-fb23eccc03</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2">https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2387">https://github.com/FasterXML/jackson-databind/issues/2387</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3Ccommits.ambari.apache.org%3E">[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3Ccommits.ambari.apache.org%3E">[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html">[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3Cissues.iceberg.apache.org%3E">[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3Cissues.iceberg.apache.org%3E">[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3Cissues.iceberg.apache.org%3E">[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3Cissues.iceberg.apache.org%3E">[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3Cissues.iceberg.apache.org%3E">[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3Cissues.iceberg.apache.org%3E">[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3Cissues.iceberg.apache.org%3E">[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E">[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3Ccommits.pulsar.apache.org%3E">[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E">[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E">[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/e5794172-1257-4372-9baf-7b87307a3cc9">[CVE-2019-14379] SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles de...</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHBA-2019:2824">RHBA-2019:2824</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2743">RHSA-2019:2743</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2858">RHSA-2019:2858</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2935">RHSA-2019:2935</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2936">RHSA-2019:2936</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2937">RHSA-2019:2937</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2938">RHSA-2019:2938</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:2998">RHSA-2019:2998</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3044">RHSA-2019:3044</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3045">RHSA-2019:3045</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3046">RHSA-2019:3046</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3050">RHSA-2019:3050</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3149">RHSA-2019:3149</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3200">RHSA-2019:3200</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3292">RHSA-2019:3292</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3297">RHSA-2019:3297</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3901">RHSA-2019:3901</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0727">RHSA-2020:0727</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs22', 'show all', 'show less');">show all</a>)<ul><li class="vs22"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.9.2</a></li><li class="vs22">...</li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (excluding) 2.7.9.6</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.8.0; versions up to (excluding) 2.8.11.4</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.9.2</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Anetapp%3Aoncommand_workflow_automation%3A-">cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*</a></li><li class="vs22 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Anetapp%3Asnapcenter%3A-">cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14439">CVE-2019-14439</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2019-14439')">suppress</button></p><p><pre>A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.</pre>CWE-200 Information Exposure<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</li></ul><br/>References:<ul><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/Oct/6">20191007 [SECURITY] [DSA 4542-1] jackson-databind security update</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190814-0001/">https://security.netapp.com/advisory/ntap-20190814-0001/</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4542">DSA-4542</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/">FEDORA-2019-ae6a703b8f</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/">FEDORA-2019-fb23eccc03</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b">https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2">https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2389">https://github.com/FasterXML/jackson-databind/issues/2389</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E">[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to &gt;= 2.9.9.3 to address security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html">[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E">[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/ac9dce23-7b35-4691-b05e-a68f58d48b8c">[CVE-2019-14439] A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x befo...</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3200">RHSA-2019:3200</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs23', 'show all', 'show less');">show all</a>)<ul><li class="vs23"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.9.2</a></li><li class="vs23">...</li><li class="vs23 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.7.9.5</a></li><li class="vs23 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.8.0; versions up to (including) 2.8.11.3</a></li><li class="vs23 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.9.2</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14540">CVE-2019-14540</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2019-14540')">suppress</button></p><p><pre>A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/Oct/6">20191007 [SECURITY] [DSA 4542-1] jackson-databind security update</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x">https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20191004-0002/">https://security.netapp.com/advisory/ntap-20191004-0002/</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4542">DSA-4542</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/">FEDORA-2019-b171554877</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/">FEDORA-2019-cf87377f5f</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2410">https://github.com/FasterXML/jackson-databind/issues/2410</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2449">https://github.com/FasterXML/jackson-databind/issues/2449</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html">[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E">[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E">[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E">[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E">[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E">[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E">[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E">[zookeeper-notifications] 20190925 [GitHub] [zookeeper] maoling commented on issue #1097: ZOOKEEPER-3559 - Update Jackson to 2.9.10</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/fc1e8802-77e5-458f-b987-eb778c6ac2fc">[CVE-2019-14540] A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2...</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3200">RHSA-2019:3200</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0159">RHSA-2020:0159</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0160">RHSA-2020:0160</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0161">RHSA-2020:0161</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0164">RHSA-2020:0164</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0445">RHSA-2020:0445</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs24"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions up to (excluding) 2.9.10</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14892">CVE-2019-14892</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2019-14892')">suppress</button></p><p><pre>A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.</pre>CWE-502 Deserialization of Untrusted Data<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892">https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2462">https://github.com/FasterXML/jackson-databind/issues/2462</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0729">RHSA-2020:0729</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs25', 'show all', 'show less');">show all</a>)<ul><li class="vs25"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.10</a></li><li class="vs25">...</li><li class="vs25 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.6.7; versions up to (excluding) 2.6.7.3</a></li><li class="vs25 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.8.0; versions up to (excluding) 2.8.11.5</a></li><li class="vs25 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.10</a></li><li class="vs25 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Adecision_manager%3A7.0">cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*</a></li><li class="vs25 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Ajboss_data_grid%3A7.0.0">cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*</a></li><li class="vs25 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Ajboss_enterprise_application_platform%3A7.0">cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*</a></li><li class="vs25 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Ajboss_fuse%3A7.0.0">cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*</a></li><li class="vs25 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Aopenshift_container_platform%3A4.3">cpe:2.3:a:redhat:openshift_container_platform:4.3:*:*:*:*:*:*:*</a></li><li class="vs25 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Aprocess_automation%3A7.0">cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14893">CVE-2019-14893</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2019-14893')">suppress</button></p><p><pre>A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.</pre>CWE-502 Deserialization of Untrusted Data<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893">https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2469">https://github.com/FasterXML/jackson-databind/issues/2469</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0729">RHSA-2020:0729</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs26', 'show all', 'show less');">show all</a>)<ul><li class="vs26"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.10</a></li><li class="vs26">...</li><li class="vs26 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions up to (excluding) 2.8.11.5</a></li><li class="vs26 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.9.0; versions up to (excluding) 2.9.10</a></li><li class="vs26 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Adecision_manager%3A7.0">cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*</a></li><li class="vs26 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Ajboss_data_grid%3A7.0.0">cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*</a></li><li class="vs26 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Ajboss_enterprise_application_platform%3A7.0">cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*</a></li><li class="vs26 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Ajboss_fuse%3A7.0.0">cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*</a></li><li class="vs26 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Aopenshift_container_platform%3A4.3">cpe:2.3:a:redhat:openshift_container_platform:4.3:*:*:*:*:*:*:*</a></li><li class="vs26 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Aprocess_automation%3A7.0">cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16335">CVE-2019-16335</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2019-16335')">suppress</button></p><p><pre>A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/Oct/6">20191007 [SECURITY] [DSA 4542-1] jackson-databind security update</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20191004-0002/">https://security.netapp.com/advisory/ntap-20191004-0002/</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4542">DSA-4542</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/">FEDORA-2019-b171554877</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/">FEDORA-2019-cf87377f5f</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2449">https://github.com/FasterXML/jackson-databind/issues/2449</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html">[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E">[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E">[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E">[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E">[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E">[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E">[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E">[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/3242fdc1-bfe9-46a6-af0c-0b8f57f56eb7">[CVE-2019-16335] A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2...</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3200">RHSA-2019:3200</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0159">RHSA-2020:0159</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0160">RHSA-2020:0160</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0161">RHSA-2020:0161</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0164">RHSA-2020:0164</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0445">RHSA-2020:0445</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0729">RHSA-2020:0729</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs27"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions up to (excluding) 2.9.10</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16942">CVE-2019-16942</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2019-16942')">suppress</button></p><p><pre>A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/Oct/6">20191007 [SECURITY] [DSA 4542-1] jackson-databind security update</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20191017-0006/">https://security.netapp.com/advisory/ntap-20191017-0006/</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4542">DSA-4542</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/">FEDORA-2019-b171554877</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/">FEDORA-2019-cf87377f5f</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2478">https://github.com/FasterXML/jackson-databind/issues/2478</a></li><li>MISC - <a target="_blank" href="https://issues.apache.org/jira/browse/GEODE-7255">https://issues.apache.org/jira/browse/GEODE-7255</a></li><li>MISC - <a target="_blank" href="https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062">https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html">[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E">[geode-issues] 20191008 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E">[geode-issues] 20191011 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E">[geode-issues] 20191230 [jira] [Closed] (GEODE-7255) Need to pick up CVE-2019-16942</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/07632245-fcef-4eb3-82b6-aadbbfd2b33e">[CVE-2019-16942] A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 th...</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3901">RHSA-2019:3901</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0159">RHSA-2020:0159</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0160">RHSA-2020:0160</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0161">RHSA-2020:0161</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0164">RHSA-2020:0164</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0445">RHSA-2020:0445</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs28"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.0.0; versions up to (including) 2.9.10</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16943">CVE-2019-16943</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2019-16943')">suppress</button></p><p><pre>A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/Oct/6">20191007 [SECURITY] [DSA 4542-1] jackson-databind security update</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20191017-0006/">https://security.netapp.com/advisory/ntap-20191017-0006/</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4542">DSA-4542</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/">FEDORA-2019-b171554877</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/">FEDORA-2019-cf87377f5f</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2478">https://github.com/FasterXML/jackson-databind/issues/2478</a></li><li>MISC - <a target="_blank" href="https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062">https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html">[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E">[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E">[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E">[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/f4f0c103-c9d9-4308-bd8f-489f2a632680">[CVE-2019-16943] A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 th...</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0159">RHSA-2020:0159</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0160">RHSA-2020:0160</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0161">RHSA-2020:0161</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0164">RHSA-2020:0164</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0445">RHSA-2020:0445</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs29"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.0.0; versions up to (including) 2.9.10</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17267">CVE-2019-17267</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2019-17267')">suppress</button></p><p><pre>A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20191017-0006/">https://security.netapp.com/advisory/ntap-20191017-0006/</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10">https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2460">https://github.com/FasterXML/jackson-databind/issues/2460</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html">[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E">[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8@%3Cdev.skywalking.apache.org%3E">[skywalking-dev] 20200324 [CVE-2019-17267] Upgrade jackson-databind version to 2.9.10</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/6ce886d0-2dfd-4cef-b9a4-2fb400baf5ef">[CVE-2019-17267] A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2...</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3200">RHSA-2019:3200</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0159">RHSA-2020:0159</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0160">RHSA-2020:0160</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0161">RHSA-2020:0161</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0164">RHSA-2020:0164</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0445">RHSA-2020:0445</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs30"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions up to (excluding) 2.9.10</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17531">CVE-2019-17531</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2019-17531')">suppress</button></p><p><pre>A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20191024-0005/">https://security.netapp.com/advisory/ntap-20191024-0005/</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2498">https://github.com/FasterXML/jackson-databind/issues/2498</a></li><li>MISC - <a target="_blank" href="https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062">https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html">[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E">[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E">[pulsar-commits] 20191127 [GitHub] [pulsar] massakam opened a new pull request #5758: Bump jackson libraries to 2.10.1</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/ea932c13-011a-4c74-a092-48cd1c49adb4">[CVE-2019-17531] A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 th...</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:4192">RHSA-2019:4192</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0159">RHSA-2020:0159</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0160">RHSA-2020:0160</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0161">RHSA-2020:0161</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0164">RHSA-2020:0164</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2020:0445">RHSA-2020:0445</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs31"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.0.0; versions up to (including) 2.9.10</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20330">CVE-2019-20330</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2019-20330')">suppress</button></p><p><pre>FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.</pre>CWE-502 Deserialization of Untrusted Data<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20200127-0004/">https://security.netapp.com/advisory/ntap-20200127-0004/</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2">https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2</a></li><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2526">https://github.com/FasterXML/jackson-databind/issues/2526</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html">[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E">[druid-commits] 20200114 [GitHub] [druid] ccaominh opened a new pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E">[druid-commits] 20200115 [GitHub] [druid] ccaominh opened a new pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528@%3Ccommits.druid.apache.org%3E">[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744@%3Ccommits.druid.apache.org%3E">[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E">[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764@%3Ccommits.zookeeper.apache.org%3E">[zookeeper-commits] 20200123 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2@%3Ccommits.zookeeper.apache.org%3E">[zookeeper-commits] 20200123 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63@%3Ccommits.zookeeper.apache.org%3E">[zookeeper-commits] 20200123 [zookeeper] branch master updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3Cdev.zookeeper.apache.org%3E">[zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393@%3Cdev.zookeeper.apache.org%3E">[zookeeper-dev] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c@%3Cdev.zookeeper.apache.org%3E">[zookeeper-dev] 20200122 Re: 3.5.7</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200118 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200122 [jira] [Assigned] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200122 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200122 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200123 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200123 [jira] [Resolved] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200123 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8@%3Cnotifications.zookeeper.apache.org%3E">[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0@%3Cnotifications.zookeeper.apache.org%3E">[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt opened a new pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2@%3Cnotifications.zookeeper.apache.org%3E">[zookeeper-notifications] 20200123 [GitHub] [zookeeper] asfgit closed pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44@%3Cnotifications.zookeeper.apache.org%3E">[zookeeper-notifications] 20200123 [GitHub] [zookeeper] nkalmar commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/40d250b4-680a-4cf2-a677-40b8cdda0ce2">[CVE-2019-20330] FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache bloc...</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs32"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.0.0; versions up to (excluding) 2.9.10.2</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10672">CVE-2020-10672</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2020-10672')">suppress</button></p><p><pre>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).</pre>NVD-CWE-Other<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (6.8)</li><li>Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: HIGH (8.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2659">https://github.com/FasterXML/jackson-databind/issues/2659</a></li><li>MISC - <a target="_blank" href="https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062">https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html">[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs33"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions up to (excluding) 2.9.10.4</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10673">CVE-2020-10673</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2020-10673')">suppress</button></p><p><pre>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).</pre>NVD-CWE-Other<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (6.8)</li><li>Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: HIGH (8.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2660">https://github.com/FasterXML/jackson-databind/issues/2660</a></li><li>MISC - <a target="_blank" href="https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062">https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html">[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs34"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions up to (excluding) 2.9.10.4</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8840">CVE-2020-8840</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2020-8840')">suppress</button></p><p><pre>FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.</pre>CWE-502 Deserialization of Untrusted Data<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2620">https://github.com/FasterXML/jackson-databind/issues/2620</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html">[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db@%3Ccommits.druid.apache.org%3E">[druid-commits] 20200219 [GitHub] [druid] ccaominh opened a new pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3@%3Ccommits.druid.apache.org%3E">[druid-commits] 20200219 [GitHub] [druid] suneet-s commented on issue #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2@%3Ccommits.druid.apache.org%3E">[druid-commits] 20200221 [GitHub] [druid] ccaominh merged pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20200311 CVE-2020-8840 on TomEE 8.0.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20200311 Re: CVE-2020-8840 on TomEE 8.0.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20200313 Re: CVE-2020-8840 on TomEE 8.0.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21@%3Ccommits.zookeeper.apache.org%3E">[zookeeper-commits] 20200223 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23@%3Ccommits.zookeeper.apache.org%3E">[zookeeper-commits] 20200223 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3@%3Ccommits.zookeeper.apache.org%3E">[zookeeper-commits] 20200223 [zookeeper] branch master updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e@%3Ccommits.zookeeper.apache.org%3E">[zookeeper-commits] 20200224 [zookeeper] 01/02: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7@%3Cdev.zookeeper.apache.org%3E">[zookeeper-dev] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200223 [jira] [Assigned] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200223 [jira] [Resolved] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200223 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200225 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1@%3Cnotifications.zookeeper.apache.org%3E">[zookeeper-notifications] 20200223 [GitHub] [zookeeper] asfgit closed pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da@%3Cnotifications.zookeeper.apache.org%3E">[zookeeper-notifications] 20200223 [GitHub] [zookeeper] eolivelli opened a new pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71@%3Cnotifications.zookeeper.apache.org%3E">[zookeeper-notifications] 20200223 [GitHub] [zookeeper] phunt commented on issue #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/2fada372-53aa-4b38-907c-7d3faba7bcb8">[CVE-2020-8840] FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JN...</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs35"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.0.0; versions up to (including) 2.9.10.2</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9546">CVE-2020-9546</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2020-9546')">suppress</button></p><p><pre>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).</pre>CWE-502 Deserialization of Untrusted Data<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (6.8)</li><li>Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2631">https://github.com/FasterXML/jackson-databind/issues/2631</a></li><li>MISC - <a target="_blank" href="https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E">https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E</a></li><li>MISC - <a target="_blank" href="https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062">https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html">[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E">[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs36"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.0.0; versions up to (excluding) 2.9.10.4</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9547">CVE-2020-9547</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2020-9547')">suppress</button></p><p><pre>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).</pre>CWE-502 Deserialization of Untrusted Data<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (6.8)</li><li>Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2634">https://github.com/FasterXML/jackson-databind/issues/2634</a></li><li>MISC - <a target="_blank" href="https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1@%3Cnotifications.zookeeper.apache.org%3E">https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1@%3Cnotifications.zookeeper.apache.org%3E</a></li><li>MISC - <a target="_blank" href="https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a@%3Cnotifications.zookeeper.apache.org%3E">https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a@%3Cnotifications.zookeeper.apache.org%3E</a></li><li>MISC - <a target="_blank" href="https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E">https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E</a></li><li>MISC - <a target="_blank" href="https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6@%3Cnotifications.zookeeper.apache.org%3E">https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6@%3Cnotifications.zookeeper.apache.org%3E</a></li><li>MISC - <a target="_blank" href="https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab@%3Cnotifications.zookeeper.apache.org%3E">https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab@%3Cnotifications.zookeeper.apache.org%3E</a></li><li>MISC - <a target="_blank" href="https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428@%3Cnotifications.zookeeper.apache.org%3E">https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428@%3Cnotifications.zookeeper.apache.org%3E</a></li><li>MISC - <a target="_blank" href="https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062">https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html">[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rd0e958d6d5c5ee16efed73314cd0e445c8dbb4bdcc80fc9d1d6c11fc@%3Cdev.zookeeper.apache.org%3E">[zookeeper-dev] 20200307 Build failed in Jenkins: PreCommit-ZOOKEEPER-github-pr-build-maven #1898</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E">[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs37"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.0.0; versions up to (excluding) 2.9.10.4</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9548">CVE-2020-9548</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('jackson-databind-2.9.7.jar', 'e6faad47abd3179666e89068485a1b88a195ceb7', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.7', 'cve', 'CVE-2020-9548')">suppress</button></p><p><pre>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).</pre>CWE-502 Deserialization of Untrusted Data<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (6.8)</li><li>Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>MISC - <a target="_blank" href="https://github.com/FasterXML/jackson-databind/issues/2634">https://github.com/FasterXML/jackson-databind/issues/2634</a></li><li>MISC - <a target="_blank" href="https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062">https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html">[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E">[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E">[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546</a></li></ul></p><p>Vulnerable Software &amp; Versions:<ul><li class="vs38"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Afasterxml%3Ajackson-databind">cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.0.0; versions up to (excluding) 2.9.10.4</a></li></ul></p></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l47_ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68"></a>snakeyaml-1.23.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>YAML 1.1 parser and emitter for Java</pre></p><p><b>License:</b><pre class="indent">Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/snakeyaml-1.23.jar<br/><b>MD5:</b>&nbsp;64ec8bd26b6d5034a87ecb1c8ce0efdc<br/><b>SHA1:</b>&nbsp;ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68<br/><b>SHA256:</b>13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1</p><h4 id="header142" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content142" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>yaml</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>snakeyaml</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>SnakeYAML</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>parser</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>yaml</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>snakeyaml</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://www.snakeyaml.org</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>emitter</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>snakeyaml</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.yaml.snakeyaml</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>SnakeYAML</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>yaml</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>SnakeYAML</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://www.snakeyaml.org</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>yaml</td><td>Highest</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>snakeyaml</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>parser</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>emitter</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>snakeyaml</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>snakeyaml</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.yaml.snakeyaml</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.23</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.23</td><td>High</td></tr></table></div><h4 id="header143" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content143" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: snakeyaml-1.23.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/snakeyaml-1.23.jar</li><li>MD5:&nbsp;64ec8bd26b6d5034a87ecb1c8ce0efdc</li><li>SHA1:&nbsp;ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68</li><li>SHA256:&nbsp;13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1</li></ul></li></ul></div><h4 id="header144" class="subsectionheader white">Identifiers</h4><div id="content144" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.yaml/snakeyaml@1.23" target="_blank">pkg:maven/org.yaml/snakeyaml@1.23</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Asnakeyaml_project&amp;cpe_product=cpe%3A%2F%3Asnakeyaml_project%3Asnakeyaml&amp;cpe_version=cpe%3A%2F%3Asnakeyaml_project%3Asnakeyaml%3A1.23" target="_blank">cpe:2.3:a:snakeyaml_project:snakeyaml:1.23:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('snakeyaml-1.23.jar', 'ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68', 'pkg:maven\/org.yaml\/snakeyaml@1.23', 'cpe', 'cpe:\/a:snakeyaml_project:snakeyaml')">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l48_3789d00e859632e6c6206adc0c71625559e6e3b0"></a>jboss-logging-3.3.2.Final.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>The JBoss Logging Framework</pre></p><p><b>License:</b><pre class="indent">Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jboss-logging-3.3.2.Final.jar<br/><b>MD5:</b>&nbsp;c397132f958d7e8ac0d566b6723ca7ca<br/><b>SHA1:</b>&nbsp;3789d00e859632e6c6206adc0c71625559e6e3b0<br/><b>SHA256:</b>cb914bfe888da7d9162e965ac8b0d6f28f2f32eca944a00fbbf6dd3cf1aacc13</p><h4 id="header145" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content145" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>jboss.logging</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jboss-logging</td><td>Low</td></tr><tr><td>Vendor</td><td>hint analyzer</td><td>vendor</td><td>redhat</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>build-timestamp</td><td>Wed, 14 Feb 2018 13:23:27 -0800</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>os-arch</td><td>amd64</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>JBoss by Red Hat</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.jboss.logging</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>org.jboss.logging</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>os-name</td><td>Linux</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-url</td><td>http://www.jboss.org</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jboss-logging</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>jboss-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>org.jboss</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>logging</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://www.jboss.org</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.jboss.logging.jboss-logging</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>JBoss Logging 3</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jboss</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>java-vendor</td><td>Sun Microsystems Inc.</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>JBoss by Red Hat</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.jboss.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>jboss.logging</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>jboss-parent</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>build-timestamp</td><td>Wed, 14 Feb 2018 13:23:27 -0800</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>os-arch</td><td>amd64</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>JBoss Logging 3</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>org.jboss.logging</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>os-name</td><td>Linux</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-url</td><td>http://www.jboss.org</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jboss-logging</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>JBoss Logging 3</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>org.jboss</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>logging</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://www.jboss.org</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.jboss.logging.jboss-logging</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jboss-logging</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>JBoss Logging 3</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>jboss</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>JBoss Logging 3</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>http://www.jboss.org</td><td>Low</td></tr><tr><td>Version</td><td>pom</td><td>parent-version</td><td>3.3.2.Final</td><td>Low</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>3.3.2.Final</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.3.2.Final</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>3.3.2.Final</td><td>High</td></tr></table></div><h4 id="header146" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content146" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: jboss-logging-3.3.2.Final.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jboss-logging-3.3.2.Final.jar</li><li>MD5:&nbsp;c397132f958d7e8ac0d566b6723ca7ca</li><li>SHA1:&nbsp;3789d00e859632e6c6206adc0c71625559e6e3b0</li><li>SHA256:&nbsp;cb914bfe888da7d9162e965ac8b0d6f28f2f32eca944a00fbbf6dd3cf1aacc13</li></ul></li></ul></div><h4 id="header147" class="subsectionheader white">Identifiers</h4><div id="content147" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.jboss.logging/jboss-logging@3.3.2.Final" target="_blank">pkg:maven/org.jboss.logging/jboss-logging@3.3.2.Final</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l49_9daff99b4fbd6809fd46ab4327650ad00a1be6d4"></a>hsqldb-2.4.1.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>HSQLDB - Lightweight 100% Java SQL Database Engine</pre></p><p><b>License:</b><pre class="indent">HSQLDB License, a BSD open source license: http://hsqldb.org/web/hsqlLicense.html</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/hsqldb-2.4.1.jar<br/><b>MD5:</b>&nbsp;4fecc773be5e64721615213d314e8de3<br/><b>SHA1:</b>&nbsp;9daff99b4fbd6809fd46ab4327650ad00a1be6d4<br/><b>SHA256:</b>417294fff9d6b6a4f7ee522982ed2693cdda28d131da0d9e4f048a57d6e1cdb2</p><h4 id="header148" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content148" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://hsqldb.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://hsqldb.org</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>originally-created-by</td><td>1.8.0_172-b11 (Oracle Corporation)</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>hsqldb</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>The HSQL Development Group</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>hsqldb</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>HyperSQL Database</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>hsqldb</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>The HSQL Development Group</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>build-vendor</td><td>blaine</td><td>Medium</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>org.hsqldb</td><td>Highest</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>hsqldb</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>The HSQL Development Group</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.hsqldb.hsqldb</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>hsqldb</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>HSQLDB</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>hsqldb</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>The HSQL Development Group</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>originally-created-by</td><td>1.8.0_172-b11 (Oracle Corporation)</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>HSQLDB</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>hsqldb</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>HyperSQL Database</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://hsqldb.org</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>database</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>java</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://hsqldb.org</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>Standard runtime</td><td>High</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>hsqldb</td><td>Highest</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>hsqldb</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>org.hsqldb.hsqldb</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>hsqldb</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>2.4.1</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>2.4.1</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>2.4.1</td><td>High</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>2.4.1</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.4.1</td><td>Highest</td></tr></table></div><h4 id="header149" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content149" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: hsqldb-2.4.1.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/hsqldb-2.4.1.jar</li><li>MD5:&nbsp;4fecc773be5e64721615213d314e8de3</li><li>SHA1:&nbsp;9daff99b4fbd6809fd46ab4327650ad00a1be6d4</li><li>SHA256:&nbsp;417294fff9d6b6a4f7ee522982ed2693cdda28d131da0d9e4f048a57d6e1cdb2</li></ul></li></ul></div><h4 id="header150" class="subsectionheader white">Identifiers</h4><div id="content150" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.hsqldb/hsqldb@2.4.1" target="_blank">pkg:maven/org.hsqldb/hsqldb@2.4.1</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li>cpe:2.3:a:hyper:hyper:2.4.1:*:*:*:*:*:*:*&nbsp;&nbsp;(<i>Confidence</i>:Low)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('hsqldb-2.4.1.jar', '9daff99b4fbd6809fd46ab4327650ad00a1be6d4', 'pkg:maven\/org.hsqldb\/hsqldb@2.4.1', 'cpe', 'cpe:\/a:hyper:hyper')">suppress</button></li><li>cpe:2.3:a:hyper_project:hyper:2.4.1:*:*:*:*:*:*:*&nbsp;&nbsp;(<i>Confidence</i>:Low)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('hsqldb-2.4.1.jar', '9daff99b4fbd6809fd46ab4327650ad00a1be6d4', 'pkg:maven\/org.hsqldb\/hsqldb@2.4.1', 'cpe', 'cpe:\/a:hyper_project:hyper')">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l50_934c04d3cfef185a8008e7bf34331b79730a9d43"></a>javax.annotation-api-1.3.2.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Common Annotations for the JavaTM Platform API</pre></p><p><b>License:</b><pre class="indent">CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/javax.annotation-api-1.3.2.jar<br/><b>MD5:</b>&nbsp;2ab1973eefffaa2aeec47d50b9e40b9d<br/><b>SHA1:</b>&nbsp;934c04d3cfef185a8008e7bf34331b79730a9d43<br/><b>SHA256:</b>e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b</p><h4 id="header151" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content151" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>javax</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>Oracle Corporation</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>javax.annotation-api</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>javax.annotation</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>extension-name</td><td>javax.annotation</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>GlassFish Community</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>net.java</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>https://javaee.github.io/glassfish</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>annotation</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>GlassFish Community</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>https://javaee.github.io/glassfish</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>javax.annotation-api</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>jvnet-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>${extension.name} API</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>java.annotation</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://jcp.org/en/jsr/detail?id=250</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>org.glassfish</td><td>Medium</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>javax.annotation-api</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>javax</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>javax.annotation API</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>javax.annotation-api</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>javax.annotation</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>extension-name</td><td>javax.annotation</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>jvnet-parent</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>net.java</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>https://javaee.github.io/glassfish</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>annotation</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>javax.annotation-api</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>${extension.name} API</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://jcp.org/en/jsr/detail?id=250</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>java.annotation</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>https://javaee.github.io/glassfish</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>javax.annotation-api</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>GlassFish Community</td><td>Low</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>1.3.2</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.3.2</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>1.3.2</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.3.2</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>parent-version</td><td>1.3.2</td><td>Low</td></tr></table></div><h4 id="header152" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content152" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: javax.annotation-api-1.3.2.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/javax.annotation-api-1.3.2.jar</li><li>MD5:&nbsp;2ab1973eefffaa2aeec47d50b9e40b9d</li><li>SHA1:&nbsp;934c04d3cfef185a8008e7bf34331b79730a9d43</li><li>SHA256:&nbsp;e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b</li></ul></li></ul></div><h4 id="header153" class="subsectionheader white">Identifiers</h4><div id="content153" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/javax.annotation/javax.annotation-api@1.3.2" target="_blank">pkg:maven/javax.annotation/javax.annotation-api@1.3.2</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l51_07c10d545325e3a6e72e06381afe469fd40eb701"></a>jackson-annotations-2.9.0.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Core annotations used for value types, used by Jackson data binding package.
  </pre></p><p><b>License:</b><pre class="indent"><a href="http://www.apache.org/licenses/LICENSE-2.0.txt">http://www.apache.org/licenses/LICENSE-2.0.txt</a></pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jackson-annotations-2.9.0.jar<br/><b>MD5:</b>&nbsp;c09faa1b063681cf45706c6df50685b6<br/><b>SHA1:</b>&nbsp;07c10d545325e3a6e72e06381afe469fd40eb701<br/><b>SHA256:</b>45d32ac61ef8a744b464c54c2b3414be571016dd46bfc2bec226761cf7ae457a</p><h4 id="header154" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content154" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jackson-annotations</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://github.com/FasterXML/jackson</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>jackson</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>implementation-build-date</td><td>2017-07-30 03:53:23+0000</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-groupid</td><td>com.fasterxml.jackson</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>fasterxml.jackson.core</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>jackson-annotations</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Jackson-annotations</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>FasterXML</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>com.fasterxml.jackson.core.jackson-annotations</td><td>Medium</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>fasterxml</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>jackson-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-docurl</td><td>http://github.com/FasterXML/jackson</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor-Id</td><td>com.fasterxml.jackson.core</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>FasterXML</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jackson-annotations</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.6))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://github.com/FasterXML/jackson</td><td>Medium</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>jackson</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>implementation-build-date</td><td>2017-07-30 03:53:23+0000</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>jackson-parent</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>com.fasterxml.jackson</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>Jackson-annotations</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>fasterxml.jackson.core</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Jackson-annotations</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>fasterxml</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>com.fasterxml.jackson.core.jackson-annotations</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>jackson-annotations</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-docurl</td><td>http://github.com/FasterXML/jackson</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>Jackson-annotations</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>Jackson-annotations</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Bundle-Version</td><td>2.9.0</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.9.0</td><td>Highest</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>2.9.0</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>2.9.0</td><td>High</td></tr></table></div><h4 id="header155" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content155" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: jackson-annotations-2.9.0.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jackson-annotations-2.9.0.jar</li><li>MD5:&nbsp;c09faa1b063681cf45706c6df50685b6</li><li>SHA1:&nbsp;07c10d545325e3a6e72e06381afe469fd40eb701</li><li>SHA256:&nbsp;45d32ac61ef8a744b464c54c2b3414be571016dd46bfc2bec226761cf7ae457a</li></ul></li></ul></div><h4 id="header156" class="subsectionheader white">Identifiers</h4><div id="content156" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.0" target="_blank">pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.0</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Afasterxml&amp;cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson&amp;cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson%3A2.9.0" target="_blank">cpe:2.3:a:fasterxml:jackson:2.9.0:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('jackson-annotations-2.9.0.jar', '07c10d545325e3a6e72e06381afe469fd40eb701', 'pkg:maven\/com.fasterxml.jackson.core\/jackson-annotations@2.9.0', 'cpe', 'cpe:\/a:fasterxml:jackson')">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l52_769c0b82cb2421c8256300e907298a9410a2a3d3"></a>LatencyUtils-2.0.3.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>
        LatencyUtils is a package that provides latency recording and reporting utilities.
    </pre></p><p><b>License:</b><pre class="indent">Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/LatencyUtils-2.0.3.jar<br/><b>MD5:</b>&nbsp;2ad12e1ef7614cecfb0483fa9ac6da73<br/><b>SHA1:</b>&nbsp;769c0b82cb2421c8256300e907298a9410a2a3d3<br/><b>SHA256:</b>a32a9ffa06b2f4e01c5360f8f9df7bc5d9454a5d373cd8f361347fa5a57165ec</p><h4 id="header157" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content157" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://latencyutils.github.io/LatencyUtils/</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>latencyutils</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>LatencyUtils</td><td>High</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>LatencyUtils</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>LatencyUtils</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>latencyutils</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>latencyutils</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>LatencyUtils</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>latencyutils</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>LatencyUtils</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://latencyutils.github.io/LatencyUtils/</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>LatencyUtils</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>latencyutils</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>2.0.3</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.0.3</td><td>Highest</td></tr></table></div><h4 id="header158" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content158" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: LatencyUtils-2.0.3.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/LatencyUtils-2.0.3.jar</li><li>MD5:&nbsp;2ad12e1ef7614cecfb0483fa9ac6da73</li><li>SHA1:&nbsp;769c0b82cb2421c8256300e907298a9410a2a3d3</li><li>SHA256:&nbsp;a32a9ffa06b2f4e01c5360f8f9df7bc5d9454a5d373cd8f361347fa5a57165ec</li></ul></li></ul></div><h4 id="header159" class="subsectionheader white">Identifiers</h4><div id="content159" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.latencyutils/LatencyUtils@2.0.3" target="_blank">pkg:maven/org.latencyutils/LatencyUtils@2.0.3</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l53_80f18f9b3ec47cf5854cb30dcd6b9548c32b9567"></a>bootstrap-3.3.6.jar: webjars-requirejs.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/webjars-requirejs.js<br/><b>MD5:</b>&nbsp;66507db20354e58b4c9ba7ab8f9ce714<br/><b>SHA1:</b>&nbsp;80f18f9b3ec47cf5854cb30dcd6b9548c32b9567<br/><b>SHA256:</b>b9a900c1c14f8b4980d34de9f2787b0bac576efc4f176aa70433a71950a14b26</p><h4 id="header160" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content160" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header161" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content161" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: bootstrap-3.3.6.jar: webjars-requirejs.js.gz: webjars-requirejs.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/webjars-requirejs.js.gz/webjars-requirejs.js</li><li>MD5:&nbsp;66507db20354e58b4c9ba7ab8f9ce714</li><li>SHA1:&nbsp;80f18f9b3ec47cf5854cb30dcd6b9548c32b9567</li><li>SHA256:&nbsp;b9a900c1c14f8b4980d34de9f2787b0bac576efc4f176aa70433a71950a14b26</li></ul></li><li>bootstrap-3.3.6.jar: webjars-requirejs.js.gz: webjars-requirejs.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/webjars-requirejs.js.gz/webjars-requirejs.js</li><li>MD5:&nbsp;66507db20354e58b4c9ba7ab8f9ce714</li><li>SHA1:&nbsp;80f18f9b3ec47cf5854cb30dcd6b9548c32b9567</li><li>SHA256:&nbsp;b9a900c1c14f8b4980d34de9f2787b0bac576efc4f176aa70433a71950a14b26</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: webjars-requirejs.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/webjars-requirejs.js</li><li>MD5:&nbsp;66507db20354e58b4c9ba7ab8f9ce714</li><li>SHA1:&nbsp;80f18f9b3ec47cf5854cb30dcd6b9548c32b9567</li><li>SHA256:&nbsp;b9a900c1c14f8b4980d34de9f2787b0bac576efc4f176aa70433a71950a14b26</li></ul></li></ul></div><h4 id="header162" class="subsectionheader white">Identifiers</h4><div id="content162" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l54_03d4e6b9c40809e0d902461df8da25561a44ebf2"></a>bootstrap-3.3.6.jar: tooltip.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/tooltip.js<br/><b>MD5:</b>&nbsp;c4a6379c9f74d73e0e045be0fefdf95f<br/><b>SHA1:</b>&nbsp;03d4e6b9c40809e0d902461df8da25561a44ebf2<br/><b>SHA256:</b>3bc9620928f72c4e1181b208f0d8f63be31ae35a03e0de7c967c14b4d9360db7</p><h4 id="header163" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content163" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header164" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content164" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: bootstrap-3.3.6.jar: tooltip.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/tooltip.js</li><li>MD5:&nbsp;c4a6379c9f74d73e0e045be0fefdf95f</li><li>SHA1:&nbsp;03d4e6b9c40809e0d902461df8da25561a44ebf2</li><li>SHA256:&nbsp;3bc9620928f72c4e1181b208f0d8f63be31ae35a03e0de7c967c14b4d9360db7</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: tooltip.js.gz: tooltip.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/tooltip.js.gz/tooltip.js</li><li>MD5:&nbsp;c4a6379c9f74d73e0e045be0fefdf95f</li><li>SHA1:&nbsp;03d4e6b9c40809e0d902461df8da25561a44ebf2</li><li>SHA256:&nbsp;3bc9620928f72c4e1181b208f0d8f63be31ae35a03e0de7c967c14b4d9360db7</li></ul></li><li>bootstrap-3.3.6.jar: tooltip.js.gz: tooltip.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/tooltip.js.gz/tooltip.js</li><li>MD5:&nbsp;c4a6379c9f74d73e0e045be0fefdf95f</li><li>SHA1:&nbsp;03d4e6b9c40809e0d902461df8da25561a44ebf2</li><li>SHA256:&nbsp;3bc9620928f72c4e1181b208f0d8f63be31ae35a03e0de7c967c14b4d9360db7</li></ul></li></ul></div><h4 id="header165" class="subsectionheader white">Identifiers</h4><div id="content165" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l55_0d258e8d3bd2a88fbb3f56c6fadb79f533c38525"></a>bootstrap-3.3.6.jar: alert.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/alert.js<br/><b>MD5:</b>&nbsp;8cbee2ee1f07de10728ba4cc283e0739<br/><b>SHA1:</b>&nbsp;0d258e8d3bd2a88fbb3f56c6fadb79f533c38525<br/><b>SHA256:</b>bf5bf7c66a7596b466425b03510276de2013f8da3d4eab474b544c323b40c9c9</p><h4 id="header166" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content166" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header167" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content167" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: bootstrap-3.3.6.jar: alert.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/alert.js</li><li>MD5:&nbsp;8cbee2ee1f07de10728ba4cc283e0739</li><li>SHA1:&nbsp;0d258e8d3bd2a88fbb3f56c6fadb79f533c38525</li><li>SHA256:&nbsp;bf5bf7c66a7596b466425b03510276de2013f8da3d4eab474b544c323b40c9c9</li></ul></li><li>bootstrap-3.3.6.jar: alert.js.gz: alert.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/alert.js.gz/alert.js</li><li>MD5:&nbsp;8cbee2ee1f07de10728ba4cc283e0739</li><li>SHA1:&nbsp;0d258e8d3bd2a88fbb3f56c6fadb79f533c38525</li><li>SHA256:&nbsp;bf5bf7c66a7596b466425b03510276de2013f8da3d4eab474b544c323b40c9c9</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: alert.js.gz: alert.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/alert.js.gz/alert.js</li><li>MD5:&nbsp;8cbee2ee1f07de10728ba4cc283e0739</li><li>SHA1:&nbsp;0d258e8d3bd2a88fbb3f56c6fadb79f533c38525</li><li>SHA256:&nbsp;bf5bf7c66a7596b466425b03510276de2013f8da3d4eab474b544c323b40c9c9</li></ul></li></ul></div><h4 id="header168" class="subsectionheader white">Identifiers</h4><div id="content168" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l56_31eefe9e317463bd60a3613cefd19a431f863685"></a>bootstrap-3.3.6.jar: scrollspy.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/scrollspy.js<br/><b>MD5:</b>&nbsp;26d9ab6e4f1d34ef36e14943eb017d44<br/><b>SHA1:</b>&nbsp;31eefe9e317463bd60a3613cefd19a431f863685<br/><b>SHA256:</b>1271feec9ed30f0f41dfacd74a9203178ea9b97ae881e0e67f8f5b4584158657</p><h4 id="header169" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content169" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header170" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content170" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: bootstrap-3.3.6.jar: scrollspy.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/scrollspy.js</li><li>MD5:&nbsp;26d9ab6e4f1d34ef36e14943eb017d44</li><li>SHA1:&nbsp;31eefe9e317463bd60a3613cefd19a431f863685</li><li>SHA256:&nbsp;1271feec9ed30f0f41dfacd74a9203178ea9b97ae881e0e67f8f5b4584158657</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: scrollspy.js.gz: scrollspy.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/scrollspy.js.gz/scrollspy.js</li><li>MD5:&nbsp;26d9ab6e4f1d34ef36e14943eb017d44</li><li>SHA1:&nbsp;31eefe9e317463bd60a3613cefd19a431f863685</li><li>SHA256:&nbsp;1271feec9ed30f0f41dfacd74a9203178ea9b97ae881e0e67f8f5b4584158657</li></ul></li><li>bootstrap-3.3.6.jar: scrollspy.js.gz: scrollspy.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/scrollspy.js.gz/scrollspy.js</li><li>MD5:&nbsp;26d9ab6e4f1d34ef36e14943eb017d44</li><li>SHA1:&nbsp;31eefe9e317463bd60a3613cefd19a431f863685</li><li>SHA256:&nbsp;1271feec9ed30f0f41dfacd74a9203178ea9b97ae881e0e67f8f5b4584158657</li></ul></li></ul></div><h4 id="header171" class="subsectionheader white">Identifiers</h4><div id="content171" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l57_8886023d432a56c0cf15bb0d40f4f81cea09b8bf"></a>bootstrap-3.3.6.jar: affix.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/affix.js<br/><b>MD5:</b>&nbsp;252d27257a5b7ed1bce8fd797ea20a3c<br/><b>SHA1:</b>&nbsp;8886023d432a56c0cf15bb0d40f4f81cea09b8bf<br/><b>SHA256:</b>1ee8ac8eff7b2c225d85963ee6160f0071297a3fdaf1532688c4fe01cfc0fb94</p><h4 id="header172" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content172" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header173" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content173" class="subsectioncontent standardsubsection hidden"><ul><li>bootstrap-3.3.6.jar: affix.js.gz: affix.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/affix.js.gz/affix.js</li><li>MD5:&nbsp;252d27257a5b7ed1bce8fd797ea20a3c</li><li>SHA1:&nbsp;8886023d432a56c0cf15bb0d40f4f81cea09b8bf</li><li>SHA256:&nbsp;1ee8ac8eff7b2c225d85963ee6160f0071297a3fdaf1532688c4fe01cfc0fb94</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: affix.js.gz: affix.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/affix.js.gz/affix.js</li><li>MD5:&nbsp;252d27257a5b7ed1bce8fd797ea20a3c</li><li>SHA1:&nbsp;8886023d432a56c0cf15bb0d40f4f81cea09b8bf</li><li>SHA256:&nbsp;1ee8ac8eff7b2c225d85963ee6160f0071297a3fdaf1532688c4fe01cfc0fb94</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: affix.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/affix.js</li><li>MD5:&nbsp;252d27257a5b7ed1bce8fd797ea20a3c</li><li>SHA1:&nbsp;8886023d432a56c0cf15bb0d40f4f81cea09b8bf</li><li>SHA256:&nbsp;1ee8ac8eff7b2c225d85963ee6160f0071297a3fdaf1532688c4fe01cfc0fb94</li></ul></li></ul></div><h4 id="header174" class="subsectionheader white">Identifiers</h4><div id="content174" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l58_e2b7590d6ec1fdac66b01fdf66ae0879f53b1262"></a>bootstrap-3.3.6.jar: npm.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/npm.js<br/><b>MD5:</b>&nbsp;ccb7f3909e30b1eb8f65a24393c6e12b<br/><b>SHA1:</b>&nbsp;e2b7590d6ec1fdac66b01fdf66ae0879f53b1262<br/><b>SHA256:</b>c7aa82a1aa7d45224a38d926d2adaff7fe4aef5bcdafa2a47bdac057f4422c2d</p><h4 id="header175" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content175" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header176" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content176" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: bootstrap-3.3.6.jar: npm.js.gz: npm.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/npm.js.gz/npm.js</li><li>MD5:&nbsp;ccb7f3909e30b1eb8f65a24393c6e12b</li><li>SHA1:&nbsp;e2b7590d6ec1fdac66b01fdf66ae0879f53b1262</li><li>SHA256:&nbsp;c7aa82a1aa7d45224a38d926d2adaff7fe4aef5bcdafa2a47bdac057f4422c2d</li></ul></li><li>bootstrap-3.3.6.jar: npm.js.gz: npm.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/npm.js.gz/npm.js</li><li>MD5:&nbsp;ccb7f3909e30b1eb8f65a24393c6e12b</li><li>SHA1:&nbsp;e2b7590d6ec1fdac66b01fdf66ae0879f53b1262</li><li>SHA256:&nbsp;c7aa82a1aa7d45224a38d926d2adaff7fe4aef5bcdafa2a47bdac057f4422c2d</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: npm.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/npm.js</li><li>MD5:&nbsp;ccb7f3909e30b1eb8f65a24393c6e12b</li><li>SHA1:&nbsp;e2b7590d6ec1fdac66b01fdf66ae0879f53b1262</li><li>SHA256:&nbsp;c7aa82a1aa7d45224a38d926d2adaff7fe4aef5bcdafa2a47bdac057f4422c2d</li></ul></li></ul></div><h4 id="header177" class="subsectionheader white">Identifiers</h4><div id="content177" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l59_1f440c2caf9aec9ea303ecb0060da37b9614a289"></a>bootstrap-3.3.6.jar: modal.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/modal.js<br/><b>MD5:</b>&nbsp;f057e38edc5fa444b138a317a8fa2cbc<br/><b>SHA1:</b>&nbsp;1f440c2caf9aec9ea303ecb0060da37b9614a289<br/><b>SHA256:</b>d52795b36f7aca99c78a0b84b17f425c8878dd44b87620b629521f388fa8b0a8</p><h4 id="header178" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content178" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header179" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content179" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: bootstrap-3.3.6.jar: modal.js.gz: modal.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/modal.js.gz/modal.js</li><li>MD5:&nbsp;f057e38edc5fa444b138a317a8fa2cbc</li><li>SHA1:&nbsp;1f440c2caf9aec9ea303ecb0060da37b9614a289</li><li>SHA256:&nbsp;d52795b36f7aca99c78a0b84b17f425c8878dd44b87620b629521f388fa8b0a8</li></ul></li><li>bootstrap-3.3.6.jar: modal.js.gz: modal.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/modal.js.gz/modal.js</li><li>MD5:&nbsp;f057e38edc5fa444b138a317a8fa2cbc</li><li>SHA1:&nbsp;1f440c2caf9aec9ea303ecb0060da37b9614a289</li><li>SHA256:&nbsp;d52795b36f7aca99c78a0b84b17f425c8878dd44b87620b629521f388fa8b0a8</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: modal.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/modal.js</li><li>MD5:&nbsp;f057e38edc5fa444b138a317a8fa2cbc</li><li>SHA1:&nbsp;1f440c2caf9aec9ea303ecb0060da37b9614a289</li><li>SHA256:&nbsp;d52795b36f7aca99c78a0b84b17f425c8878dd44b87620b629521f388fa8b0a8</li></ul></li></ul></div><h4 id="header180" class="subsectionheader white">Identifiers</h4><div id="content180" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l60_9854a6dcb26c946f1fb47c14014aef3a5262f76b"></a>bootstrap-3.3.6.jar: dropdown.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/dropdown.js<br/><b>MD5:</b>&nbsp;65051d98394d995212ff5b7030c4071e<br/><b>SHA1:</b>&nbsp;9854a6dcb26c946f1fb47c14014aef3a5262f76b<br/><b>SHA256:</b>92d4c20f5350f2ba58e5dd6dea20685850c0ed453eeaf4be0174ec300a19e7c1</p><h4 id="header181" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content181" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header182" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content182" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: bootstrap-3.3.6.jar: dropdown.js.gz: dropdown.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/dropdown.js.gz/dropdown.js</li><li>MD5:&nbsp;65051d98394d995212ff5b7030c4071e</li><li>SHA1:&nbsp;9854a6dcb26c946f1fb47c14014aef3a5262f76b</li><li>SHA256:&nbsp;92d4c20f5350f2ba58e5dd6dea20685850c0ed453eeaf4be0174ec300a19e7c1</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: dropdown.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/dropdown.js</li><li>MD5:&nbsp;65051d98394d995212ff5b7030c4071e</li><li>SHA1:&nbsp;9854a6dcb26c946f1fb47c14014aef3a5262f76b</li><li>SHA256:&nbsp;92d4c20f5350f2ba58e5dd6dea20685850c0ed453eeaf4be0174ec300a19e7c1</li></ul></li><li>bootstrap-3.3.6.jar: dropdown.js.gz: dropdown.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/dropdown.js.gz/dropdown.js</li><li>MD5:&nbsp;65051d98394d995212ff5b7030c4071e</li><li>SHA1:&nbsp;9854a6dcb26c946f1fb47c14014aef3a5262f76b</li><li>SHA256:&nbsp;92d4c20f5350f2ba58e5dd6dea20685850c0ed453eeaf4be0174ec300a19e7c1</li></ul></li></ul></div><h4 id="header183" class="subsectionheader white">Identifiers</h4><div id="content183" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l61_399599edcd049de09cef0c3fd7d662b5343c9de9"></a>bootstrap-3.3.6.jar: transition.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/transition.js<br/><b>MD5:</b>&nbsp;94f8bbd34de5157ec8a86a30f0ffcf82<br/><b>SHA1:</b>&nbsp;399599edcd049de09cef0c3fd7d662b5343c9de9<br/><b>SHA256:</b>4c4992c0cea541a09ca27f2fff93f9b0cbb4ad28065af1ffccf711f53b67f976</p><h4 id="header184" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content184" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header185" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content185" class="subsectioncontent standardsubsection hidden"><ul><li>bootstrap-3.3.6.jar: transition.js.gz: transition.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/transition.js.gz/transition.js</li><li>MD5:&nbsp;94f8bbd34de5157ec8a86a30f0ffcf82</li><li>SHA1:&nbsp;399599edcd049de09cef0c3fd7d662b5343c9de9</li><li>SHA256:&nbsp;4c4992c0cea541a09ca27f2fff93f9b0cbb4ad28065af1ffccf711f53b67f976</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: transition.js.gz: transition.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/transition.js.gz/transition.js</li><li>MD5:&nbsp;94f8bbd34de5157ec8a86a30f0ffcf82</li><li>SHA1:&nbsp;399599edcd049de09cef0c3fd7d662b5343c9de9</li><li>SHA256:&nbsp;4c4992c0cea541a09ca27f2fff93f9b0cbb4ad28065af1ffccf711f53b67f976</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: transition.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/transition.js</li><li>MD5:&nbsp;94f8bbd34de5157ec8a86a30f0ffcf82</li><li>SHA1:&nbsp;399599edcd049de09cef0c3fd7d662b5343c9de9</li><li>SHA256:&nbsp;4c4992c0cea541a09ca27f2fff93f9b0cbb4ad28065af1ffccf711f53b67f976</li></ul></li></ul></div><h4 id="header186" class="subsectionheader white">Identifiers</h4><div id="content186" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l62_144c6a2dc7a5052cd1fe45f61ecbbaf22351b14a"></a>bootstrap-3.3.6.jar: popover.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/popover.js<br/><b>MD5:</b>&nbsp;5b32b736b04ef19f68614b82030b5f70<br/><b>SHA1:</b>&nbsp;144c6a2dc7a5052cd1fe45f61ecbbaf22351b14a<br/><b>SHA256:</b>9eafe4728dfc7e529f79efd40c66905b3c6eeffec39e7411c84aac54c5ed4cd1</p><h4 id="header187" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content187" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header188" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content188" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: bootstrap-3.3.6.jar: popover.js.gz: popover.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/popover.js.gz/popover.js</li><li>MD5:&nbsp;5b32b736b04ef19f68614b82030b5f70</li><li>SHA1:&nbsp;144c6a2dc7a5052cd1fe45f61ecbbaf22351b14a</li><li>SHA256:&nbsp;9eafe4728dfc7e529f79efd40c66905b3c6eeffec39e7411c84aac54c5ed4cd1</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: popover.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/popover.js</li><li>MD5:&nbsp;5b32b736b04ef19f68614b82030b5f70</li><li>SHA1:&nbsp;144c6a2dc7a5052cd1fe45f61ecbbaf22351b14a</li><li>SHA256:&nbsp;9eafe4728dfc7e529f79efd40c66905b3c6eeffec39e7411c84aac54c5ed4cd1</li></ul></li><li>bootstrap-3.3.6.jar: popover.js.gz: popover.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/popover.js.gz/popover.js</li><li>MD5:&nbsp;5b32b736b04ef19f68614b82030b5f70</li><li>SHA1:&nbsp;144c6a2dc7a5052cd1fe45f61ecbbaf22351b14a</li><li>SHA256:&nbsp;9eafe4728dfc7e529f79efd40c66905b3c6eeffec39e7411c84aac54c5ed4cd1</li></ul></li></ul></div><h4 id="header189" class="subsectionheader white">Identifiers</h4><div id="content189" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l63_815b7412fefeb0a27dfc6e250145071f2f1e6ead"></a>bootstrap-3.3.6.jar: carousel.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/carousel.js<br/><b>MD5:</b>&nbsp;00705d0a2de981bcd603e143e62b2001<br/><b>SHA1:</b>&nbsp;815b7412fefeb0a27dfc6e250145071f2f1e6ead<br/><b>SHA256:</b>8267c3df279fd9d3c5697fae952443782aa70ea97bfb18b9a4af9b8b1ae934a7</p><h4 id="header190" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content190" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header191" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content191" class="subsectioncontent standardsubsection hidden"><ul><li>bootstrap-3.3.6.jar: carousel.js.gz: carousel.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/carousel.js.gz/carousel.js</li><li>MD5:&nbsp;00705d0a2de981bcd603e143e62b2001</li><li>SHA1:&nbsp;815b7412fefeb0a27dfc6e250145071f2f1e6ead</li><li>SHA256:&nbsp;8267c3df279fd9d3c5697fae952443782aa70ea97bfb18b9a4af9b8b1ae934a7</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: carousel.js.gz: carousel.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/carousel.js.gz/carousel.js</li><li>MD5:&nbsp;00705d0a2de981bcd603e143e62b2001</li><li>SHA1:&nbsp;815b7412fefeb0a27dfc6e250145071f2f1e6ead</li><li>SHA256:&nbsp;8267c3df279fd9d3c5697fae952443782aa70ea97bfb18b9a4af9b8b1ae934a7</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: carousel.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/carousel.js</li><li>MD5:&nbsp;00705d0a2de981bcd603e143e62b2001</li><li>SHA1:&nbsp;815b7412fefeb0a27dfc6e250145071f2f1e6ead</li><li>SHA256:&nbsp;8267c3df279fd9d3c5697fae952443782aa70ea97bfb18b9a4af9b8b1ae934a7</li></ul></li></ul></div><h4 id="header192" class="subsectionheader white">Identifiers</h4><div id="content192" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l64_bd1e9a435e6623b85c0987b83362d9b5ded17046"></a>bootstrap-3.3.6.jar: collapse.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/collapse.js<br/><b>MD5:</b>&nbsp;4c0a626e3f4a62146f9a6bae17ac0639<br/><b>SHA1:</b>&nbsp;bd1e9a435e6623b85c0987b83362d9b5ded17046<br/><b>SHA256:</b>7febc2b3ac8b8e30b18df2cb8cbfcef590a2788526a40ec9b039701096354a04</p><h4 id="header193" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content193" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header194" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content194" class="subsectioncontent standardsubsection hidden"><ul><li>bootstrap-3.3.6.jar: collapse.js.gz: collapse.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/collapse.js.gz/collapse.js</li><li>MD5:&nbsp;4c0a626e3f4a62146f9a6bae17ac0639</li><li>SHA1:&nbsp;bd1e9a435e6623b85c0987b83362d9b5ded17046</li><li>SHA256:&nbsp;7febc2b3ac8b8e30b18df2cb8cbfcef590a2788526a40ec9b039701096354a04</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: collapse.js.gz: collapse.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/collapse.js.gz/collapse.js</li><li>MD5:&nbsp;4c0a626e3f4a62146f9a6bae17ac0639</li><li>SHA1:&nbsp;bd1e9a435e6623b85c0987b83362d9b5ded17046</li><li>SHA256:&nbsp;7febc2b3ac8b8e30b18df2cb8cbfcef590a2788526a40ec9b039701096354a04</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: collapse.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/collapse.js</li><li>MD5:&nbsp;4c0a626e3f4a62146f9a6bae17ac0639</li><li>SHA1:&nbsp;bd1e9a435e6623b85c0987b83362d9b5ded17046</li><li>SHA256:&nbsp;7febc2b3ac8b8e30b18df2cb8cbfcef590a2788526a40ec9b039701096354a04</li></ul></li></ul></div><h4 id="header195" class="subsectionheader white">Identifiers</h4><div id="content195" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l65_6541480c4f9f3dd2d6a5467dea62d53a5355d3da"></a>bootstrap-3.3.6.jar: button.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/button.js<br/><b>MD5:</b>&nbsp;f9c1f74c13e3bb7ed1298ce516807966<br/><b>SHA1:</b>&nbsp;6541480c4f9f3dd2d6a5467dea62d53a5355d3da<br/><b>SHA256:</b>318791b8d45a0840fb365758254c88018813dc074a15816bbc34371e85b16f95</p><h4 id="header196" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content196" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header197" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content197" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: bootstrap-3.3.6.jar: button.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/button.js</li><li>MD5:&nbsp;f9c1f74c13e3bb7ed1298ce516807966</li><li>SHA1:&nbsp;6541480c4f9f3dd2d6a5467dea62d53a5355d3da</li><li>SHA256:&nbsp;318791b8d45a0840fb365758254c88018813dc074a15816bbc34371e85b16f95</li></ul></li><li>bootstrap-3.3.6.jar: button.js.gz: button.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/button.js.gz/button.js</li><li>MD5:&nbsp;f9c1f74c13e3bb7ed1298ce516807966</li><li>SHA1:&nbsp;6541480c4f9f3dd2d6a5467dea62d53a5355d3da</li><li>SHA256:&nbsp;318791b8d45a0840fb365758254c88018813dc074a15816bbc34371e85b16f95</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: button.js.gz: button.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/button.js.gz/button.js</li><li>MD5:&nbsp;f9c1f74c13e3bb7ed1298ce516807966</li><li>SHA1:&nbsp;6541480c4f9f3dd2d6a5467dea62d53a5355d3da</li><li>SHA256:&nbsp;318791b8d45a0840fb365758254c88018813dc074a15816bbc34371e85b16f95</li></ul></li></ul></div><h4 id="header198" class="subsectionheader white">Identifiers</h4><div id="content198" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l66_75a8bdb9040581703e34221babea07114c33315a"></a>bootstrap-3.3.6.jar: tab.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/tab.js<br/><b>MD5:</b>&nbsp;451e9d742ed72f9bf5d19a18159130a2<br/><b>SHA1:</b>&nbsp;75a8bdb9040581703e34221babea07114c33315a<br/><b>SHA256:</b>43e16be52d7c5353c317273b82e5c58d5ab30c85a567deaa0b52dfdc54deec9b</p><h4 id="header199" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content199" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header200" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content200" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: bootstrap-3.3.6.jar: tab.js.gz: tab.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/tab.js.gz/tab.js</li><li>MD5:&nbsp;451e9d742ed72f9bf5d19a18159130a2</li><li>SHA1:&nbsp;75a8bdb9040581703e34221babea07114c33315a</li><li>SHA256:&nbsp;43e16be52d7c5353c317273b82e5c58d5ab30c85a567deaa0b52dfdc54deec9b</li></ul></li><li>petclinic.war: bootstrap-3.3.6.jar: tab.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/tab.js</li><li>MD5:&nbsp;451e9d742ed72f9bf5d19a18159130a2</li><li>SHA1:&nbsp;75a8bdb9040581703e34221babea07114c33315a</li><li>SHA256:&nbsp;43e16be52d7c5353c317273b82e5c58d5ab30c85a567deaa0b52dfdc54deec9b</li></ul></li><li>bootstrap-3.3.6.jar: tab.js.gz: tab.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/bootstrap-3.3.6.jar/META-INF/resources/webjars/bootstrap/3.3.6/js/tab.js.gz/tab.js</li><li>MD5:&nbsp;451e9d742ed72f9bf5d19a18159130a2</li><li>SHA1:&nbsp;75a8bdb9040581703e34221babea07114c33315a</li><li>SHA256:&nbsp;43e16be52d7c5353c317273b82e5c58d5ab30c85a567deaa0b52dfdc54deec9b</li></ul></li></ul></div><h4 id="header201" class="subsectionheader white">Identifiers</h4><div id="content201" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l67_4cbaa992fa5509edc74d9543ab5f8f14e20fb197"></a>petclinic.war: spring-boot-starter-tomcat-2.1.1.RELEASE.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Starter for using Tomcat as the embedded servlet container. Default
		servlet container starter used by spring-boot-starter-web</pre></p><p><b>License:</b><pre class="indent">Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib-provided/spring-boot-starter-tomcat-2.1.1.RELEASE.jar<br/><b>MD5:</b>&nbsp;eecd536892525ee05bfaed21d7792297<br/><b>SHA1:</b>&nbsp;4cbaa992fa5509edc74d9543ab5f8f14e20fb197<br/><b>SHA256:</b>d4302cf7dda84481e927152a39e079f9dc5dc461c1c9fbc9ecc37aea914c9662</p><h4 id="header202" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content202" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Pivotal Software, Inc.</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>spring-boot-starters</td><td>Low</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>org.springframework.boot</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Spring Boot Tomcat Starter</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>automatic-module-name</td><td>spring.boot.starter.tomcat</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>https://spring.io</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-tomcat</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>spring-boot-starter-tomcat</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>spring-boot-starter-tomcat</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>springframework.boot</td><td>Highest</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>spring-boot-starter-tomcat</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Spring Boot Tomcat Starter</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>automatic-module-name</td><td>spring.boot.starter.tomcat</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Pivotal Software, Inc.</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>spring-boot-starters</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-tomcat</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>spring-boot-starter-tomcat</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>parent-groupid</td><td>org.springframework.boot</td><td>Medium</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>spring-boot-starter-tomcat</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>Spring Boot Tomcat Starter</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>springframework.boot</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>https://spring.io</td><td>Low</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>2.1.1.RELEASE</td><td>High</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>2.1.1.RELEASE</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.1.1.RELEASE</td><td>Highest</td></tr></table></div><h4 id="header203" class="subsectionheader white">Identifiers</h4><div id="content203" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.1.1.RELEASE" target="_blank">pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.1.1.RELEASE</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Apivotal_software&amp;cpe_product=cpe%3A%2F%3Apivotal_software%3Aspring_boot&amp;cpe_version=cpe%3A%2F%3Apivotal_software%3Aspring_boot%3A2.1.1" target="_blank">cpe:2.3:a:pivotal_software:spring_boot:2.1.1:release:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:High)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('petclinic.war: spring-boot-starter-tomcat-2.1.1.RELEASE.jar', '4cbaa992fa5509edc74d9543ab5f8f14e20fb197', 'pkg:maven\/org.springframework.boot\/spring-boot-starter-tomcat@2.1.1.RELEASE', 'cpe', 'cpe:\/a:pivotal_software:spring_boot')">suppress</button></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l68_5d8b3277df6197cb03233fe407f54012f7166c65"></a>petclinic.war: tomcat-embed-el-9.0.13.jar</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>Core Tomcat implementation</pre></p><p><b>License:</b><pre class="indent">Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib-provided/tomcat-embed-el-9.0.13.jar<br/><b>MD5:</b>&nbsp;49827264b76db4f8d5051e1dfae45139<br/><b>SHA1:</b>&nbsp;5d8b3277df6197cb03233fe407f54012f7166c65<br/><b>SHA256:</b>c2e6f59ea9a233e61a4c788b2f51bafa04890463d970e16cc8944eb3015413fa</p><h4 id="header204" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content204" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>dstamp</td><td>20181102</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>apache</td><td>Highest</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>tomcat-embed-el</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>Apache Software Foundation</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>TOMCAT_9_0_13</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>tomcat-embed-el</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>originally-created-by</td><td>1.8.0_181-b13 (Oracle Corporation)</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>Apache Software Foundation</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>tstamp</td><td>1427</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>el</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>https://tomcat.apache.org/</td><td>Highest</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>org.apache.tomcat.embed</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>apache</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>apache.tomcat.embed</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>today</td><td>November 2 2018</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>dstamp</td><td>20181102</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>apache</td><td>Highest</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>tomcat-embed-el</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>TOMCAT_9_0_13</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>originally-created-by</td><td>1.8.0_181-b13 (Oracle Corporation)</td><td>Low</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>tomcat-embed-el</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>tomcat-embed-el</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>tstamp</td><td>1427</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>el</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>Apache Tomcat</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>https://tomcat.apache.org/</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>TOMCAT_9_0_13</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>Apache Tomcat</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>apache.tomcat.embed</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>today</td><td>November 2 2018</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>9.0.13</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>9.0.13</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>9.0.13</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>9.0.13</td><td>High</td></tr></table></div><h4 id="header205" class="subsectionheader white">Identifiers</h4><div id="content205" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@9.0.13" target="_blank">pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@9.0.13</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection"><a name="l69_20c90a060e1e497e0c1398f59c058279a8ae203d"></a>petclinic.war: tomcat-embed-core-9.0.13.jar</h3><div class="subsectioncontent"><p><b>Description:</b><pre>Core Tomcat implementation</pre></p><p><b>License:</b><pre class="indent">Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib-provided/tomcat-embed-core-9.0.13.jar<br/><b>MD5:</b>&nbsp;6701e058265e801b7ca0f1e902fc3656<br/><b>SHA1:</b>&nbsp;20c90a060e1e497e0c1398f59c058279a8ae203d<br/><b>SHA256:</b>fbd3a243f351bcf25d0c1672df869c1c27028b60aa5b29b4e74f8d1250240ff9</p><h4 id="header206" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content206" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>Manifest</td><td>dstamp</td><td>20181102</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>apache</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>tomcat</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>Implementation-Vendor</td><td>Apache Software Foundation</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>tomcat-embed-core</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>tomcat-embed-core</td><td>High</td></tr><tr><td>Vendor</td><td>Manifest</td><td>bundle-symbolicname</td><td>TOMCAT_9_0_13</td><td>Medium</td></tr><tr><td>Vendor</td><td>Manifest</td><td>originally-created-by</td><td>1.8.0_181-b13 (Oracle Corporation)</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>specification-vendor</td><td>Apache Software Foundation</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>tstamp</td><td>1427</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>https://tomcat.apache.org/</td><td>Highest</td></tr><tr><td>Vendor</td><td>central</td><td>groupid</td><td>org.apache.tomcat.embed</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>apache</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>apache.tomcat.embed</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>today</td><td>November 2 2018</td><td>Low</td></tr><tr><td>Vendor</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>tomcat-embed-core</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>dstamp</td><td>20181102</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>apache</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>tomcat</td><td>Highest</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>tomcat-embed-core</td><td>High</td></tr><tr><td>Product</td><td>Manifest</td><td>bundle-symbolicname</td><td>TOMCAT_9_0_13</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>originally-created-by</td><td>1.8.0_181-b13 (Oracle Corporation)</td><td>Low</td></tr><tr><td>Product</td><td>central</td><td>artifactid</td><td>tomcat-embed-core</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>tstamp</td><td>1427</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>specification-title</td><td>Apache Tomcat</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>https://tomcat.apache.org/</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Bundle-Name</td><td>TOMCAT_9_0_13</td><td>Medium</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>Apache Tomcat</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>apache.tomcat.embed</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>today</td><td>November 2 2018</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>require-capability</td><td>osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=1.8))&quot;</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>filter</td><td>Highest</td></tr><tr><td>Version</td><td>central</td><td>version</td><td>9.0.13</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>9.0.13</td><td>Highest</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>9.0.13</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>9.0.13</td><td>High</td></tr></table></div><h4 id="header207" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content207" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: tomcat-embed-websocket-9.0.13.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib-provided/tomcat-embed-websocket-9.0.13.jar</li><li>MD5:&nbsp;782f5c69261cc7948744d7d1eb3c5b44</li><li>SHA1:&nbsp;91833d914b210ee93ad20b45e127e7d15268392d</li><li>SHA256:&nbsp;7bcf3670d07e79536e9b7e5804f66d18ea52dc904e931cf73c61bf66277b26a0</li>                                                <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@9.0.13" target="_blank">pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@9.0.13</a></li></ul></li></ul></div><h4 id="header208" class="subsectionheader white">Identifiers</h4><div id="content208" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.13" target="_blank">pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.13</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aapache&amp;cpe_product=cpe%3A%2F%3Aapache%3Atomcat&amp;cpe_version=cpe%3A%2F%3Aapache%3Atomcat%3A9.0.13" target="_blank">cpe:2.3:a:apache:tomcat:9.0.13:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('petclinic.war: tomcat-embed-core-9.0.13.jar', '20c90a060e1e497e0c1398f59c058279a8ae203d', 'pkg:maven\/org.apache.tomcat.embed\/tomcat-embed-core@9.0.13', 'cpe', 'cpe:\/a:apache:tomcat')">suppress</button></li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aapache_software_foundation&amp;cpe_product=cpe%3A%2F%3Aapache_software_foundation%3Atomcat&amp;cpe_version=cpe%3A%2F%3Aapache_software_foundation%3Atomcat%3A9.0.13" target="_blank">cpe:2.3:a:apache_software_foundation:tomcat:9.0.13:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('petclinic.war: tomcat-embed-core-9.0.13.jar', '20c90a060e1e497e0c1398f59c058279a8ae203d', 'pkg:maven\/org.apache.tomcat.embed\/tomcat-embed-core@9.0.13', 'cpe', 'cpe:\/a:apache_software_foundation:tomcat')">suppress</button></li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;results_type=overview&amp;search_type=all&amp;cpe_vendor=cpe%3A%2F%3Aapache_tomcat&amp;cpe_product=cpe%3A%2F%3Aapache_tomcat%3Aapache_tomcat&amp;cpe_version=cpe%3A%2F%3Aapache_tomcat%3Aapache_tomcat%3A9.0.13" target="_blank">cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.13:*:*:*:*:*:*:*</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" onclick="copyText('petclinic.war: tomcat-embed-core-9.0.13.jar', '20c90a060e1e497e0c1398f59c058279a8ae203d', 'pkg:maven\/org.apache.tomcat.embed\/tomcat-embed-core@9.0.13', 'cpe', 'cpe:\/a:apache_tomcat:apache_tomcat')">suppress</button></li></ul></div><h4 id="header209" class="subsectionheader expandable collaspablesubsection white">Published Vulnerabilities</h4><div id="content209" class="subsectioncontent standardsubsection"><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0199">CVE-2019-0199</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('petclinic.war: tomcat-embed-core-9.0.13.jar', '20c90a060e1e497e0c1398f59c058279a8ae203d', 'pkg:maven\/org.apache.tomcat.embed\/tomcat-embed-core@9.0.13', 'cve', 'CVE-2019-0199')">suppress</button></p><p><pre>The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.</pre>CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/107674">107674</a></li><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/Dec/43">20191229 [SECURITY] [DSA 4596-1] tomcat8 security update</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190419-0001/">https://security.netapp.com/advisory/ntap-20190419-0001/</a></li><li>CONFIRM - <a target="_blank" href="https://support.f5.com/csp/article/K17321505">https://support.f5.com/csp/article/K17321505</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4596">DSA-4596</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/">FEDORA-2019-1a3f878d27</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/">FEDORA-2019-d66febb5df</a></li><li>MISC - <a target="_blank" href="https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E">https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html">https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef@%3Cannounce.apache.org%3E">[announce] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9@%3Cannounce.apache.org%3E">[announce] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E">[tomcat-announce] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600@%3Cannounce.tomcat.apache.org%3E">[tomcat-announce] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20190620 svn commit: r1861711 - in /tomcat/site/trunk: docs/security-8.html docs/security-9.html xdocs/security-8.xml xdocs/security-9.xml</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067@%3Cusers.tomcat.apache.org%3E">[tomcat-users] 20190620 Re: [EXTERNAL] [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c@%3Cusers.tomcat.apache.org%3E">[tomcat-users] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6@%3Cusers.tomcat.apache.org%3E">[tomcat-users] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e@%3Ccommits.tomee.apache.org%3E">[tomee-commits] 20190528 [jira] [Closed] (TOMEE-2497) Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for CVE-2019-0199</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/d9370e1a-767d-4435-b255-8533ca890784">[CVE-2019-0199]  Uncontrolled Resource Consumption (&quot;Resource Exhaustion&quot;)</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3929">RHSA-2019:3929</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3931">RHSA-2019:3931</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html">openSUSE-SU-2019:1673</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html">openSUSE-SU-2019:1723</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html">openSUSE-SU-2019:1808</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs39', 'show all', 'show less');">show all</a>)<ul><li class="vs39"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.1; versions up to (including) 9.0.14</a></li><li class="vs39">...</li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (including) 8.5.37</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.1; versions up to (including) 9.0.14</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am1">cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am10">cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am11">cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am12">cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am13">cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am14">cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am15">cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am16">cpe:2.3:a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am17">cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am18">cpe:2.3:a:apache:tomcat:9.0.0:m18:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am19">cpe:2.3:a:apache:tomcat:9.0.0:m19:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am2">cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am20">cpe:2.3:a:apache:tomcat:9.0.0:m20:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am21">cpe:2.3:a:apache:tomcat:9.0.0:m21:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am3">cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am4">cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am5">cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am6">cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am7">cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am8">cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*</a></li><li class="vs39 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am9">cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0221">CVE-2019-0221</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('petclinic.war: tomcat-embed-core-9.0.13.jar', '20c90a060e1e497e0c1398f59c058279a8ae203d', 'pkg:maven\/org.apache.tomcat.embed\/tomcat-embed-core@9.0.13', 'cve', 'CVE-2019-0221')">suppress</button></p><p><pre>The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.</pre>CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (6.1)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/108545">108545</a></li><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/Dec/43">20191229 [SECURITY] [DSA 4596-1] tomcat8 security update</a></li><li>CONFIRM - <a target="_blank" href="https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E">https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190606-0001/">https://security.netapp.com/advisory/ntap-20190606-0001/</a></li><li>CONFIRM - <a target="_blank" href="https://support.f5.com/csp/article/K13184144?utm_source=f5support&amp;amp;utm_medium=RSS">https://support.f5.com/csp/article/K13184144?utm_source=f5support&amp;amp;utm_medium=RSS</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4596">DSA-4596</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/">FEDORA-2019-1a3f878d27</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/">FEDORA-2019-d66febb5df</a></li><li>FULLDISC - <a target="_blank" href="http://seclists.org/fulldisclosure/2019/May/50">20190529 XSS in SSI printenv command - Apache Tomcat - CVE-2019-0221</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/202003-43">GLSA-202003-43</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MISC - <a target="_blank" href="https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/">https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E">[announce] 20200131 Apache Software Foundation Security Report: 2019</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html">[debian-lts-announce] 20190530 [SECURITY] [DLA 1810-1] tomcat7 security update</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html">[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/45adc64a-392d-4d7f-8723-9997e4787496">[CVE-2019-0221]  Improper Neutralization of Input During Web Page Generation (&quot;Cross-site Scripting&quot;)</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3929">RHSA-2019:3929</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3931">RHSA-2019:3931</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html">openSUSE-SU-2019:1673</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html">openSUSE-SU-2019:1808</a></li><li>UBUNTU - <a target="_blank" href="https://usn.ubuntu.com/4128-1/">USN-4128-1</a></li><li>UBUNTU - <a target="_blank" href="https://usn.ubuntu.com/4128-2/">USN-4128-2</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs40', 'show all', 'show less');">show all</a>)<ul><li class="vs40"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.1; versions up to (including) 9.0.17</a></li><li class="vs40">...</li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 7.0.0; versions up to (including) 7.0.93</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (including) 8.5.39</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.1; versions up to (including) 9.0.17</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am1">cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am10">cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am11">cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am12">cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am13">cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am14">cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am15">cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am16">cpe:2.3:a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am17">cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am18">cpe:2.3:a:apache:tomcat:9.0.0:m18:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am19">cpe:2.3:a:apache:tomcat:9.0.0:m19:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am2">cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am20">cpe:2.3:a:apache:tomcat:9.0.0:m20:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am21">cpe:2.3:a:apache:tomcat:9.0.0:m21:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am22">cpe:2.3:a:apache:tomcat:9.0.0:m22:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am23">cpe:2.3:a:apache:tomcat:9.0.0:m23:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am24">cpe:2.3:a:apache:tomcat:9.0.0:m24:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am25">cpe:2.3:a:apache:tomcat:9.0.0:m25:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am26">cpe:2.3:a:apache:tomcat:9.0.0:m26:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am27">cpe:2.3:a:apache:tomcat:9.0.0:m27:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am3">cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am4">cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am5">cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am6">cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am7">cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am8">cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*</a></li><li class="vs40 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am9">cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0232">CVE-2019-0232</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('petclinic.war: tomcat-embed-core-9.0.13.jar', '20c90a060e1e497e0c1398f59c058279a8ae203d', 'pkg:maven\/org.apache.tomcat.embed\/tomcat-embed-core@9.0.13', 'cve', 'CVE-2019-0232')">suppress</button></p><p><pre>When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (9.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C</li></ul>CVSSv3:<ul><li>Base Score: HIGH (8.1)</li><li>Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/107906">107906</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190419-0001/">https://security.netapp.com/advisory/ntap-20190419-0001/</a></li><li>CONFIRM - <a target="_blank" href="https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784">https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784</a></li><li>CONFIRM - <a target="_blank" href="https://www.synology.com/security/advisory/Synology_SA_19_17">https://www.synology.com/security/advisory/Synology_SA_19_17</a></li><li>FULLDISC - <a target="_blank" href="http://seclists.org/fulldisclosure/2019/May/4">20190504 RCE in CGI Servlet - Apache Tomcat on Windows - CVE-2019-0232</a></li><li>MISC - <a target="_blank" href="http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html">http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html</a></li><li>MISC - <a target="_blank" href="https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/">https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/</a></li><li>MISC - <a target="_blank" href="https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html">https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html</a></li><li>MISC - <a target="_blank" href="https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/">https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html">https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MISC - <a target="_blank" href="https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/">https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E">[announce] 20200131 Apache Software Foundation Security Report: 2019</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/a6c87a09a71162fd563ab1c4e70a08a103e0b7c199fc391f1c9c4c35@%3Ccommits.ofbiz.apache.org%3E">[ofbiz-commits] 20190415 svn commit: r1857586 - in /ofbiz: ofbiz-framework/trunk/build.gradle ofbiz-plugins/trunk/example/build.gradle</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/673b6148d92cd7bc99ea2dcf85ad75d57da44fc322d51f37fb529a2a@%3Ccommits.ofbiz.apache.org%3E">[ofbiz-commits] 20190415 svn commit: r1857587 - in /ofbiz: ofbiz-framework/branches/release18.12/build.gradle ofbiz-plugins/branches/release18.12/example/build.gradle</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac@%3Ccommits.ofbiz.apache.org%3E">[ofbiz-commits] 20190415 svn commit: r1857588 - in /ofbiz: ofbiz-framework/branches/release17.12/build.gradle ofbiz-plugins/branches/release17.12/example/build.gradle</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/96849486813a95dfd542e1618b7923ca945508aaf4a4341f674d83e3@%3Cnotifications.ofbiz.apache.org%3E">[ofbiz-notifications] 20190415 [jira] [Closed] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/dd4b325cdb261183dbf5ce913c102920a8f09c26dae666a98309165b@%3Cnotifications.ofbiz.apache.org%3E">[ofbiz-notifications] 20190415 [jira] [Commented] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f4d48b32ef2b6aa49c8830241a9475da5b46e451f964b291c7a0a715@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20190421 svn commit: r1857901 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767@%3Cannounce.tomcat.apache.org%3E">[tomcat-users] 20190410 [SECURITY] CVE-2019-0232 Apache Tomcat Remote Code Execution on Windows</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/47df3ef7-7bd3-4ef0-8d09-93e7b60eca74">[CVE-2019-0232]  Improper Input Validation</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:1712">RHSA-2019:1712</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs41', 'show all', 'show less');">show all</a>)<ul><li class="vs41"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.1; versions up to (including) 9.0.17</a></li><li class="vs41">...</li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 7.0.0; versions up to (including) 7.0.93</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (including) 8.5.39</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.1; versions up to (including) 9.0.17</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am1">cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am10">cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am11">cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am12">cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am13">cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am14">cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am15">cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am16">cpe:2.3:a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am17">cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am18">cpe:2.3:a:apache:tomcat:9.0.0:m18:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am19">cpe:2.3:a:apache:tomcat:9.0.0:m19:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am2">cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am20">cpe:2.3:a:apache:tomcat:9.0.0:m20:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am21">cpe:2.3:a:apache:tomcat:9.0.0:m21:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am22">cpe:2.3:a:apache:tomcat:9.0.0:m22:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am23">cpe:2.3:a:apache:tomcat:9.0.0:m23:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am24">cpe:2.3:a:apache:tomcat:9.0.0:m24:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am25">cpe:2.3:a:apache:tomcat:9.0.0:m25:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am26">cpe:2.3:a:apache:tomcat:9.0.0:m26:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am3">cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am4">cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am5">cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am6">cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am7">cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am8">cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*</a></li><li class="vs41 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am9">cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10072">CVE-2019-10072</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('petclinic.war: tomcat-embed-core-9.0.13.jar', '20c90a060e1e497e0c1398f59c058279a8ae203d', 'pkg:maven\/org.apache.tomcat.embed\/tomcat-embed-core@9.0.13', 'cve', 'CVE-2019-10072')">suppress</button></p><p><pre>The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.</pre>CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/108874">108874</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190625-0002/">https://security.netapp.com/advisory/ntap-20190625-0002/</a></li><li>CONFIRM - <a target="_blank" href="https://support.f5.com/csp/article/K17321505">https://support.f5.com/csp/article/K17321505</a></li><li>CONFIRM - <a target="_blank" href="https://www.synology.com/security/advisory/Synology_SA_19_29">https://www.synology.com/security/advisory/Synology_SA_19_29</a></li><li>MISC - <a target="_blank" href="https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E">https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/</a></li><li>OSSINDEX - <a target="_blank" href="https://ossindex.sonatype.org/vuln/ef59a08e-1b98-4380-b189-26c15890c63e">[CVE-2019-10072]  Uncontrolled Resource Consumption (&quot;Resource Exhaustion&quot;)</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3929">RHSA-2019:3929</a></li><li>REDHAT - <a target="_blank" href="https://access.redhat.com/errata/RHSA-2019:3931">RHSA-2019:3931</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html">openSUSE-SU-2020:0038</a></li><li>UBUNTU - <a target="_blank" href="https://usn.ubuntu.com/4128-1/">USN-4128-1</a></li><li>UBUNTU - <a target="_blank" href="https://usn.ubuntu.com/4128-2/">USN-4128-2</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs42', 'show all', 'show less');">show all</a>)<ul><li class="vs42"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.1; versions up to (including) 9.0.19</a></li><li class="vs42">...</li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (including) 8.5.40</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.1; versions up to (including) 9.0.19</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am1">cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am10">cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am11">cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am12">cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am13">cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am14">cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am15">cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am16">cpe:2.3:a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am17">cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am18">cpe:2.3:a:apache:tomcat:9.0.0:m18:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am19">cpe:2.3:a:apache:tomcat:9.0.0:m19:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am2">cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am20">cpe:2.3:a:apache:tomcat:9.0.0:m20:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am21">cpe:2.3:a:apache:tomcat:9.0.0:m21:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am22">cpe:2.3:a:apache:tomcat:9.0.0:m22:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am23">cpe:2.3:a:apache:tomcat:9.0.0:m23:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am24">cpe:2.3:a:apache:tomcat:9.0.0:m24:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am25">cpe:2.3:a:apache:tomcat:9.0.0:m25:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am26">cpe:2.3:a:apache:tomcat:9.0.0:m26:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am27">cpe:2.3:a:apache:tomcat:9.0.0:m27:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am3">cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am4">cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am5">cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am6">cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am7">cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am8">cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*</a></li><li class="vs42 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Am9">cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12418">CVE-2019-12418</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('petclinic.war: tomcat-embed-core-9.0.13.jar', '20c90a060e1e497e0c1398f59c058279a8ae203d', 'pkg:maven\/org.apache.tomcat.embed\/tomcat-embed-core@9.0.13', 'cve', 'CVE-2019-12418')">suppress</button></p><p><pre>When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.</pre>CWE-522 Insufficiently Protected Credentials<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.4)</li><li>Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.0)</li><li>Vector: /AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/Dec/43">20191229 [SECURITY] [DSA 4596-1] tomcat8 security update</a></li><li>CONFIRM - <a target="_blank" href="https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E">https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20200107-0001/">https://security.netapp.com/advisory/ntap-20200107-0001/</a></li><li>CONFIRM - <a target="_blank" href="https://support.f5.com/csp/article/K10107360?utm_source=f5support&amp;amp;utm_medium=RSS">https://support.f5.com/csp/article/K10107360?utm_source=f5support&amp;amp;utm_medium=RSS</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4596">DSA-4596</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/202003-43">GLSA-202003-43</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html">[debian-lts-announce] 20200127 [SECURITY] [DLA 2077-1] tomcat7 security update</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html">[debian-lts-announce] 20200324 [SECURITY] [DLA 2155-1] tomcat8 security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html">openSUSE-SU-2020:0038</a></li><li>UBUNTU - <a target="_blank" href="https://usn.ubuntu.com/4251-1/">USN-4251-1</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs43', 'show all', 'show less');">show all</a>)<ul><li class="vs43"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.0; versions up to (including) 9.0.28</a></li><li class="vs43">...</li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 7.0.0; versions up to (including) 7.0.97</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (including) 8.5.47</a></li><li class="vs43 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.0; versions up to (including) 9.0.28</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17563">CVE-2019-17563</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('petclinic.war: tomcat-embed-core-9.0.13.jar', '20c90a060e1e497e0c1398f59c058279a8ae203d', 'pkg:maven\/org.apache.tomcat.embed\/tomcat-embed-core@9.0.13', 'cve', 'CVE-2019-17563')">suppress</button></p><p><pre>When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.</pre>CWE-384 Session Fixation<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.1)</li><li>Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>BUGTRAQ - <a target="_blank" href="https://seclists.org/bugtraq/2019/Dec/43">20191229 [SECURITY] [DSA 4596-1] tomcat8 security update</a></li><li>CONFIRM - <a target="_blank" href="https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E">https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20200107-0001/">https://security.netapp.com/advisory/ntap-20200107-0001/</a></li><li>DEBIAN - <a target="_blank" href="https://www.debian.org/security/2019/dsa-4596">DSA-4596</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/202003-43">GLSA-202003-43</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html">[debian-lts-announce] 20200127 [SECURITY] [DLA 2077-1] tomcat7 security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html">openSUSE-SU-2020:0038</a></li><li>UBUNTU - <a target="_blank" href="https://usn.ubuntu.com/4251-1/">USN-4251-1</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs44', 'show all', 'show less');">show all</a>)<ul><li class="vs44"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.0; versions up to (including) 9.0.29</a></li><li class="vs44">...</li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 7.0.0; versions up to (including) 7.0.98</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (including) 8.5.49</a></li><li class="vs44 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.0; versions up to (including) 9.0.29</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1935">CVE-2020-1935</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('petclinic.war: tomcat-embed-core-9.0.13.jar', '20c90a060e1e497e0c1398f59c058279a8ae203d', 'pkg:maven\/org.apache.tomcat.embed\/tomcat-embed-core@9.0.13', 'cve', 'CVE-2020-1935')">suppress</button></p><p><pre>In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.</pre>CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (5.8)</li><li>Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (4.8)</li><li>Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N</li></ul><br/>References:<ul><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html">[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E">[tomcat-announce] 20200224 [SECURITY] CVE-2020-1935 HTTP Request Smuggling</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E">[tomee-commits] 20200320 [jira] [Created] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 &amp; CVE-2019-17569 vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E">[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 &amp; CVE-2019-17569 vulnerabilities</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html">openSUSE-SU-2020:0345</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs45', 'show all', 'show less');">show all</a>)<ul><li class="vs45"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.0; versions up to (including) 9.0.30</a></li><li class="vs45">...</li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 7.0.0; versions up to (including) 7.0.99</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (including) 8.5.50</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.0; versions up to (including) 9.0.30</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3A-">cpe:2.3:a:apache:tomcat:9.0.0:-:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone1">cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone10">cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone11">cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone12">cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone13">cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone14">cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone15">cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone16">cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone17">cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone18">cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone19">cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone2">cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone20">cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone21">cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone22">cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone23">cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone24">cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone25">cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone26">cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone27">cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone3">cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone4">cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone5">cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone6">cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone7">cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone8">cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*</a></li><li class="vs45 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat%3A9.0.0%3Amilestone9">cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*</a></li></ul></p><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1938">CVE-2020-1938</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('petclinic.war: tomcat-embed-core-9.0.13.jar', '20c90a060e1e497e0c1398f59c058279a8ae203d', 'pkg:maven\/org.apache.tomcat.embed\/tomcat-embed-core@9.0.13', 'cve', 'CVE-2020-1938')">suppress</button></p><p><pre>When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.</pre>CWE-20 Improper Input Validation<br/><br/>CVSSv2:<ul><li>Base Score: HIGH (7.5)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P</li></ul>CVSSv3:<ul><li>Base Score: CRITICAL (9.8)</li><li>Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</li></ul><br/>References:<ul><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20200226-0002/">https://security.netapp.com/advisory/ntap-20200226-0002/</a></li><li>GENTOO - <a target="_blank" href="https://security.gentoo.org/glsa/202003-43">GLSA-202003-43</a></li><li>MLIST - <a target="_blank" href="https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html">[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca@%3Cbugs.httpd.apache.org%3E">[httpd-bugs] 20200319 [Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7@%3Ccommits.ofbiz.apache.org%3E">[ofbiz-commits] 20200227 [ofbiz-plugins] branch release17.12 updated: Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938) (OFBIZ-11407)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db@%3Cnotifications.ofbiz.apache.org%3E">[ofbiz-notifications] 20200225 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E">[ofbiz-notifications] 20200225 [jira] [Updated] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794@%3Cnotifications.ofbiz.apache.org%3E">[ofbiz-notifications] 20200227 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522@%3Cnotifications.ofbiz.apache.org%3E">[ofbiz-notifications] 20200228 [jira] [Comment Edited] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425@%3Cnotifications.ofbiz.apache.org%3E">[ofbiz-notifications] 20200228 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E">[tomcat-announce] 20200224 [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200304 Re: Tagging 10.0.x, 9.0.x, 8.5.x</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6@%3Cdev.tomcat.apache.org%3E">[tomcat-dev] 20200309 [Bug 64206] Answer file not being used</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9@%3Cusers.tomcat.apache.org%3E">[tomcat-users] 20200301 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e@%3Cusers.tomcat.apache.org%3E">[tomcat-users] 20200302 AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1@%3Cusers.tomcat.apache.org%3E">[tomcat-users] 20200302 Re: AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b@%3Cusers.tomcat.apache.org%3E">[tomcat-users] 20200302 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864@%3Cusers.tomcat.apache.org%3E">[tomcat-users] 20200304 Re: Fix for CVE-2020-1938</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2@%3Cusers.tomcat.apache.org%3E">[tomcat-users] 20200305 Aw: Re: Fix for CVE-2020-1938</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b@%3Cusers.tomcat.apache.org%3E">[tomcat-users] 20200305 Re: Aw: Re: Fix for CVE-2020-1938</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c@%3Cusers.tomcat.apache.org%3E">[tomcat-users] 20200309 Re: Apache Tomcat AJP File Inclusion Vulnerability (unauthenticated check)</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f@%3Cusers.tomcat.apache.org%3E">[tomcat-users] 20200310 Aw: Re: Re: Fix for CVE-2020-1938</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f@%3Cusers.tomcat.apache.org%3E">[tomcat-users] 20200310 Re: Re: Re: Fix for CVE-2020-1938</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3@%3Ccommits.tomee.apache.org%3E">[tomee-commits] 20200320 [jira] [Created] (TOMEE-2789) TomEE plus is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194@%3Ccommits.tomee.apache.org%3E">[tomee-commits] 20200320 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb@%3Ccommits.tomee.apache.org%3E">[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20200311 CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20200311 Re: CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E">[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1</a></li><li>SUSE - <a target="_blank" href="http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html">openSUSE-SU-2020:0345</a></li></ul></p><p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs46', 'show all', 'show less');">show all</a>)<ul><li class="vs46"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.0; versions up to (including) 9.0.30</a></li><li class="vs46">...</li><li class="vs46 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 7.0.0; versions up to (including) 7.0.99</a></li><li class="vs46 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (including) 8.5.50</a></li><li class="vs46 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Atomcat">cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.0; versions up to (including) 9.0.30</a></li></ul></p></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l70_3a738b513c9a2491d82d5522a20b497c574cd949"></a>ehcache-3.6.2.jar: sizeof-agent.jar</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/ehcache-3.6.2.jar/org/ehcache/sizeof/impl/sizeof-agent.jar<br/><b>MD5:</b>&nbsp;035c34dc10dc867209b997e2e1e36a99<br/><b>SHA1:</b>&nbsp;3a738b513c9a2491d82d5522a20b497c574cd949<br/><b>SHA256:</b>2fcea1e144d53f7501ebeb8dd83ed500c2f31095183bf8971c244f1e5a7420b2</p><h4 id="header210" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content210" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>ehcache</td><td>Low</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>impl</td><td>Low</td></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>sizeof-agent</td><td>High</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>sizeof</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>sizeofagent</td><td>Low</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>impl</td><td>Low</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>sizeof-agent</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>sizeof</td><td>Low</td></tr></table></div><h4 id="header211" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content211" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: ehcache-3.6.2.jar: sizeof-agent.jar<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/ehcache-3.6.2.jar/org/ehcache/sizeof/impl/sizeof-agent.jar</li><li>MD5:&nbsp;035c34dc10dc867209b997e2e1e36a99</li><li>SHA1:&nbsp;3a738b513c9a2491d82d5522a20b497c574cd949</li><li>SHA256:&nbsp;2fcea1e144d53f7501ebeb8dd83ed500c2f31095183bf8971c244f1e5a7420b2</li></ul></li></ul></div><h4 id="header212" class="subsectionheader white">Identifiers</h4><div id="content212" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l71_d18dc733350ad3549af2df096599e824c10f777e"></a>jquery-2.2.4.jar: webjars-requirejs.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jquery-2.2.4.jar/META-INF/resources/webjars/jquery/2.2.4/webjars-requirejs.js<br/><b>MD5:</b>&nbsp;30e1a7f167b667001f50e32ea87bf7b5<br/><b>SHA1:</b>&nbsp;d18dc733350ad3549af2df096599e824c10f777e<br/><b>SHA256:</b>daca7b23bc4d8302a8961373b92b78d36d5c85d730fc14130e29d55d976aa420</p><h4 id="header213" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content213" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header214" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content214" class="subsectioncontent standardsubsection hidden"><ul><li>petclinic.war: jquery-2.2.4.jar: webjars-requirejs.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jquery-2.2.4.jar/META-INF/resources/webjars/jquery/2.2.4/webjars-requirejs.js</li><li>MD5:&nbsp;30e1a7f167b667001f50e32ea87bf7b5</li><li>SHA1:&nbsp;d18dc733350ad3549af2df096599e824c10f777e</li><li>SHA256:&nbsp;daca7b23bc4d8302a8961373b92b78d36d5c85d730fc14130e29d55d976aa420</li></ul></li></ul></div><h4 id="header215" class="subsectionheader white">Identifiers</h4><div id="content215" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection"><a name="l72_7f650ee30c6a4d3eea04032039b20ff72997559b"></a>petclinic.war: jquery-ui-1.11.4.jar: jquery-ui.min.js</h3><div class="subsectioncontent"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jquery-ui-1.11.4.jar/META-INF/resources/webjars/jquery-ui/1.11.4/jquery-ui.min.js<br/><b>MD5:</b>&nbsp;d935d506ae9c8dd9e0f96706fbb91f65<br/><b>SHA1:</b>&nbsp;7f650ee30c6a4d3eea04032039b20ff72997559b<br/><b>SHA256:</b>c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c</p><h4 id="header216" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content216" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jquery-ui-dialog</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jquery-ui-dialog</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.11.4</td><td>High</td></tr></table></div><h4 id="header217" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content217" class="subsectioncontent standardsubsection hidden"><ul><li>jquery-ui-1.11.4.jar: jquery-ui.min.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jquery-ui-1.11.4.jar/META-INF/resources/webjars/jquery-ui/1.11.4/jquery-ui.min.js</li><li>MD5:&nbsp;d935d506ae9c8dd9e0f96706fbb91f65</li><li>SHA1:&nbsp;7f650ee30c6a4d3eea04032039b20ff72997559b</li><li>SHA256:&nbsp;c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c</li></ul></li></ul></div><h4 id="header218" class="subsectionheader white">Identifiers</h4><div id="content218" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:javascript/jquery-ui-dialog@1.11.4" target="_blank">pkg:javascript/jquery-ui-dialog@1.11.4</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)</li></ul></div><h4 id="header219" class="subsectionheader expandable collaspablesubsection white">Published Vulnerabilities</h4><div id="content219" class="subsectioncontent standardsubsection"><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7103">CVE-2016-7103</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('petclinic.war: jquery-ui-1.11.4.jar: jquery-ui.min.js', '7f650ee30c6a4d3eea04032039b20ff72997559b', 'pkg:javascript\/jquery-ui-dialog@1.11.4', 'cve', 'CVE-2016-7103')">suppress</button></p><p><pre>Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.</pre>CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (6.1)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/104823">104823</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html">http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/jquery/api.jqueryui.com/issues/281">https://github.com/jquery/api.jqueryui.com/issues/281</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6">https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6</a></li><li>CONFIRM - <a target="_blank" href="https://jqueryui.com/changelog/1.12.0/">https://jqueryui.com/changelog/1.12.0/</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190416-0007/">https://security.netapp.com/advisory/ntap-20190416-0007/</a></li><li>CONFIRM - <a target="_blank" href="https://www.tenable.com/security/tns-2016-19">https://www.tenable.com/security/tns-2016-19</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/">FEDORA-2019-a96124345a</a></li><li>MISC - <a target="_blank" href="https://nodesecurity.io/advisories/127">https://nodesecurity.io/advisories/127</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html">https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html">https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E">[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E">[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2932.html">RHSA-2016:2932</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2933.html">RHSA-2016:2933</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2017-0161.html">RHSA-2017:0161</a></li><li>info - <a target="_blank" href="https://github.com/jquery/api.jqueryui.com/issues/281">https://github.com/jquery/api.jqueryui.com/issues/281</a></li><li>info - <a target="_blank" href="https://nvd.nist.gov/vuln/detail/CVE-2016-7103">https://nvd.nist.gov/vuln/detail/CVE-2016-7103</a></li><li>info - <a target="_blank" href="https://snyk.io/vuln/npm:jquery-ui:20160721">https://snyk.io/vuln/npm:jquery-ui:20160721</a></li></ul></p><p>Vulnerable Software &amp; Versions (NVD):<ul><li class="vs47">cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:* versions up to (excluding) 1.12.0</li></ul></p></div></div><h3 class="subsectionheader standardsubsection"><a name="l73_3efaf11e60ea8c541b6dc26f0ef09f195732587a"></a>petclinic.war: jquery-ui-1.11.4.jar: jquery-ui.js</h3><div class="subsectioncontent"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jquery-ui-1.11.4.jar/META-INF/resources/webjars/jquery-ui/1.11.4/jquery-ui.js<br/><b>MD5:</b>&nbsp;04a4db2983450a2970c459ba87b4210a<br/><b>SHA1:</b>&nbsp;3efaf11e60ea8c541b6dc26f0ef09f195732587a<br/><b>SHA256:</b>0c8e8d7408611519ceda4e759ae9987834a17addc8f0028241ffed7fb0113612</p><h4 id="header220" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content220" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>jquery-ui-dialog</td><td>High</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>jquery-ui-dialog</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.11.4</td><td>High</td></tr></table></div><h4 id="header221" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content221" class="subsectioncontent standardsubsection hidden"><ul><li>jquery-ui-1.11.4.jar: jquery-ui.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jquery-ui-1.11.4.jar/META-INF/resources/webjars/jquery-ui/1.11.4/jquery-ui.js</li><li>MD5:&nbsp;04a4db2983450a2970c459ba87b4210a</li><li>SHA1:&nbsp;3efaf11e60ea8c541b6dc26f0ef09f195732587a</li><li>SHA256:&nbsp;0c8e8d7408611519ceda4e759ae9987834a17addc8f0028241ffed7fb0113612</li></ul></li></ul></div><h4 id="header222" class="subsectionheader white">Identifiers</h4><div id="content222" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:javascript/jquery-ui-dialog@1.11.4" target="_blank">pkg:javascript/jquery-ui-dialog@1.11.4</a>&nbsp;&nbsp;(<i>Confidence</i>:Highest)</li></ul></div><h4 id="header223" class="subsectionheader expandable collaspablesubsection white">Published Vulnerabilities</h4><div id="content223" class="subsectioncontent standardsubsection"><p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7103">CVE-2016-7103</a></b>&nbsp;&nbsp;<button class="copybutton" title="Generate Suppression XML for this CCE for this file" onclick="copyText('petclinic.war: jquery-ui-1.11.4.jar: jquery-ui.js', '3efaf11e60ea8c541b6dc26f0ef09f195732587a', 'pkg:javascript\/jquery-ui-dialog@1.11.4', 'cve', 'CVE-2016-7103')">suppress</button></p><p><pre>Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.</pre>CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')<br/><br/>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N</li></ul>CVSSv3:<ul><li>Base Score: MEDIUM (6.1)</li><li>Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</li></ul><br/>References:<ul><li>BID - <a target="_blank" href="http://www.securityfocus.com/bid/104823">104823</a></li><li>CONFIRM - <a target="_blank" href="http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html">http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/jquery/api.jqueryui.com/issues/281">https://github.com/jquery/api.jqueryui.com/issues/281</a></li><li>CONFIRM - <a target="_blank" href="https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6">https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6</a></li><li>CONFIRM - <a target="_blank" href="https://jqueryui.com/changelog/1.12.0/">https://jqueryui.com/changelog/1.12.0/</a></li><li>CONFIRM - <a target="_blank" href="https://security.netapp.com/advisory/ntap-20190416-0007/">https://security.netapp.com/advisory/ntap-20190416-0007/</a></li><li>CONFIRM - <a target="_blank" href="https://www.tenable.com/security/tns-2016-19">https://www.tenable.com/security/tns-2016-19</a></li><li>FEDORA - <a target="_blank" href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/">FEDORA-2019-a96124345a</a></li><li>MISC - <a target="_blank" href="https://nodesecurity.io/advisories/127">https://nodesecurity.io/advisories/127</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html">https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html">https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html</a></li><li>MISC - <a target="_blank" href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html">https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E">[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E">[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E">[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E">[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1</a></li><li>MLIST - <a target="_blank" href="https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E">[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2932.html">RHSA-2016:2932</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2016-2933.html">RHSA-2016:2933</a></li><li>REDHAT - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2017-0161.html">RHSA-2017:0161</a></li><li>info - <a target="_blank" href="https://github.com/jquery/api.jqueryui.com/issues/281">https://github.com/jquery/api.jqueryui.com/issues/281</a></li><li>info - <a target="_blank" href="https://nvd.nist.gov/vuln/detail/CVE-2016-7103">https://nvd.nist.gov/vuln/detail/CVE-2016-7103</a></li><li>info - <a target="_blank" href="https://snyk.io/vuln/npm:jquery-ui:20160721">https://snyk.io/vuln/npm:jquery-ui:20160721</a></li></ul></p><p>Vulnerable Software &amp; Versions (NVD):<ul><li class="vs48">cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:* versions up to (excluding) 1.12.0</li></ul></p></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l74_03056311ea772e4b7b09a70f108cb2733ae13766"></a>petclinic.war: jquery-ui-1.11.4.jar: webjars-requirejs.js</h3><div class="subsectioncontent notvulnerable"><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/WEB-INF/lib/jquery-ui-1.11.4.jar/META-INF/resources/webjars/jquery-ui/1.11.4/webjars-requirejs.js<br/><b>MD5:</b>&nbsp;2b45f24ce91f8c0d5c764e705b1eed88<br/><b>SHA1:</b>&nbsp;03056311ea772e4b7b09a70f108cb2733ae13766<br/><b>SHA256:</b>a0f18ed7e4b55b53dcf2752e99573c9f7363fd4ba7d98f14a65c36cf34fe1ec3</p><h4 id="header224" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content224" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr></table></div><h4 id="header225" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4><div id="content225" class="subsectioncontent standardsubsection hidden"><ul><li>jquery-ui-1.11.4.jar: webjars-requirejs.js<ul><li>File Path:&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/jquery-ui-1.11.4.jar/META-INF/resources/webjars/jquery-ui/1.11.4/webjars-requirejs.js</li><li>MD5:&nbsp;2b45f24ce91f8c0d5c764e705b1eed88</li><li>SHA1:&nbsp;03056311ea772e4b7b09a70f108cb2733ae13766</li><li>SHA256:&nbsp;a0f18ed7e4b55b53dcf2752e99573c9f7363fd4ba7d98f14a65c36cf34fe1ec3</li></ul></li></ul></div><h4 id="header226" class="subsectionheader white">Identifiers</h4><div id="content226" class="subsectioncontent standardsubsection"><ul><li><b>None</b></li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l75_996d3b4a71cee5cb1f65dd54a4b51c7eb98ceb10"></a>petclinic.war (shaded: org.springframework.samples:spring-petclinic:2.1.0.BUILD-SNAPSHOT)</h3><div class="subsectioncontent notvulnerable"><p><b>License:</b><pre class="indent">Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic.war/META-INF/maven/org.springframework.samples/spring-petclinic/pom.xml<br/><b>MD5:</b>&nbsp;96707eadeb4e9bef93af4ccc1b776cf8<br/><b>SHA1:</b>&nbsp;996d3b4a71cee5cb1f65dd54a4b51c7eb98ceb10<br/><b>SHA256:</b>efb7ec3a57b9f8e443760f0cce9b6dbb25136bd87bfa210b93f29efbb3442b5a</p><h4 id="header227" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content227" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>spring-petclinic</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>springframework.samples</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>petclinic</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>springframework.samples</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>spring-petclinic</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>petclinic</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.1.0.BUILD-SNAPSHOT</td><td>Highest</td></tr></table></div><h4 id="header228" class="subsectionheader white">Identifiers</h4><div id="content228" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.samples/spring-petclinic@2.1.0.BUILD-SNAPSHOT" target="_blank">pkg:maven/org.springframework.samples/spring-petclinic@2.1.0.BUILD-SNAPSHOT</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l76_579fb15b4b599be1a071a5a23dff8612a371b232"></a>ehcache-3.6.2.jar (shaded: org.ehcache.modules:ehcache-107:3.6.2)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>The JSR-107 compatibility module of Ehcache 3</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/ehcache-3.6.2.jar/META-INF/maven/org.ehcache.modules/ehcache-107/pom.xml<br/><b>MD5:</b>&nbsp;15a04a5fd4332453d50e48add34d9c87<br/><b>SHA1:</b>&nbsp;579fb15b4b599be1a071a5a23dff8612a371b232<br/><b>SHA256:</b>eae27142f3e7567fc1ddd81fa27b8556148cea5fa18ffde3c17a5bf9f0ac1e59</p><h4 id="header229" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content229" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://terracotta.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>ehcache.modules</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Ehcache 3 JSR-107 module</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>ehcache-107</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://ehcache.org</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>ehcache.modules</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Ehcache 3 JSR-107 module</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://terracotta.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>ehcache-107</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://ehcache.org</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.6.2</td><td>Highest</td></tr></table></div><h4 id="header230" class="subsectionheader white">Identifiers</h4><div id="content230" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.ehcache.modules/ehcache-107@3.6.2" target="_blank">pkg:maven/org.ehcache.modules/ehcache-107@3.6.2</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l77_6c18de71efb3b05a517ac6ed06acaaa6c971b972"></a>ehcache-3.6.2.jar (shaded: org.ehcache.modules:ehcache-api:3.6.2)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>The API module of Ehcache 3</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/ehcache-3.6.2.jar/META-INF/maven/org.ehcache.modules/ehcache-api/pom.xml<br/><b>MD5:</b>&nbsp;80c3ba086fc0b37a862ca50445531200<br/><b>SHA1:</b>&nbsp;6c18de71efb3b05a517ac6ed06acaaa6c971b972<br/><b>SHA256:</b>938ca9eec6f79ebe837566e2ebd6e2d6f54e217e09004282f423494b3dc1e12b</p><h4 id="header231" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content231" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://terracotta.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>ehcache.modules</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>ehcache-api</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Ehcache 3 API module</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://ehcache.org</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>ehcache-api</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>ehcache.modules</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://terracotta.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Ehcache 3 API module</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://ehcache.org</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.6.2</td><td>Highest</td></tr></table></div><h4 id="header232" class="subsectionheader white">Identifiers</h4><div id="content232" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.ehcache.modules/ehcache-api@3.6.2" target="_blank">pkg:maven/org.ehcache.modules/ehcache-api@3.6.2</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l78_e2486b29b3612da56f1ff7a0f9f7717e41876492"></a>ehcache-3.6.2.jar (shaded: org.ehcache.modules:ehcache-core:3.6.2)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>The Core module of Ehcache 3</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/ehcache-3.6.2.jar/META-INF/maven/org.ehcache.modules/ehcache-core/pom.xml<br/><b>MD5:</b>&nbsp;c0af8f4bda4de4ede8de20a59319dcc0<br/><b>SHA1:</b>&nbsp;e2486b29b3612da56f1ff7a0f9f7717e41876492<br/><b>SHA256:</b>624884eb99fc6bbf2a82358ad96c3673f45c13d1765e750256206b6fa4d373e1</p><h4 id="header233" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content233" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://terracotta.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>ehcache-core</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>ehcache.modules</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Ehcache 3 Core module</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://ehcache.org</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>ehcache.modules</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Ehcache 3 Core module</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://terracotta.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>ehcache-core</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://ehcache.org</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.6.2</td><td>Highest</td></tr></table></div><h4 id="header234" class="subsectionheader white">Identifiers</h4><div id="content234" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.ehcache.modules/ehcache-core@3.6.2" target="_blank">pkg:maven/org.ehcache.modules/ehcache-core@3.6.2</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l79_366666b71c0c595d15e5a45449a38d1f3019d326"></a>ehcache-3.6.2.jar (shaded: org.ehcache.modules:ehcache-impl:3.6.2)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>The implementation module of Ehcache 3</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/ehcache-3.6.2.jar/META-INF/maven/org.ehcache.modules/ehcache-impl/pom.xml<br/><b>MD5:</b>&nbsp;8d0e0fe4ba05f0002c03b6ddf3ab595e<br/><b>SHA1:</b>&nbsp;366666b71c0c595d15e5a45449a38d1f3019d326<br/><b>SHA256:</b>2549c39f1b44810d8d430b904809300b14210e6bbe037452a1ddddc3654be7ff</p><h4 id="header235" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content235" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://terracotta.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Ehcache 3 Implementation module</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>ehcache-impl</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>ehcache.modules</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://ehcache.org</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Ehcache 3 Implementation module</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>ehcache.modules</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://terracotta.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>ehcache-impl</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://ehcache.org</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.6.2</td><td>Highest</td></tr></table></div><h4 id="header236" class="subsectionheader white">Identifiers</h4><div id="content236" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.ehcache.modules/ehcache-impl@3.6.2" target="_blank">pkg:maven/org.ehcache.modules/ehcache-impl@3.6.2</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l80_307ac3366a1efda998f8a57827980f42086cc093"></a>ehcache-3.6.2.jar (shaded: org.ehcache.modules:ehcache-xml:3.6.2)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>The module containing all XML parsing logic Ehcache 3</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/ehcache-3.6.2.jar/META-INF/maven/org.ehcache.modules/ehcache-xml/pom.xml<br/><b>MD5:</b>&nbsp;1aa1885df02266fd9db6e7e5f02e234e<br/><b>SHA1:</b>&nbsp;307ac3366a1efda998f8a57827980f42086cc093<br/><b>SHA256:</b>8f22b844a04ae9e4ec58cbf0d7994e009d2887969d7a83d00b77904948986372</p><h4 id="header237" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content237" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://terracotta.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>ehcache.modules</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>ehcache-xml</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>http://ehcache.org</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Ehcache 3 XML Parsing module</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc.</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>ehcache.modules</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://terracotta.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>ehcache-xml</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Ehcache 3 XML Parsing module</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>http://ehcache.org</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.6.2</td><td>Highest</td></tr></table></div><h4 id="header238" class="subsectionheader white">Identifiers</h4><div id="content238" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.ehcache.modules/ehcache-xml@3.6.2" target="_blank">pkg:maven/org.ehcache.modules/ehcache-xml@3.6.2</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l81_18d4a015c7463bbec8d68a1698cf705b71cc934d"></a>ehcache-3.6.2.jar (shaded: org.ehcache:sizeof:0.3.0)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>SizeOf engine, extracted from Ehcache</pre></p><p><b>License:</b><pre class="indent">The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/ehcache-3.6.2.jar/META-INF/maven/org.ehcache/sizeof/pom.xml<br/><b>MD5:</b>&nbsp;588370e0f47ff5c821dfb86a758404e7<br/><b>SHA1:</b>&nbsp;18d4a015c7463bbec8d68a1698cf705b71cc934d<br/><b>SHA256:</b>7900c3e04b8ed68d03f068b69fee12ca3ed649a0d3d52989d7914a44454ed6ff</p><h4 id="header239" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content239" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>Terracotta</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>ehcache/sizeof</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>http://terracotta.org</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>sizeof</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>ehcache</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Ehcache SizeOf Engine</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>ehcache/sizeof</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>Terracotta</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>http://terracotta.org</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>ehcache</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>sizeof</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Ehcache SizeOf Engine</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>0.3.0</td><td>Highest</td></tr></table></div><h4 id="header240" class="subsectionheader white">Identifiers</h4><div id="content240" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.ehcache/sizeof@0.3.0" target="_blank">pkg:maven/org.ehcache/sizeof@0.3.0</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l82_6b13d65d75adbd135491d1ac49209caf9f1a7011"></a>ehcache-3.6.2.jar (shaded: org.terracotta:offheap-store:2.4.0)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>A library that offers data structures allocated off the java heap.</pre></p><p><b>License:</b><pre class="indent">The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/ehcache-3.6.2.jar/META-INF/maven/org.terracotta/offheap-store/pom.xml<br/><b>MD5:</b>&nbsp;c65ff37b9dcad535613a70eafe371086<br/><b>SHA1:</b>&nbsp;6b13d65d75adbd135491d1ac49209caf9f1a7011<br/><b>SHA256:</b>a34f215fd0c4cf3abb671d9ca34cde8de96f81e8067622c4c527558c65589ff4</p><h4 id="header241" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content241" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Terracotta Off-Heap Store</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>offheap-store</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>terracotta</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>Terracotta-OSS/offheap-store/</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Terracotta Off-Heap Store</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>offheap-store</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>terracotta</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>Terracotta-OSS/offheap-store/</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.4.0</td><td>Highest</td></tr></table></div><h4 id="header242" class="subsectionheader white">Identifiers</h4><div id="content242" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.terracotta/offheap-store@2.4.0" target="_blank">pkg:maven/org.terracotta/offheap-store@2.4.0</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l83_56e7b6d8a273bd82f2d7066b7063de656763f2b7"></a>ehcache-3.6.2.jar (shaded: org.terracotta:statistics:2.1)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>A statistics framework used inside Ehcache and the Terracotta products</pre></p><p><b>License:</b><pre class="indent">The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/ehcache-3.6.2.jar/META-INF/maven/org.terracotta/statistics/pom.xml<br/><b>MD5:</b>&nbsp;c2e7d02d7e332392956c557deed20543<br/><b>SHA1:</b>&nbsp;56e7b6d8a273bd82f2d7066b7063de656763f2b7<br/><b>SHA256:</b>c97d57efb3ac671e65a39fc2109e354ef5ea665a1a6490491e5a348e0dbf1ebb</p><h4 id="header243" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content243" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Terracotta Statistics</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>terracotta</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>Terracotta-OSS/statistics</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>statistics</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Terracotta Statistics</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>terracotta</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>statistics</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>Terracotta-OSS/statistics</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>2.1</td><td>Highest</td></tr></table></div><h4 id="header244" class="subsectionheader white">Identifiers</h4><div id="content244" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.terracotta/statistics@2.1" target="_blank">pkg:maven/org.terracotta/statistics@2.1</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l84_fa363fecfc18a58e5fab569f8f45ce0268f6fac0"></a>byte-buddy-1.9.5.jar (shaded: net.bytebuddy:byte-buddy-dep:1.9.5)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>
        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with a remaining dependency onto ASM.
        You should never depend on this module without repackaging Byte Buddy and ASM into your own namespace.
    </pre></p><p><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/byte-buddy-1.9.5.jar/META-INF/maven/net.bytebuddy/byte-buddy-dep/pom.xml<br/><b>MD5:</b>&nbsp;456c34667f58c6ee3c8efab064975519<br/><b>SHA1:</b>&nbsp;fa363fecfc18a58e5fab569f8f45ce0268f6fac0<br/><b>SHA256:</b>97bd42c71cb60d89ab81d7aea882f5b96659b0861baa1a6dcd397f4c402722e2</p><h4 id="header245" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content245" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>net.bytebuddy</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>byte-buddy-dep</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>parent-artifactid</td><td>byte-buddy-parent</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Byte Buddy (with dependencies)</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>parent-artifactid</td><td>byte-buddy-parent</td><td>Medium</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>net.bytebuddy</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Byte Buddy (with dependencies)</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>byte-buddy-dep</td><td>Highest</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.9.5</td><td>Highest</td></tr></table></div><h4 id="header246" class="subsectionheader white">Identifiers</h4><div id="content246" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/net.bytebuddy/byte-buddy-dep@1.9.5" target="_blank">pkg:maven/net.bytebuddy/byte-buddy-dep@1.9.5</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div><h3 class="subsectionheader standardsubsection notvulnerable"><a name="l85_312cf913d2d027395cf9cb15a46af2e763e876c6"></a>micrometer-core-1.1.1.jar (shaded: org.pcollections:pcollections:3.0.3)</h3><div class="subsectioncontent notvulnerable"><p><b>Description:</b><pre>A Persistent Java Collections Library</pre></p><p><b>License:</b><pre class="indent">The MIT License: https://opensource.org/licenses/mit-license.php</pre><b>File&nbsp;Path:</b>&nbsp;/home/vagrant/devsecops/spring-petclinic/target/petclinic/WEB-INF/lib/micrometer-core-1.1.1.jar/META-INF/maven/org.pcollections/pcollections/pom.xml<br/><b>MD5:</b>&nbsp;35ba5e5a8572be83189294f2607ee97b<br/><b>SHA1:</b>&nbsp;312cf913d2d027395cf9cb15a46af2e763e876c6<br/><b>SHA256:</b>dbd55a6571ebc17f31e4ba012d35aae6d6384d35287e12cb69a02a5597547a42</p><h4 id="header247" class="subsectionheader expandable expandablesubsection white">Evidence</h4><div id="content247" class="subsectioncontent standardsubsection hidden"><table class="lined fullwidth" border="0"><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>pcollections</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>PCollections</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>https://pcollections.org</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>pcollections</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>PCollections</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>pcollections</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>pcollections</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>https://pcollections.org</td><td>Medium</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>3.0.3</td><td>Highest</td></tr></table></div><h4 id="header248" class="subsectionheader white">Identifiers</h4><div id="content248" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.pcollections/pcollections@3.0.3" target="_blank">pkg:maven/org.pcollections/pcollections@3.0.3</a>&nbsp;&nbsp;(<i>Confidence</i>:High)</li></ul></div></div></div></div><div><br/><br/>This report contains data retrieved from the <a href="https://nvd.nist.gov">National Vulnerability Database</a>.<br/>This report may contain data retrieved from the <a href="https://www.npmjs.com/advisories">NPM Public Advisories</a>.<br/>This report may contain data retrieved from <a href="https://retirejs.github.io/retire.js/">RetireJS</a>.<br/>This report may contain data retrieved from the <a href="https://ossindex.sonatype.org">Sonatype OSS Index</a>.</div></body></html>