src.test.resources.dependency-check-report-several.json Maven / Gradle / Ivy
{
"reportSchema": "1.1",
"scanInfo": {
"engineVersion": "9.0.6",
"dataSource": [
{
"name": "NVD API Last Checked",
"timestamp": "2024-01-02T09:24:53+01"
},
{
"name": "NVD API Last Modified",
"timestamp": "2024-01-02T08:15:10Z"
}
]
},
"projectInfo": {
"name": "root project 'toolarium-common'",
"groupID": "com.github.toolarium",
"artifactID": "toolarium-common",
"version": "0.4.1-SNAPSHOT",
"reportDate": "2024-01-02T08:28:48.258279700Z",
"credits": {
"NVD": "This product uses the NVD API but is not endorsed or certified by the NVD. This report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov",
"CISA": "This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"NPM": "This report may contain data retrieved from the Github Advisory Database (via NPM Audit API): https://github.com/advisories/",
"RETIREJS": "This report may contain data retrieved from the RetireJS community: https://retirejs.github.io/retire.js/",
"OSSINDEX": "This report may contain data retrieved from the Sonatype OSS Index: https://ossindex.sonatype.org"
}
},
"dependencies": [
{
"isVirtual": false,
"fileName": "jackson-annotations-2.13.2.jar",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\com.fasterxml.jackson.core\\jackson-annotations\\2.13.2\\ec18851f1976d5b810ae1a5fcc32520d2d38f77a\\jackson-annotations-2.13.2.jar",
"md5": "2352a291fc39d23cfe5c100728de1ea7",
"sha1": "ec18851f1976d5b810ae1a5fcc32520d2d38f77a",
"sha256": "7d3df5aafa2dc61ad1dbad30f411548c0184ed92d94628c63168721f08237cd4",
"description": "Core annotations used for value types, used by Jackson data binding package.\n ",
"license": "The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt",
"projectReferences": [
"toolarium-common:compileClasspath",
"toolarium-common:runtimeClasspath"
],
"includedBy": [
{
"reference": "pkg:maven/com.fasterxml.jackson.core/[email protected]"
},
{
"reference": "pkg:maven/com.fasterxml.jackson.core/[email protected]"
}
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jackson-annotations"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jackson-annotations"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "fasterxml"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jackson"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "1.8"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "http://github.com/FasterXML/jackson"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "com.fasterxml.jackson.core.jackson-annotations"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "implementation-build-date",
"value": "2022-03-06 19:20:24+0000"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Vendor",
"value": "FasterXML"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Implementation-Vendor-Id",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "specification-vendor",
"value": "FasterXML"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "artifactid",
"value": "jackson-annotations"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "Jackson-annotations"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "parent-artifactid",
"value": "jackson-parent"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-groupid",
"value": "com.fasterxml.jackson"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "url",
"value": "http://github.com/FasterXML/jackson"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jackson-annotations"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jackson-annotations"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "hint analyzer",
"name": "product",
"value": "java8"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "hint analyzer",
"name": "product",
"value": "modules"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "fasterxml"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jackson"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "1.8"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "http://github.com/FasterXML/jackson"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Bundle-Name",
"value": "Jackson-annotations"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "com.fasterxml.jackson.core.jackson-annotations"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "implementation-build-date",
"value": "2022-03-06 19:20:24+0000"
},
{
"type": "product",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Title",
"value": "Jackson-annotations"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "specification-title",
"value": "Jackson-annotations"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "artifactid",
"value": "jackson-annotations"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "Jackson-annotations"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-artifactid",
"value": "jackson-parent"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-groupid",
"value": "com.fasterxml.jackson"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "url",
"value": "http://github.com/FasterXML/jackson"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "HIGH",
"source": "file",
"name": "version",
"value": "2.13.2"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "gradle",
"name": "version",
"value": "2.13.2"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Bundle-Version",
"value": "2.13.2"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Version",
"value": "2.13.2"
},
{
"type": "version",
"confidence": "LOW",
"source": "pom",
"name": "parent-version",
"value": "2.13.2"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "pom",
"name": "version",
"value": "2.13.2"
}
]
},
"packages": [
{
"id": "pkg:maven/com.fasterxml.jackson.core/[email protected]",
"confidence": "HIGH",
"url": "https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6"
}
],
"vulnerabilityIds": [
{
"id": "cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.2:*:*:*:*:*:*:*",
"confidence": "LOW"
}
]
},
{
"isVirtual": false,
"fileName": "jackson-annotations-2.15.3.jar",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\com.fasterxml.jackson.core\\jackson-annotations\\2.15.3\\79baf4e605eb3bbb60b1c475d44a7aecceea1d60\\jackson-annotations-2.15.3.jar",
"md5": "f478f693731e4a2f0f0d3c7bba119b32",
"sha1": "79baf4e605eb3bbb60b1c475d44a7aecceea1d60",
"sha256": "aae865c3d88256d61b11523cb1e88bd48d5b9ad5855fa1fc859504fd2204708a",
"description": "Core annotations used for value types, used by Jackson data binding package.\n ",
"license": "The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt",
"projectReferences": [
"toolarium-common:annotationProcessor"
],
"includedBy": [
{
"reference": "pkg:maven/com.github.toolarium/[email protected]"
}
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jackson-annotations"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jackson-annotations"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "fasterxml"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jackson"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "1.8"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "https://github.com/FasterXML/jackson"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "com.fasterxml.jackson.core.jackson-annotations"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Vendor",
"value": "FasterXML"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Implementation-Vendor-Id",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "specification-vendor",
"value": "FasterXML"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "artifactid",
"value": "jackson-annotations"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "Jackson-annotations"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "parent-artifactid",
"value": "jackson-parent"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-groupid",
"value": "com.fasterxml.jackson"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "url",
"value": "FasterXML/jackson"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jackson-annotations"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jackson-annotations"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "hint analyzer",
"name": "product",
"value": "java8"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "hint analyzer",
"name": "product",
"value": "modules"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "fasterxml"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jackson"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "1.8"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "https://github.com/FasterXML/jackson"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Bundle-Name",
"value": "Jackson-annotations"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "com.fasterxml.jackson.core.jackson-annotations"
},
{
"type": "product",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Title",
"value": "Jackson-annotations"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "specification-title",
"value": "Jackson-annotations"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "artifactid",
"value": "jackson-annotations"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "Jackson-annotations"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-artifactid",
"value": "jackson-parent"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-groupid",
"value": "com.fasterxml.jackson"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "url",
"value": "FasterXML/jackson"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "HIGH",
"source": "file",
"name": "version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "gradle",
"name": "version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Bundle-Version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "LOW",
"source": "pom",
"name": "parent-version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "pom",
"name": "version",
"value": "2.15.3"
}
]
},
"packages": [
{
"id": "pkg:maven/com.fasterxml.jackson.core/[email protected]",
"confidence": "HIGH",
"url": "https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6"
}
],
"vulnerabilityIds": [
{
"id": "cpe:2.3:a:fasterxml:jackson-modules-java8:2.15.3:*:*:*:*:*:*:*",
"confidence": "LOW"
}
]
},
{
"isVirtual": false,
"fileName": "jackson-core-2.13.2.jar",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\com.fasterxml.jackson.core\\jackson-core\\2.13.2\\a6a0e0620d51833feffc67bccb51937b2345763\\jackson-core-2.13.2.jar",
"md5": "c56433d75479665998ccbd50678480fa",
"sha1": "0a6a0e0620d51833feffc67bccb51937b2345763",
"sha256": "9bfa278ad05179fb68087851caf607652702ca25424bec8358a3716e751405c8",
"description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON",
"license": "The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt",
"projectReferences": [
"toolarium-common:compileClasspath",
"toolarium-common:runtimeClasspath"
],
"includedBy": [
{
"reference": "pkg:maven/com.fasterxml.jackson.core/[email protected]"
},
{
"reference": "pkg:maven/com.fasterxml.jackson.core/[email protected]"
}
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jackson-core"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jackson-core"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "base"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "core"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "fasterxml"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jackson"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "json"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "1.8"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "https://github.com/FasterXML/jackson-core"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "com.fasterxml.jackson.core.jackson-core"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "implementation-build-date",
"value": "2022-03-06 19:27:27+0000"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Vendor",
"value": "FasterXML"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Implementation-Vendor-Id",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "multi-release",
"value": "true"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "specification-vendor",
"value": "FasterXML"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "artifactid",
"value": "jackson-core"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "Jackson-core"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "parent-artifactid",
"value": "jackson-base"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-groupid",
"value": "com.fasterxml.jackson"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "url",
"value": "FasterXML/jackson-core"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jackson-core"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jackson-core"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "hint analyzer",
"name": "product",
"value": "java8"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "hint analyzer",
"name": "product",
"value": "modules"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "base"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "core"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "fasterxml"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jackson"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "json"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "1.8"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "https://github.com/FasterXML/jackson-core"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Bundle-Name",
"value": "Jackson-core"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "com.fasterxml.jackson.core.jackson-core"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "implementation-build-date",
"value": "2022-03-06 19:27:27+0000"
},
{
"type": "product",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Title",
"value": "Jackson-core"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "multi-release",
"value": "true"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "specification-title",
"value": "Jackson-core"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "artifactid",
"value": "jackson-core"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "Jackson-core"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-artifactid",
"value": "jackson-base"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-groupid",
"value": "com.fasterxml.jackson"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "url",
"value": "FasterXML/jackson-core"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "HIGH",
"source": "file",
"name": "version",
"value": "2.13.2"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "gradle",
"name": "version",
"value": "2.13.2"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Bundle-Version",
"value": "2.13.2"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Version",
"value": "2.13.2"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "pom",
"name": "version",
"value": "2.13.2"
}
]
},
"packages": [
{
"id": "pkg:maven/com.fasterxml.jackson.core/[email protected]",
"confidence": "HIGH",
"url": "https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6"
}
],
"vulnerabilityIds": [
{
"id": "cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.2:*:*:*:*:*:*:*",
"confidence": "LOW"
}
]
},
{
"isVirtual": false,
"fileName": "jackson-core-2.15.3.jar",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\com.fasterxml.jackson.core\\jackson-core\\2.15.3\\60d600567c1862840397bf9ff5a92398edc5797b\\jackson-core-2.15.3.jar",
"md5": "c86c75392bf138d54d2a219bb1d0cbcd",
"sha1": "60d600567c1862840397bf9ff5a92398edc5797b",
"sha256": "51fab7aad51ed588482edc507fd542747936c5094d1ab76ed21ddb63b96b610d",
"description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON",
"license": "The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt",
"projectReferences": [
"toolarium-common:annotationProcessor"
],
"includedBy": [
{
"reference": "pkg:maven/com.github.toolarium/[email protected]"
}
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jackson-core"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jackson-core"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "base"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "com"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "core"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "fasterxml"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jackson"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "json"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "1.8"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "https://github.com/FasterXML/jackson-core"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "com.fasterxml.jackson.core.jackson-core"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Vendor",
"value": "FasterXML"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Implementation-Vendor-Id",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "multi-release",
"value": "true"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "specification-vendor",
"value": "FasterXML"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "artifactid",
"value": "jackson-core"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "Jackson-core"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "parent-artifactid",
"value": "jackson-base"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-groupid",
"value": "com.fasterxml.jackson"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "url",
"value": "FasterXML/jackson-core"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jackson-core"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jackson-core"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "hint analyzer",
"name": "product",
"value": "java8"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "hint analyzer",
"name": "product",
"value": "modules"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "base"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "com"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "core"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "fasterxml"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jackson"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "json"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "1.8"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "https://github.com/FasterXML/jackson-core"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Bundle-Name",
"value": "Jackson-core"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "com.fasterxml.jackson.core.jackson-core"
},
{
"type": "product",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Title",
"value": "Jackson-core"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "multi-release",
"value": "true"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "specification-title",
"value": "Jackson-core"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "artifactid",
"value": "jackson-core"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "Jackson-core"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-artifactid",
"value": "jackson-base"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-groupid",
"value": "com.fasterxml.jackson"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "url",
"value": "FasterXML/jackson-core"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "HIGH",
"source": "file",
"name": "version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "gradle",
"name": "version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Bundle-Version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "pom",
"name": "version",
"value": "2.15.3"
}
]
},
"packages": [
{
"id": "pkg:maven/com.fasterxml.jackson.core/[email protected]",
"confidence": "HIGH",
"url": "https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6"
}
],
"vulnerabilityIds": [
{
"id": "cpe:2.3:a:fasterxml:jackson-modules-java8:2.15.3:*:*:*:*:*:*:*",
"confidence": "LOW"
}
]
},
{
"isVirtual": false,
"fileName": "jackson-databind-2.13.2.1.jar",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\com.fasterxml.jackson.core\\jackson-databind\\2.13.2.1\\919754c0de3c2f22187e07318da1766f7583b5f7\\jackson-databind-2.13.2.1.jar",
"md5": "b66a191219300cdb6113af6a6360326d",
"sha1": "919754c0de3c2f22187e07318da1766f7583b5f7",
"sha256": "33ef5309aeeebd45e87beca7e576f59a4fea2c03ef993dd522a92d8fc3e35fff",
"description": "General data-binding functionality for Jackson: works on core streaming API",
"license": "The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt",
"projectReferences": [
"toolarium-common:compileClasspath",
"toolarium-common:runtimeClasspath"
],
"includedBy": [
{
"reference": "pkg:maven/com.github.toolarium/[email protected]"
},
{
"reference": "pkg:maven/com.fasterxml.jackson.core/[email protected]"
},
{
"reference": "pkg:maven/com.github.toolarium/[email protected]"
},
{
"reference": "pkg:maven/com.fasterxml.jackson.core/[email protected]"
}
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jackson-databind"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jackson-databind"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "databind"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "fasterxml"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jackson"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "1.8"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "http://github.com/FasterXML/jackson"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "com.fasterxml.jackson.core.jackson-databind"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "implementation-build-date",
"value": "2022-03-25 02:38:28+0000"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Vendor",
"value": "FasterXML"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Implementation-Vendor-Id",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "multi-release",
"value": "true"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "specification-vendor",
"value": "FasterXML"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "artifactid",
"value": "jackson-databind"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "jackson-databind"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "parent-artifactid",
"value": "jackson-base"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-groupid",
"value": "com.fasterxml.jackson"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "url",
"value": "http://github.com/FasterXML/jackson"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jackson-databind"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jackson-databind"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "hint analyzer",
"name": "product",
"value": "java8"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "hint analyzer",
"name": "product",
"value": "modules"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "databind"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "fasterxml"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jackson"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "1.8"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "http://github.com/FasterXML/jackson"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Bundle-Name",
"value": "jackson-databind"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "com.fasterxml.jackson.core.jackson-databind"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "implementation-build-date",
"value": "2022-03-25 02:38:28+0000"
},
{
"type": "product",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Title",
"value": "jackson-databind"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "multi-release",
"value": "true"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "specification-title",
"value": "jackson-databind"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "artifactid",
"value": "jackson-databind"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "jackson-databind"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-artifactid",
"value": "jackson-base"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-groupid",
"value": "com.fasterxml.jackson"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "url",
"value": "http://github.com/FasterXML/jackson"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "HIGH",
"source": "file",
"name": "version",
"value": "2.13.2.1"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "gradle",
"name": "version",
"value": "2.13.2.1"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Bundle-Version",
"value": "2.13.2.1"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Version",
"value": "2.13.2.1"
},
{
"type": "version",
"confidence": "LOW",
"source": "pom",
"name": "parent-version",
"value": "2.13.2.1"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "pom",
"name": "version",
"value": "2.13.2.1"
}
]
},
"packages": [
{
"id": "pkg:maven/com.fasterxml.jackson.core/[email protected]",
"confidence": "HIGH",
"url": "https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6"
}
],
"vulnerabilityIds": [
{
"id": "cpe:2.3:a:fasterxml:jackson-databind:2.13.2.1:*:*:*:*:*:*:*",
"confidence": "HIGHEST",
"url": "https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.13.2.1"
}
],
"vulnerabilities": [
{
"source": "NVD",
"name": "CVE-2022-42003",
"severity": "HIGH",
"cvssv3": {
"baseScore": 7.5,
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseSeverity": "HIGH",
"exploitabilityScore": "3.9",
"impactScore": "3.6",
"version": "3.1"
},
"cwes": [
"CWE-502"
],
"description": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.",
"notes": "",
"references": [
{
"source": "OSSIndex",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42003",
"name": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42003"
},
{
"source": "OSSIndex",
"url": "https://github.com/FasterXML/jackson-databind/issues/3590",
"name": "https://github.com/FasterXML/jackson-databind/issues/3590"
},
{
"source": "OSSINDEX",
"url": "https://ossindex.sonatype.org/vulnerability/CVE-2022-42003?component-type=maven&component-name=com.fasterxml.jackson.core%2Fjackson-databind&utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6",
"name": "[CVE-2022-42003] CWE-502: Deserialization of Untrusted Data"
},
{
"source": "[email protected]",
"url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33",
"name": "PATCH,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://security.gentoo.org/glsa/202210-21",
"name": "THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://github.com/FasterXML/jackson-databind/issues/3590",
"name": "EXPLOIT,ISSUE_TRACKING,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://security.netapp.com/advisory/ntap-20221124-0004/",
"name": "THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://www.debian.org/security/2022/dsa-5283",
"name": "THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020",
"name": "EXPLOIT,ISSUE_TRACKING,MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html",
"name": "MAILING_LIST,THIRD_PARTY_ADVISORY"
},
{
"source": "OSSIndex",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
}
],
"vulnerableSoftware": [
{
"software": {
"id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.12.7.1"
}
},
{
"software": {
"id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"vulnerabilityIdMatched": "true",
"versionStartIncluding": "2.13.0",
"versionEndExcluding": "2.13.4.1"
}
},
{
"software": {
"id": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.13.3"
}
}
]
},
{
"source": "NVD",
"name": "CVE-2022-42004",
"severity": "HIGH",
"cvssv3": {
"baseScore": 7.5,
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseSeverity": "HIGH",
"exploitabilityScore": "3.9",
"impactScore": "3.6",
"version": "3.1"
},
"cwes": [
"CWE-502"
],
"description": "In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.",
"notes": "",
"references": [
{
"source": "[email protected]",
"url": "https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88",
"name": "PATCH,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490",
"name": "EXPLOIT,ISSUE_TRACKING,MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://security.gentoo.org/glsa/202210-21",
"name": "THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://www.debian.org/security/2022/dsa-5283",
"name": "THIRD_PARTY_ADVISORY"
},
{
"source": "OSSIndex",
"url": "https://github.com/FasterXML/jackson-databind/issues/3582",
"name": "https://github.com/FasterXML/jackson-databind/issues/3582"
},
{
"source": "[email protected]",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html",
"name": "MAILING_LIST,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://github.com/FasterXML/jackson-databind/issues/3582",
"name": "EXPLOIT,ISSUE_TRACKING,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://security.netapp.com/advisory/ntap-20221118-0008/",
"name": "THIRD_PARTY_ADVISORY"
},
{
"source": "OSSINDEX",
"url": "https://ossindex.sonatype.org/vulnerability/CVE-2022-42004?component-type=maven&component-name=com.fasterxml.jackson.core%2Fjackson-databind&utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6",
"name": "[CVE-2022-42004] CWE-502: Deserialization of Untrusted Data"
},
{
"source": "OSSIndex",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42004",
"name": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42004"
},
{
"source": "OSSIndex",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490"
}
],
"vulnerableSoftware": [
{
"software": {
"id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.12.7.1"
}
},
{
"software": {
"id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"vulnerabilityIdMatched": "true",
"versionStartIncluding": "2.13.0",
"versionEndExcluding": "2.13.4"
}
},
{
"software": {
"id": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.13.0"
}
}
]
},
{
"source": "NVD",
"name": "CVE-2023-35116",
"severity": "MEDIUM",
"cvssv3": {
"baseScore": 4.7,
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseSeverity": "MEDIUM",
"exploitabilityScore": "1.0",
"impactScore": "3.6",
"version": "3.1"
},
"cwes": [
"CWE-770"
],
"description": "jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.",
"notes": "",
"references": [
{
"source": "[email protected]",
"url": "https://github.com/FasterXML/jackson-databind/issues/3972",
"name": "ISSUE_TRACKING"
}
],
"vulnerableSoftware": [
{
"software": {
"id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"vulnerabilityIdMatched": "true",
"versionEndExcluding": "2.16.0"
}
}
]
}
]
},
{
"isVirtual": false,
"fileName": "jackson-databind-2.15.3.jar",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\com.fasterxml.jackson.core\\jackson-databind\\2.15.3\\a734bc2c47a9453c4efa772461a3aeb273c010d9\\jackson-databind-2.15.3.jar",
"md5": "5f453c55f127690fa8491ce347aa055c",
"sha1": "a734bc2c47a9453c4efa772461a3aeb273c010d9",
"sha256": "c3c53333a2172a80678bda1803e39cff45bec6ae3e9c7d4f44a81ec4e2ab18dc",
"description": "General data-binding functionality for Jackson: works on core streaming API",
"license": "The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt",
"projectReferences": [
"toolarium-common:annotationProcessor"
],
"includedBy": [
{
"reference": "pkg:maven/com.github.toolarium/[email protected]"
}
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jackson-databind"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jackson-databind"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "databind"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "fasterxml"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jackson"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "1.8"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "https://github.com/FasterXML/jackson"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "com.fasterxml.jackson.core.jackson-databind"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Vendor",
"value": "FasterXML"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Implementation-Vendor-Id",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "multi-release",
"value": "true"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "specification-vendor",
"value": "FasterXML"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "artifactid",
"value": "jackson-databind"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "jackson-databind"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "parent-artifactid",
"value": "jackson-base"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-groupid",
"value": "com.fasterxml.jackson"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "url",
"value": "FasterXML/jackson"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jackson-databind"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jackson-databind"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "hint analyzer",
"name": "product",
"value": "java8"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "hint analyzer",
"name": "product",
"value": "modules"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "databind"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "fasterxml"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jackson"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "1.8"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "https://github.com/FasterXML/jackson"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Bundle-Name",
"value": "jackson-databind"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "com.fasterxml.jackson.core.jackson-databind"
},
{
"type": "product",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Title",
"value": "jackson-databind"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "multi-release",
"value": "true"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "specification-title",
"value": "jackson-databind"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "artifactid",
"value": "jackson-databind"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "com.fasterxml.jackson.core"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "jackson-databind"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-artifactid",
"value": "jackson-base"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-groupid",
"value": "com.fasterxml.jackson"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "url",
"value": "FasterXML/jackson"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "HIGH",
"source": "file",
"name": "version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "gradle",
"name": "version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Bundle-Version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "pom",
"name": "version",
"value": "2.15.3"
}
]
},
"packages": [
{
"id": "pkg:maven/com.fasterxml.jackson.core/[email protected]",
"confidence": "HIGH",
"url": "https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6"
}
],
"vulnerabilityIds": [
{
"id": "cpe:2.3:a:fasterxml:jackson-databind:2.15.3:*:*:*:*:*:*:*",
"confidence": "HIGHEST",
"url": "https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.15.3"
}
],
"vulnerabilities": [
{
"source": "NVD",
"name": "CVE-2023-35116",
"severity": "MEDIUM",
"cvssv3": {
"baseScore": 4.7,
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseSeverity": "MEDIUM",
"exploitabilityScore": "1.0",
"impactScore": "3.6",
"version": "3.1"
},
"cwes": [
"CWE-770"
],
"description": "jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.",
"notes": "",
"references": [
{
"source": "[email protected]",
"url": "https://github.com/FasterXML/jackson-databind/issues/3972",
"name": "ISSUE_TRACKING"
}
],
"vulnerableSoftware": [
{
"software": {
"id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"vulnerabilityIdMatched": "true",
"versionEndExcluding": "2.16.0"
}
}
]
}
]
},
{
"isVirtual": false,
"fileName": "jackson-datatype-jsr310-2.15.3.jar",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\com.fasterxml.jackson.datatype\\jackson-datatype-jsr310\\2.15.3\\4a20a0e104931bfa72f24ef358c2eb63f1ef2aaf\\jackson-datatype-jsr310-2.15.3.jar",
"md5": "acd8ae6da000eb831a69b4acdc182b7f",
"sha1": "4a20a0e104931bfa72f24ef358c2eb63f1ef2aaf",
"sha256": "bea1d78009ebc4e5d54918a3f7aec5da9fbd09f662c191a217ffcf37e8527c5e",
"description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.",
"license": "http://www.apache.org/licenses/LICENSE-2.0.txt",
"projectReferences": [
"toolarium-common:annotationProcessor"
],
"includedBy": [
{
"reference": "pkg:maven/com.github.toolarium/[email protected]"
}
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jackson-datatype-jsr310"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jackson-datatype-jsr310"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "groupid",
"value": "com.fasterxml.jackson.datatype"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "datatype"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "fasterxml"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jackson"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jsr310"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "1.8"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "com.fasterxml.jackson.datatype.jackson-datatype-jsr310"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Vendor",
"value": "FasterXML"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Implementation-Vendor-Id",
"value": "com.fasterxml.jackson.datatype"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "multi-release",
"value": "true"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "specification-vendor",
"value": "FasterXML"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "artifactid",
"value": "jackson-datatype-jsr310"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "developer email",
"value": "[email protected]"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "pom",
"name": "developer id",
"value": "beamerblvd"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "pom",
"name": "developer name",
"value": "Nick Williams"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "com.fasterxml.jackson.datatype"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "Jackson datatype: JSR310"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "parent-artifactid",
"value": "jackson-modules-java8"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-groupid",
"value": "com.fasterxml.jackson.module"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jackson-datatype-jsr310"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jackson-datatype-jsr310"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "datatype"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "fasterxml"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jackson"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jsr310"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "1.8"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Bundle-Name",
"value": "Jackson datatype: JSR310"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "com.fasterxml.jackson.datatype.jackson-datatype-jsr310"
},
{
"type": "product",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Title",
"value": "Jackson datatype: JSR310"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "multi-release",
"value": "true"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "specification-title",
"value": "Jackson datatype: JSR310"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "artifactid",
"value": "jackson-datatype-jsr310"
},
{
"type": "product",
"confidence": "LOW",
"source": "pom",
"name": "developer email",
"value": "[email protected]"
},
{
"type": "product",
"confidence": "LOW",
"source": "pom",
"name": "developer id",
"value": "beamerblvd"
},
{
"type": "product",
"confidence": "LOW",
"source": "pom",
"name": "developer name",
"value": "Nick Williams"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "com.fasterxml.jackson.datatype"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "Jackson datatype: JSR310"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-artifactid",
"value": "jackson-modules-java8"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-groupid",
"value": "com.fasterxml.jackson.module"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "HIGH",
"source": "file",
"name": "version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "gradle",
"name": "version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Bundle-Version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Version",
"value": "2.15.3"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "pom",
"name": "version",
"value": "2.15.3"
}
]
},
"packages": [
{
"id": "pkg:maven/com.fasterxml.jackson.datatype/[email protected]",
"confidence": "HIGH",
"url": "https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.datatype/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6"
}
],
"vulnerabilityIds": [
{
"id": "cpe:2.3:a:fasterxml:jackson-modules-java8:2.15.3:*:*:*:*:*:*:*",
"confidence": "LOW"
}
]
},
{
"isVirtual": false,
"fileName": "jptools-1.7.10.jar",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\net.sf.jptools\\jptools\\1.7.10\\6edc0aa949c03872aaae7074724bd2f48a02d4d2\\jptools-1.7.10.jar",
"md5": "c59267e8aa445a2a4c968f90aac8c0d6",
"sha1": "6edc0aa949c03872aaae7074724bd2f48a02d4d2",
"sha256": "d6ae78701c80db6299175d8590f59095ff641aec175250e5b12948c7ef123cdc",
"projectReferences": [
"toolarium-common:modelGenerator"
],
"includedBy": [
{
"reference": "pkg:maven/com.github.toolarium/[email protected]"
}
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jptools"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jptools"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "groupid",
"value": "net.sf.jptools"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "jptools"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "build-os",
"value": "Windows 10 (10.0), amd64"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "build-timestamp",
"value": "2023-05-01T11:28:53.326+0200"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "source-compatibility",
"value": "1.8"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "target-compatibility",
"value": "1.8"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jptools"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jptools"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jptools"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "build-os",
"value": "Windows 10 (10.0), amd64"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "build-timestamp",
"value": "2023-05-01T11:28:53.326+0200"
},
{
"type": "product",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Title",
"value": "jptools"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "source-compatibility",
"value": "1.8"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "specification-title",
"value": "jptools"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "target-compatibility",
"value": "1.8"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "HIGH",
"source": "file",
"name": "version",
"value": "1.7.10"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Version",
"value": "1.7.10"
}
]
},
"packages": [
{
"id": "pkg:maven/net.sf.jptools/[email protected]",
"confidence": "HIGHEST",
"url": "https://ossindex.sonatype.org/component/pkg:maven/net.sf.jptools/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6"
}
]
},
{
"isVirtual": false,
"fileName": "jxl-2.6.12.jar",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\net.sourceforge.jexcelapi\\jxl\\2.6.12\\7faf62e0697f7a88954622dfe8c8de33ed142ac7\\jxl-2.6.12.jar",
"md5": "62f8a643ebd1ffcf891b51778dc37565",
"sha1": "7faf62e0697f7a88954622dfe8c8de33ed142ac7",
"sha256": "c5c53645ab751288398f30adaec5551879c5ee334d4862ea77b25a386646621c",
"projectReferences": [
"toolarium-common:modelGenerator"
],
"includedBy": [
{
"reference": "pkg:maven/com.github.toolarium/[email protected]"
}
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jxl"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jxl"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "groupid",
"value": "net.sourceforge.jexcelapi"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "biff"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "jxl"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jxl"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "jxl"
},
{
"type": "product",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "biff"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "MEDIUM",
"source": "file",
"name": "name",
"value": "jxl"
},
{
"type": "version",
"confidence": "HIGH",
"source": "file",
"name": "version",
"value": "2.6.12"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "gradle",
"name": "version",
"value": "2.6.12"
}
]
},
"packages": [
{
"id": "pkg:maven/net.sourceforge.jexcelapi/[email protected]",
"confidence": "HIGHEST",
"url": "https://ossindex.sonatype.org/component/pkg:maven/net.sourceforge.jexcelapi/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6"
}
]
},
{
"isVirtual": false,
"fileName": "log4j-1.2.17.jar",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\log4j\\log4j\\1.2.17\\5af35056b4d257e4b64b9e8069c0746e8b08629f\\log4j-1.2.17.jar",
"md5": "04a41f0a068986f0f73485cf507c0f40",
"sha1": "5af35056b4d257e4b64b9e8069c0746e8b08629f",
"sha256": "1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f9",
"description": "Apache Log4j 1.2",
"license": "The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt",
"projectReferences": [
"toolarium-common:compileClasspath",
"toolarium-common:runtimeClasspath"
],
"includedBy": [
{
"reference": "pkg:maven/com.github.toolarium/[email protected]"
},
{
"reference": "pkg:maven/com.github.toolarium/[email protected]"
}
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "log4j"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "log4j"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "groupid",
"value": "log4j"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "apache"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "log4j"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "http://logging.apache.org/log4j/1.2"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "log4j"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "manifest: org.apache.log4j",
"name": "Implementation-Vendor",
"value": "\"Apache Software Foundation\""
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "artifactid",
"value": "log4j"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "log4j"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "Apache Log4j"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "pom",
"name": "organization name",
"value": "Apache Software Foundation"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "pom",
"name": "organization url",
"value": "http://www.apache.org"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "url",
"value": "http://logging.apache.org/log4j/1.2/"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "log4j"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "log4j"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "apache"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "log4j"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "http://logging.apache.org/log4j/1.2"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Bundle-Name",
"value": "Apache Log4j"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "log4j"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "manifest: org.apache.log4j",
"name": "Implementation-Title",
"value": "log4j"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "artifactid",
"value": "log4j"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "log4j"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "Apache Log4j"
},
{
"type": "product",
"confidence": "LOW",
"source": "pom",
"name": "organization name",
"value": "Apache Software Foundation"
},
{
"type": "product",
"confidence": "LOW",
"source": "pom",
"name": "organization url",
"value": "http://www.apache.org"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "url",
"value": "http://logging.apache.org/log4j/1.2/"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "HIGH",
"source": "file",
"name": "version",
"value": "1.2.17"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "gradle",
"name": "version",
"value": "1.2.17"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Bundle-Version",
"value": "1.2.17"
},
{
"type": "version",
"confidence": "MEDIUM",
"source": "manifest: org.apache.log4j",
"name": "Implementation-Version",
"value": "1.2.17"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "pom",
"name": "version",
"value": "1.2.17"
}
]
},
"packages": [
{
"id": "pkg:maven/log4j/[email protected]",
"confidence": "HIGH",
"url": "https://ossindex.sonatype.org/component/pkg:maven/log4j/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6"
}
],
"vulnerabilityIds": [
{
"id": "cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*",
"confidence": "HIGHEST",
"url": "https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Alog4j&cpe_version=cpe%3A%2F%3Aapache%3Alog4j%3A1.2.17"
}
],
"vulnerabilities": [
{
"source": "NVD",
"name": "CVE-2019-17571",
"severity": "CRITICAL",
"cvssv2": {
"score": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authenticationr": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"severity": "HIGH",
"version": "2.0",
"exploitabilityScore": "10.0",
"impactScore": "6.4"
},
"cvssv3": {
"baseScore": 9.8,
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "CRITICAL",
"exploitabilityScore": "3.9",
"impactScore": "5.9",
"version": "3.1"
},
"cwes": [
"CWE-502"
],
"description": "Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.",
"notes": "",
"references": [
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r8890b8f18f1de821595792b58b968a89692a255bc20d86d395270740%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/ra18a903f785aed9403aea38bc6f36844a056283c00dcfc6936b6318c%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r8c392ca48bb7e50754e4bc05865e9731b23d568d18a520fe3d8c1f75%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/re36da78e4f3955ba6c1c373a2ab85a4deb215ca74b85fcd66142fea1%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3Cissues.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3Cdev.tika.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r909b8e3a36913944d3b7bafe9635d4ca84f8f0e2cd146a1784f667c2%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00022.html",
"name": "MAILING_LIST,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r9fb3238cfc3222f2392ca6517353aadae18f76866157318ac562e706%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"name": "THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rbdf18e39428b5c80fc35113470198b1fe53b287a76a46b0f8780b5fd%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r594411f4bddebaf48a4c70266d0b7849e0d82bb72826f61b3a35bba7%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rd7805c1bf9388968508c6c8f84588773216e560055ddcc813d19f347%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rf1b434e11834a4449cd7addb69ed0aef0923112b5938182b363a968c%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/752ec92cd1e334a639e79bfbd689a4ec2c6579ec5bb41b53ffdf358d%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r3543ead2317dcd3306f69ee37b07dd383dbba6e2f47ff11eb55879ad%40%3Cusers.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r13d4b5c60ff63f3c4fab51d6ff266655be503b8a1884e2f2fab67c3a%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r2756fd570b6709d55a61831ca028405bcb3e312175a60bc5d911c81f%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"name": "THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3Cdev.tika.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3Cissues.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r4ac89cbecd9e298ae9fafb5afda6fa77ac75c78d1ac957837e066c4e%40%3Cuser.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3Cissues.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r26244f9f7d9a8a27a092eb0b2a0ca9395e88fcde8b5edaeca7ce569c%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r8418a0dff1729f19cf1024937e23a2db4c0f94f2794a423f5c10e8e7%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E"
},
{
"source": "OSSIndex",
"url": "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3Cannounce.apache.org%3E",
"name": "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3Cannounce.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r9d0d03f2e7d9e13c68b530f81d02b0fec33133edcf27330d8089fcfb%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"name": "PATCH,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rf77f79699c8d7e430c14cf480f12ed1297e6e8cf2ed379a425941e80%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r189aaeaad897f7d6b96f7c43a8ef2dfb9f6e9f8c1cc9ad182ce9b9ae%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "OSSIndex",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785616",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1785616"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r8c6300245c0bcef095e9f07b48157e2c6471df0816db3408fcf1d748%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3Cdev.tika.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E",
"name": "MAILING_LIST,VENDOR_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3Cdev.tika.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/564f03b4e9511fcba29c68fc0299372dadbdb002718fa8edcc4325e4%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rc17d8491beee51607693019857e41e769795366b85be00aa2f4b3159%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rf53eeefb7e7e524deaacb9f8671cbf01b8a253e865fb94e7656722c0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "OSSIndex",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17571",
"name": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17571"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r8d78a0fbb56d505461e29868d1026e98c402e6a568c13a6da67896a2%40%3Cdev.jena.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r90c23eb8c82835fa82df85ae5e88c81fd9241e20a22971b0fb8f2c34%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rbd19de368abf0764e4383ec44d527bc9870176f488a494f09a40500d%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r944183c871594fe9a555b8519a7c945bbcf6714d72461aa6c929028f%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3Cissues.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3Cdev.tika.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3Cissues.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3Cissues.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00008.html",
"name": "MAILING_LIST,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3Cissues.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r7a1acc95373105169bd44df710c2f462cad31fb805364d2958a5ee03%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r3c575cabc7386e646fb12cb82b0b38ae5a6ade8a800f827107824495%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r6d34da5a0ca17ab08179a30c971446c7421af0e96f6d60867eabfc52%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3Cdev.tika.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://www.debian.org/security/2020/dsa-4686",
"name": "THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://security.netapp.com/advisory/ntap-20200110-0001/",
"name": "THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3Cissues.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3Cdev.tika.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://usn.ubuntu.com/4495-1/",
"name": "THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"name": "PATCH,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "OSSINDEX",
"url": "https://ossindex.sonatype.org/vulnerability/CVE-2019-17571?component-type=maven&component-name=log4j%2Flog4j&utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6",
"name": "[CVE-2019-17571] CWE-502: Deserialization of Untrusted Data"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3Cissues.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r356d57d6225f91fdc30f8b0a2bed229d1ece55e16e552878c5fa809a%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r3cf50d05ce8cec8c09392624b7bae750e7643dae60ef2438641ee015%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r6236b5f8646d48af8b66d5050f288304016840788e508c883356fe0e%40%3Clog4j-user.logging.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3Cissues.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/reaf6b996f74f12b4557bc221abe88f58270ac583942fa41293c61f94%40%3Cpluto-scm.portals.apache.org%3E"
},
{
"source": "OSSIndex",
"url": "https://issues.apache.org/jira/browse/LOG4J2-1863",
"name": "https://issues.apache.org/jira/browse/LOG4J2-1863"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rc628307962ae1b8cc2d21b8e4b7dd6d7755b2dd52fa56a151a27e4fd%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rd6254837403e8cbfc7018baa9be29705f3f06bd007c83708f9a97679%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r6b45a2fcc8e98ac93a179183dbb7f340027bdb8e3ab393418076b153%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r8a1cfd4705258c106e488091fcec85f194c82f2bbde6bd151e201870%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r05755112a8c164abc1004bb44f198b1e3d8ca3d546a8f13ebd3aa05f%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rda4849c6823dd3e83c7a356eb883180811d5c28359fe46865fd151c3%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rfdf65fa675c64a64459817344e0e6c44d51ee264beea6e5851fb60dc%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/ra54fa49be3e773d99ccc9c2a422311cf77e3ecd3b8594ee93043a6b1%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r9d2e28e71f91ba0b6f4114c8ecd96e2b1f7e0d06bdf8eb768c183aa9%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"name": "PATCH,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r6aec6b8f70167fa325fb98b3b5c9ce0ffaed026e697b69b85ac24628%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r9a9e3b42cd5d1c4536a14ef04f75048dec8e2740ac6a138ea912177f%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rd3a9511eebab60e23f224841390a3f8cd5358cff605c5f7042171e47%40%3Cdev.tinkerpop.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r3bf7b982dfa0779f8a71f843d2aa6b4184a53e6be7f149ee079387fd%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3Cdev.tika.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3Cissues.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r1b7734dfdfd938640f2f5fb6f4231a267145c71ed60cc7faa1cbac07%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r696507338dd5f44efc23d98cafe30f217cf3ba78e77ed1324c7a5179%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r7f462c69d5ded4c0223e014d95a3496690423c5f6f05c09e2f2a407a%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rd882ab6b642fe59cbbe94dc02bd197342058208f482e57b537940a4b%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3Cissues.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/ra9611a8431cb62369bce8909d7645597e1dd45c24b448836b1e54940%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rcd71280585425dad7e232f239c5709e425efdd0d3de4a92f808a4767%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3Cissues.activemq.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rf9c19bcc2f7a98a880fa3e3456c003d331812b55836b34ef648063c9%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r5c084578b3e3b40bd903c9d9e525097421bcd88178e672f612102eb2%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rdb7ddf28807e27c7801f6e56a0dfb31092d34c61bdd4fa2de9182119%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rb3c94619728c8f8c176d8e175e0a1086ca737ecdfcd5a2214bb768bc%40%3Ccommits.bookkeeper.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3Cdev.tika.apache.org%3E"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r71e26f9c2d5826c6f95ad60f7d052d75e1e70b0d2dd853db6fc26d5f%40%3Cjira.kafka.apache.org%3E"
}
],
"vulnerableSoftware": [
{
"software": {
"id": "cpe:2.3:a:apache:bookkeeper:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.3"
}
},
{
"software": {
"id": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"vulnerabilityIdMatched": "true",
"versionEndIncluding": "1.2.17"
}
},
{
"software": {
"id": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.1.3"
}
},
{
"software": {
"id": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3.2",
"versionEndIncluding": "7.3.6"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.1.0",
"versionEndIncluding": "14.8.0"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.0.29"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.2",
"versionEndIncluding": "16.2.11"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.12.0",
"versionEndIncluding": "17.12.7"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
}
}
]
},
{
"source": "NVD",
"name": "CVE-2020-9493",
"severity": "CRITICAL",
"cvssv2": {
"score": 6.8,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authenticationr": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"severity": "MEDIUM",
"version": "2.0",
"exploitabilityScore": "8.6",
"impactScore": "6.4"
},
"cvssv3": {
"baseScore": 9.8,
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "CRITICAL",
"exploitabilityScore": "3.9",
"impactScore": "5.9",
"version": "3.1"
},
"cwes": [
"CWE-502"
],
"description": "A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.",
"notes": "",
"references": [
{
"source": "[email protected]",
"url": "http://www.openwall.com/lists/oss-security/2022/01/18/5",
"name": "MAILING_LIST,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread.html/r50d389c613ba6062a26aa57e163c09bfee4ff2d95d67331d75265b83%40%3Cannounce.apache.org%3E"
},
{
"source": "[email protected]",
"url": "http://www.openwall.com/lists/oss-security/2021/06/16/1",
"name": "MAILING_LIST,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://www.openwall.com/lists/oss-security/2021/06/16/1",
"name": "MAILING_LIST,TOOL_SIGNATURE"
}
],
"vulnerableSoftware": [
{
"software": {
"id": "cpe:2.3:a:apache:chainsaw:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.0"
}
},
{
"software": {
"id": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"vulnerabilityIdMatched": "true",
"versionStartIncluding": "1.2",
"versionEndExcluding": "2.0"
}
},
{
"software": {
"id": "cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.18.1"
}
}
]
},
{
"source": "NVD",
"name": "CVE-2022-23305",
"severity": "CRITICAL",
"cvssv2": {
"score": 6.8,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authenticationr": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"severity": "MEDIUM",
"version": "2.0",
"exploitabilityScore": "8.6",
"impactScore": "6.4"
},
"cvssv3": {
"baseScore": 9.8,
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "CRITICAL",
"exploitabilityScore": "3.9",
"impactScore": "5.9",
"version": "3.1"
},
"cwes": [
"CWE-89"
],
"description": "By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.",
"notes": "",
"references": [
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y",
"name": "ISSUE_TRACKING,MAILING_LIST,VENDOR_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://security.netapp.com/advisory/ntap-20220217-0007/",
"name": "THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"name": "PATCH,THIRD_PARTY_ADVISORY"
},
{
"source": "OSSIndex",
"url": "https://logging.apache.org/log4j/1.2/index.html",
"name": "https://logging.apache.org/log4j/1.2/index.html"
},
{
"source": "[email protected]",
"url": "http://www.openwall.com/lists/oss-security/2022/01/18/4",
"name": "MAILING_LIST,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://logging.apache.org/log4j/1.2/index.html",
"name": "VENDOR_ADVISORY"
},
{
"source": "OSSIndex",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23305",
"name": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23305"
},
{
"source": "OSSIndex",
"url": "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y",
"name": "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y"
},
{
"source": "[email protected]",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"name": "PATCH,THIRD_PARTY_ADVISORY"
},
{
"source": "OSSIndex",
"url": "https://logging.apache.org/log4j/2.x/security.html",
"name": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"source": "OSSINDEX",
"url": "https://ossindex.sonatype.org/vulnerability/CVE-2022-23305?component-type=maven&component-name=log4j%2Flog4j&utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6",
"name": "[CVE-2022-23305] CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
],
"vulnerableSoftware": [
{
"software": {
"id": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"vulnerabilityIdMatched": "true",
"versionStartIncluding": "1.2",
"versionEndIncluding": "1.2.17"
}
},
{
"software": {
"id": "cpe:2.3:a:broadcom:brocade_sannav:-:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.0.0.4.4"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.1.1.1"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:e-business_suite_information_discovery:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.3",
"versionEndIncluding": "12.2.11"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.8.0"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.8.0"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.0.29"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.18.2"
}
}
]
},
{
"source": "NVD",
"name": "CVE-2022-23302",
"severity": "HIGH",
"cvssv2": {
"score": 6.0,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authenticationr": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"severity": "MEDIUM",
"version": "2.0",
"exploitabilityScore": "6.8",
"impactScore": "6.4"
},
"cvssv3": {
"baseScore": 8.8,
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "HIGH",
"exploitabilityScore": "2.8",
"impactScore": "5.9",
"version": "3.1"
},
"cwes": [
"CWE-502"
],
"description": "JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.",
"notes": "",
"references": [
{
"source": "[email protected]",
"url": "https://security.netapp.com/advisory/ntap-20220217-0006/",
"name": "THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"name": "PATCH,THIRD_PARTY_ADVISORY"
},
{
"source": "OSSIndex",
"url": "https://logging.apache.org/log4j/1.2/index.html",
"name": "https://logging.apache.org/log4j/1.2/index.html"
},
{
"source": "[email protected]",
"url": "https://logging.apache.org/log4j/1.2/index.html",
"name": "VENDOR_ADVISORY"
},
{
"source": "[email protected]",
"url": "http://www.openwall.com/lists/oss-security/2022/01/18/3",
"name": "MAILING_LIST,THIRD_PARTY_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"name": "PATCH,THIRD_PARTY_ADVISORY"
},
{
"source": "OSSIndex",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23302",
"name": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23302"
},
{
"source": "OSSIndex",
"url": "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w",
"name": "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w",
"name": "MAILING_LIST,MITIGATION,VENDOR_ADVISORY"
},
{
"source": "OSSINDEX",
"url": "https://ossindex.sonatype.org/vulnerability/CVE-2022-23302?component-type=maven&component-name=log4j%2Flog4j&utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6",
"name": "[CVE-2022-23302] CWE-502: Deserialization of Untrusted Data"
}
],
"vulnerableSoftware": [
{
"software": {
"id": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"vulnerabilityIdMatched": "true",
"versionStartIncluding": "1.0.1",
"versionEndIncluding": "1.2.17"
}
},
{
"software": {
"id": "cpe:2.3:a:broadcom:brocade_sannav:-:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.0.0.4.4"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.1.1.1"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.8.0"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.8.0"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.0.29"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.18.1"
}
}
]
},
{
"source": "NVD",
"name": "CVE-2022-23307",
"severity": "HIGH",
"cvssv2": {
"score": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authenticationr": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"severity": "HIGH",
"version": "2.0",
"exploitabilityScore": "8.0",
"impactScore": "10.0"
},
"cvssv3": {
"baseScore": 8.8,
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "HIGH",
"exploitabilityScore": "2.8",
"impactScore": "5.9",
"version": "3.1"
},
"cwes": [
"CWE-502"
],
"description": "CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.",
"notes": "",
"references": [
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh",
"name": "MAILING_LIST,VENDOR_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"name": "PATCH,THIRD_PARTY_ADVISORY"
},
{
"source": "OSSIndex",
"url": "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh",
"name": "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh"
},
{
"source": "OSSIndex",
"url": "https://logging.apache.org/log4j/1.2/index.html",
"name": "https://logging.apache.org/log4j/1.2/index.html"
},
{
"source": "OSSINDEX",
"url": "https://ossindex.sonatype.org/vulnerability/CVE-2022-23307?component-type=maven&component-name=log4j%2Flog4j&utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6",
"name": "[CVE-2022-23307] CWE-502: Deserialization of Untrusted Data"
},
{
"source": "[email protected]",
"url": "https://logging.apache.org/log4j/1.2/index.html",
"name": "VENDOR_ADVISORY"
},
{
"source": "[email protected]",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"name": "PATCH,THIRD_PARTY_ADVISORY"
},
{
"source": "OSSIndex",
"url": "https://logging.apache.org/log4j/2.x/security.html",
"name": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"source": "OSSIndex",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23307",
"name": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23307"
}
],
"vulnerableSoftware": [
{
"software": {
"id": "cpe:2.3:a:apache:chainsaw:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.0"
}
},
{
"software": {
"id": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"vulnerabilityIdMatched": "true",
"versionStartIncluding": "1.2",
"versionEndExcluding": "2.0"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.0.0.4.4"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.1.1.1"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.8.0"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.8.0"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.0.29"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
}
},
{
"software": {
"id": "cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.18.1"
}
}
]
},
{
"source": "OSSINDEX",
"name": "CVE-2021-4104",
"severity": "HIGH",
"cvssv3": {
"baseScore": 7.5,
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "HIGH",
"version": "3.1"
},
"cwes": [
"CWE-502"
],
"description": "JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.\n\nSonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2021-4104 for details",
"notes": "",
"references": [
{
"source": "OSSIndex",
"url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126",
"name": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
},
{
"source": "OSSIndex",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4104",
"name": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4104"
},
{
"source": "OSSIndex",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667"
},
{
"source": "OSSINDEX",
"url": "https://ossindex.sonatype.org/vulnerability/CVE-2021-4104?component-type=maven&component-name=log4j%2Flog4j&utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6",
"name": "[CVE-2021-4104] CWE-502: Deserialization of Untrusted Data"
}
],
"vulnerableSoftware": [
{
"software": {
"id": "cpe:2.3:a:log4j:log4j:1.2.17:*:*:*:*:*:*:*",
"vulnerabilityIdMatched": "true"
}
}
]
},
{
"source": "NVD",
"name": "CVE-2023-26464",
"severity": "HIGH",
"cvssv3": {
"baseScore": 7.5,
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseSeverity": "HIGH",
"exploitabilityScore": "3.9",
"impactScore": "3.6",
"version": "3.1"
},
"cwes": [
"CWE-502"
],
"description": "** UNSUPPORTED WHEN ASSIGNED **\n\nWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\n\nThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\n\n\n",
"notes": "",
"references": [
{
"source": "OSSIndex",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26464",
"name": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26464"
},
{
"source": "OSSINDEX",
"url": "https://ossindex.sonatype.org/vulnerability/CVE-2023-26464?component-type=maven&component-name=log4j%2Flog4j&utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6",
"name": "[CVE-2023-26464] CWE-502: Deserialization of Untrusted Data"
},
{
"source": "[email protected]",
"url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t",
"name": "MAILING_LIST"
},
{
"source": "[email protected]",
"url": "https://security.netapp.com/advisory/ntap-20230505-0008/"
},
{
"source": "OSSIndex",
"url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t",
"name": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t"
},
{
"source": "OSSIndex",
"url": "https://github.com/advisories/GHSA-vp98-w2p3-mv35",
"name": "https://github.com/advisories/GHSA-vp98-w2p3-mv35"
}
],
"vulnerableSoftware": [
{
"software": {
"id": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"vulnerabilityIdMatched": "true",
"versionStartIncluding": "1.0.4",
"versionEndExcluding": "2.0"
}
}
]
}
]
},
{
"isVirtual": false,
"fileName": "org.jacoco.agent-0.8.9.jar: jacocoagent.jar (shaded: org.jacoco:org.jacoco.agent.rt:0.8.9)",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\org.jacoco\\org.jacoco.agent\\0.8.9\\9af6e948fe6611437a691c4052cc7ff59cfa9a87\\org.jacoco.agent-0.8.9.jar\\jacocoagent.jar\\META-INF/maven/org.jacoco/org.jacoco.agent.rt/pom.xml",
"md5": "06f8be91bf1dee590f62342c16f4cb5e",
"sha1": "b76c6513056458a597ff2fee17812306d1517b1d",
"sha256": "d1e4d1e96612c192aa62af1e4fb053720b74b890d38b5cec03bc4a0fa62b58b2",
"description": "JaCoCo Java Agent",
"projectReferences": [
"toolarium-common:jacocoAgent"
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "artifactid",
"value": "jacoco.agent.rt"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "org.jacoco"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "JaCoCo :: Agent RT"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "parent-artifactid",
"value": "org.jacoco.build"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "artifactid",
"value": "jacoco.agent.rt"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "org.jacoco"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "JaCoCo :: Agent RT"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-artifactid",
"value": "org.jacoco.build"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "HIGHEST",
"source": "pom",
"name": "version",
"value": "0.8.9"
}
]
},
"packages": [
{
"id": "pkg:maven/org.jacoco/[email protected]",
"confidence": "HIGH",
"url": "https://ossindex.sonatype.org/component/pkg:maven/org.jacoco/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6"
}
]
},
{
"isVirtual": false,
"fileName": "org.jacoco.agent-0.8.9.jar: jacocoagent.jar (shaded: org.jacoco:org.jacoco.core:0.8.9)",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\org.jacoco\\org.jacoco.agent\\0.8.9\\9af6e948fe6611437a691c4052cc7ff59cfa9a87\\org.jacoco.agent-0.8.9.jar\\jacocoagent.jar\\META-INF/maven/org.jacoco/org.jacoco.core/pom.xml",
"md5": "a289ecd9035330a8892a80e3eb53c046",
"sha1": "04abbbb943140ca9f7f6c029eb554c38b7f40c1f",
"sha256": "5404f7052765a64374d275367fd9485bb5996b369113c89a8557d8f024810f02",
"description": "JaCoCo Core",
"projectReferences": [
"toolarium-common:jacocoAgent"
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "artifactid",
"value": "jacoco.core"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "org.jacoco"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "JaCoCo :: Core"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "parent-artifactid",
"value": "org.jacoco.build"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "artifactid",
"value": "jacoco.core"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "org.jacoco"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "JaCoCo :: Core"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-artifactid",
"value": "org.jacoco.build"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "HIGHEST",
"source": "pom",
"name": "version",
"value": "0.8.9"
}
]
},
"packages": [
{
"id": "pkg:maven/org.jacoco/[email protected]",
"confidence": "HIGH",
"url": "https://ossindex.sonatype.org/component/pkg:maven/org.jacoco/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6"
}
]
},
{
"isVirtual": false,
"fileName": "org.jacoco.agent-0.8.9.jar: jacocoagent.jar",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\org.jacoco\\org.jacoco.agent\\0.8.9\\9af6e948fe6611437a691c4052cc7ff59cfa9a87\\org.jacoco.agent-0.8.9.jar\\jacocoagent.jar",
"md5": "e852c5e07bc13ffdc6a68303799f80ad",
"sha1": "ad836d1c585c7e1dbf5cf828efa34528d9700303",
"sha256": "191734a0b7ef97606e6a09ae584c4acab47eb30fcb4c555d3d440d4e0d71d73d",
"projectReferences": [
"toolarium-common:jacocoAgent"
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jacocoagent"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "agent"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "agent"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jacoco"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "jacoco"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "rt"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "rt"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "automatic-module-name",
"value": "org.jacoco.agent.rt"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Vendor",
"value": "Mountainminds GmbH & Co. KG"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "jacocoagent"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "agent"
},
{
"type": "product",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "agent"
},
{
"type": "product",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "internal_4481564"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jacoco"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "rt"
},
{
"type": "product",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "rt"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "automatic-module-name",
"value": "org.jacoco.agent.rt"
},
{
"type": "product",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Title",
"value": "JaCoCo Java Agent"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Version",
"value": "0.8.9"
}
]
}
},
{
"isVirtual": false,
"fileName": "org.jacoco.agent-0.8.9.jar",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\org.jacoco\\org.jacoco.agent\\0.8.9\\9af6e948fe6611437a691c4052cc7ff59cfa9a87\\org.jacoco.agent-0.8.9.jar",
"md5": "b09c7ffaede51aeb5f351b32ed942082",
"sha1": "9af6e948fe6611437a691c4052cc7ff59cfa9a87",
"sha256": "c067e29a49063220e75215eff1bc234584ad002e747afdf13a69662be5b0e07d",
"description": "JaCoCo Agent",
"license": "https://www.eclipse.org/legal/epl-2.0/",
"projectReferences": [
"toolarium-common:jacocoAgent"
],
"includedBy": [
{
"reference": "pkg:maven/com.github.toolarium/[email protected]"
}
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "org.jacoco.agent"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "org.jacoco.agent"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "groupid",
"value": "org.jacoco"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "agent"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jacoco"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "automatic-module-name",
"value": "org.jacoco.agent"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-requiredexecutionenvironment",
"value": "J2SE-1.5"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "org.jacoco.agent"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "originally-created-by",
"value": "Apache Maven Bundle Plugin"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "artifactid",
"value": "jacoco.agent"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "org.jacoco"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "JaCoCo :: Agent"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "parent-artifactid",
"value": "org.jacoco.build"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "org.jacoco.agent"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "org.jacoco.agent"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "agent"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "jacoco"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "automatic-module-name",
"value": "org.jacoco.agent"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Bundle-Name",
"value": "JaCoCo Agent"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-requiredexecutionenvironment",
"value": "J2SE-1.5"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "org.jacoco.agent"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "originally-created-by",
"value": "Apache Maven Bundle Plugin"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "artifactid",
"value": "jacoco.agent"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "org.jacoco"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "JaCoCo :: Agent"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-artifactid",
"value": "org.jacoco.build"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "HIGH",
"source": "file",
"name": "version",
"value": "0.8.9"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "gradle",
"name": "version",
"value": "0.8.9"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "pom",
"name": "version",
"value": "0.8.9"
}
]
},
"packages": [
{
"id": "pkg:maven/org.jacoco/[email protected]",
"confidence": "HIGH",
"url": "https://ossindex.sonatype.org/component/pkg:maven/org.jacoco/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6"
}
]
},
{
"isVirtual": false,
"fileName": "slf4j-api-2.0.10.jar",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\org.slf4j\\slf4j-api\\2.0.10\\7af762c03f74a463d36d5786ec67006cce865892\\slf4j-api-2.0.10.jar",
"md5": "08d65b27994b1cfcbe703d564f6f15f3",
"sha1": "7af762c03f74a463d36d5786ec67006cce865892",
"sha256": "b7ddb31a515debbddec8e9145e2cf7b197926f40e454376647724f92e6382043",
"description": "The slf4j API",
"license": "http://www.opensource.org/licenses/mit-license.php",
"projectReferences": [
"toolarium-common:annotationProcessor"
],
"includedBy": [
{
"reference": "pkg:maven/com.github.toolarium/[email protected]"
}
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "slf4j-api"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "slf4j-api"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "groupid",
"value": "org.slf4j"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "slf4j"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "21"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "http://www.slf4j.org"
},
{
"type": "vendor",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "slf4j.api"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "multi-release",
"value": "true"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "originally-created-by",
"value": "Apache Maven Bundle Plugin 5.1.9"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "artifactid",
"value": "slf4j-api"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "org.slf4j"
},
{
"type": "vendor",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "SLF4J API Module"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "pom",
"name": "parent-artifactid",
"value": "slf4j-parent"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "pom",
"name": "url",
"value": "http://www.slf4j.org"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "slf4j-api"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "slf4j-api"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "9"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "slf4j"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "build-jdk-spec",
"value": "21"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "bundle-docurl",
"value": "http://www.slf4j.org"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "Bundle-Name",
"value": "SLF4J API Module"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "bundle-symbolicname",
"value": "slf4j.api"
},
{
"type": "product",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Title",
"value": "slf4j-api"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "multi-release",
"value": "true"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "originally-created-by",
"value": "Apache Maven Bundle Plugin 5.1.9"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "artifactid",
"value": "slf4j-api"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "pom",
"name": "groupid",
"value": "org.slf4j"
},
{
"type": "product",
"confidence": "HIGH",
"source": "pom",
"name": "name",
"value": "SLF4J API Module"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "parent-artifactid",
"value": "slf4j-parent"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "pom",
"name": "url",
"value": "http://www.slf4j.org"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "HIGH",
"source": "file",
"name": "version",
"value": "2.0.10"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "gradle",
"name": "version",
"value": "2.0.10"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Bundle-Version",
"value": "2.0.10"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Version",
"value": "2.0.10"
},
{
"type": "version",
"confidence": "HIGHEST",
"source": "pom",
"name": "version",
"value": "2.0.10"
}
]
},
"packages": [
{
"id": "pkg:maven/org.slf4j/[email protected]",
"confidence": "HIGH",
"url": "https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6"
}
]
},
{
"isVirtual": false,
"fileName": "toolarium-enum-configuration-1.1.8.jar",
"filePath": "C:\\Users\\user\\.gradle\\caches\\modules-2\\files-2.1\\com.github.toolarium\\toolarium-enum-configuration\\1.1.8\\b6dae83817a1dbc8e0e05cdeb0c4c8d276edea6f\\toolarium-enum-configuration-1.1.8.jar",
"md5": "8f586c6696b475cccc456b4fada3d18f",
"sha1": "b6dae83817a1dbc8e0e05cdeb0c4c8d276edea6f",
"sha256": "229c718839f70ecde3b97aee0f79847746e1892c3ec7ce32c6fb34c1607063bc",
"projectReferences": [
"toolarium-common:annotationProcessor",
"toolarium-common:compileClasspath"
],
"includedBy": [
{
"reference": "pkg:maven/com.github.toolarium/[email protected]"
},
{
"reference": "pkg:maven/com.github.toolarium/[email protected]"
}
],
"evidenceCollected": {
"vendorEvidence": [
{
"type": "vendor",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "toolarium-enum-configuration"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "toolarium-enum-configuration"
},
{
"type": "vendor",
"confidence": "HIGHEST",
"source": "gradle",
"name": "groupid",
"value": "com.github.toolarium"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "enumeration"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "github"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "toolarium"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "build-os",
"value": "Windows 11 (10.0), amd64"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "build-timestamp",
"value": "2023-12-31T19:29:46.744+0100"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "source-compatibility",
"value": "1.8"
},
{
"type": "vendor",
"confidence": "LOW",
"source": "Manifest",
"name": "target-compatibility",
"value": "1.8"
}
],
"productEvidence": [
{
"type": "product",
"confidence": "HIGH",
"source": "file",
"name": "name",
"value": "toolarium-enum-configuration"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "gradle",
"name": "artifactid",
"value": "toolarium-enum-configuration"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "configuration"
},
{
"type": "product",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "configuration"
},
{
"type": "product",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "enumeration"
},
{
"type": "product",
"confidence": "HIGHEST",
"source": "jar",
"name": "package name",
"value": "toolarium"
},
{
"type": "product",
"confidence": "LOW",
"source": "jar",
"name": "package name",
"value": "toolarium"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "build-os",
"value": "Windows 11 (10.0), amd64"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "build-timestamp",
"value": "2023-12-31T19:29:46.744+0100"
},
{
"type": "product",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Title",
"value": "toolarium-enum-configuration"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "source-compatibility",
"value": "1.8"
},
{
"type": "product",
"confidence": "MEDIUM",
"source": "Manifest",
"name": "specification-title",
"value": "toolarium-enum-configuration"
},
{
"type": "product",
"confidence": "LOW",
"source": "Manifest",
"name": "target-compatibility",
"value": "1.8"
}
],
"versionEvidence": [
{
"type": "version",
"confidence": "HIGH",
"source": "file",
"name": "version",
"value": "1.1.8"
},
{
"type": "version",
"confidence": "HIGH",
"source": "Manifest",
"name": "Implementation-Version",
"value": "1.1.8"
}
]
},
"packages": [
{
"id": "pkg:maven/com.github.toolarium/[email protected]",
"confidence": "HIGHEST",
"url": "https://ossindex.sonatype.org/component/pkg:maven/com.github.toolarium/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.6"
}
]
}
]
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy