diff --git a/plugin/src/main/java/io/jenkins/plugins/analysis/warnings/OwaspDependencyCheck.java b/plugin/src/main/java/io/jenkins/plugins/analysis/warnings/OwaspDependencyCheck.java new file mode 100644 index 0000000000..ecb6579a94 --- /dev/null +++ b/plugin/src/main/java/io/jenkins/plugins/analysis/warnings/OwaspDependencyCheck.java @@ -0,0 +1,34 @@ +package io.jenkins.plugins.analysis.warnings; + +import org.kohsuke.stapler.DataBoundConstructor; +import org.jenkinsci.Symbol; +import hudson.Extension; + +import io.jenkins.plugins.analysis.core.model.AnalysisModelParser; + +/** + * Provides parser for OWASP dependency check reports. + */ +public class OwaspDependencyCheck extends AnalysisModelParser { + private static final long serialVersionUID = -7721519880683487886L; + + private static final String ID = "owasp-dependency-check"; + + /** Create instance. */ + @DataBoundConstructor + public OwaspDependencyCheck() { + super(); + // empty constructor required for stapler + } + + /** Descriptor for this static analysis tool. */ + @Symbol("owaspDependencyCheck") + @Extension + public static class Descriptor extends AnalysisModelParserDescriptor { + + /** Create instance. **/ + public Descriptor() { + super(ID); + } + } +} diff --git a/plugin/src/test/java/io/jenkins/plugins/analysis/warnings/steps/ParsersITest.java b/plugin/src/test/java/io/jenkins/plugins/analysis/warnings/steps/ParsersITest.java index e09afe5a22..55c3a08a70 100644 --- a/plugin/src/test/java/io/jenkins/plugins/analysis/warnings/steps/ParsersITest.java +++ b/plugin/src/test/java/io/jenkins/plugins/analysis/warnings/steps/ParsersITest.java @@ -928,6 +928,12 @@ public void shouldFindAllOTDockerLintIssues() { shouldFindIssuesOfTool(3, new OTDockerLint(), "ot-docker-linter.json"); } + /** Runs the OWASP dependency check parser on an output file that contains 2 issues. */ + @Test + public void shouldFindOwaspDependencyCheckIssues() { + shouldFindIssuesOfTool(2, new OwaspDependencyCheck(), "dependency-check-report.json"); + } + /** Runs the Brakeman parser on an output file that contains 32 issues. */ @Test public void shouldFindAllBrakemanIssues() { diff --git a/plugin/src/test/resources/io/jenkins/plugins/analysis/warnings/steps/dependency-check-report.json b/plugin/src/test/resources/io/jenkins/plugins/analysis/warnings/steps/dependency-check-report.json new file mode 100644 index 0000000000..f17f072f8f --- /dev/null +++ b/plugin/src/test/resources/io/jenkins/plugins/analysis/warnings/steps/dependency-check-report.json @@ -0,0 +1,10561 @@ +{ + "reportSchema": "1.1", + "scanInfo": { + "engineVersion": "6.5.0", + "dataSource": [ + { + "name": "NVD CVE Checked", + "timestamp": "2021-11-16T08:22:36" + }, + { + "name": "NVD CVE Modified", + "timestamp": "2021-11-15T14:00:01" + }, + { + "name": "VersionCheckOn", + "timestamp": "2021-11-16T08:22:36" + } + ] + }, + "projectInfo": { + "name": "Static Analysis Model and Parsers", + "groupID": "edu.hm.hafner", + "artifactID": "analysis-model", + "version": "10.8.0-SNAPSHOT", + "reportDate": "2021-11-16T07:22:43.869527Z", + "credits": { + "NVD": "This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov", + "NPM": "This report may contain data retrieved from the NPM Public Advisories: https://www.npmjs.com/advisories", + "RETIREJS": "This report may contain data retrieved from the RetireJS community: https://retirejs.github.io/retire.js/", + "OSSINDEX": "This report may contain data retrieved from the Sonatype OSS Index: https://ossindex.sonatype.org" + } + }, + "dependencies": [ + { + "isVirtual": false, + "fileName": "Saxon-HE-10.6.jar", + "filePath": ".m2\\repository\\net\\sf\\saxon\\Saxon-HE\\10.6\\Saxon-HE-10.6.jar", + "md5": "9a608de0abc9291900ecb9313b19cbe5", + "sha1": "6c961655bd2e6ec11054bf7142c502406359f635", + "sha256": "6d08df82e4ed86b6abb1a02c7b74a268fcfc5e004e83bb4ff006ec3a509bd356", + "description": "The XSLT and XQuery Processor", + "license": "Mozilla Public License Version 2.0: http:\/\/www.mozilla.org\/MPL\/2.0\/", + "projectReferences": [ + "Static Analysis Model and Parsers:runtime" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "Saxon-HE" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "net" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "saxon" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "sf" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "project-name", + "value": "Saxon-HE" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "Saxon-HE" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "net.sf.saxon" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Saxon-HE" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "organization name", + "value": "Saxonica" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "organization url", + "value": "https:\/\/www.saxonica.com\/" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/www.saxonica.com\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "Saxon-HE" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "net" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "saxon" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "sf" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "project-name", + "value": "Saxon-HE" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "Saxon-HE" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "net.sf.saxon" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Saxon-HE" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization name", + "value": "Saxonica" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization url", + "value": "https:\/\/www.saxonica.com\/" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/www.saxonica.com\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "10.6" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "10.6" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/net.sf.saxon\/Saxon-HE@10.6", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/net.sf.saxon\/Saxon-HE@10.6?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "accessors-smart-2.4.7.jar", + "filePath": ".m2\\repository\\net\\minidev\\accessors-smart\\2.4.7\\accessors-smart-2.4.7.jar", + "md5": "53cb6c796eb91346af5edb178c42b39b", + "sha1": "3970cfc505e6657ca60f3aa57c849f6043000d7a", + "sha256": "ef5103429f101f7e3ff62f3a182342720439eaea43d2eed3119bba770bb202a9", + "description": "Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls.", + "license": "The Apache Software License, Version 2.0: http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "accessors-smart" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "asm" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "minidev" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "net" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/urielch.github.io\/" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "net.minidev.accessors-smart" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.8))\"" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "accessors-smart" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "net.minidev" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "ASM based accessors helper used by json-smart" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "organization name", + "value": "Chemouni Uriel" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "organization url", + "value": "https:\/\/urielch.github.io\/" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "https:\/\/urielch.github.io\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "accessors-smart" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "asm" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "minidev" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "net" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/urielch.github.io\/" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "accessors-smart" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "net.minidev.accessors-smart" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.8))\"" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "accessors-smart" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "net.minidev" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "ASM based accessors helper used by json-smart" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization name", + "value": "Chemouni Uriel" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization url", + "value": "https:\/\/urielch.github.io\/" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "https:\/\/urielch.github.io\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "2.4.7" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "2.4.7" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "2.4.7" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/net.minidev\/accessors-smart@2.4.7", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/net.minidev\/accessors-smart@2.4.7?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ], + "vulnerabilityIds": [ + { + "id": "cpe:2.3:a:json-smart_project:json-smart-v2:2.4.7:*:*:*:*:*:*:*", + "confidence": "LOW" + }, + { + "id": "cpe:2.3:a:json_smart_project:json_smart:2.4.7:*:*:*:*:*:*:*", + "confidence": "LOW" + } + ] + }, + { + "isVirtual": false, + "fileName": "antlr4-runtime-4.7.2.jar", + "filePath": ".m2\\repository\\org\\antlr\\antlr4-runtime\\4.7.2\\antlr4-runtime-4.7.2.jar", + "md5": "2592a7a5d7320ad5f6677bf41f77a101", + "sha1": "e27d8ab4f984f9d186f54da984a6ab1cccac755e", + "sha256": "4c518b87d4bdff8b44cd8cbc1af816e944b62a3fe5b80b781501cf1f4759bbc4", + "description": "The ANTLR 4 Runtime", + "license": "http:\/\/www.antlr.org\/license.html", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "antlr4-runtime" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "antlr" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "runtime" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "org.antlr.antlr4.runtime" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/www.antlr.org" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.antlr.antlr4-runtime" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "implementation-url", + "value": "http:\/\/www.antlr.org\/runtime\/antlr4-runtime" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Vendor", + "value": "ANTLR" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Implementation-Vendor-Id", + "value": "org.antlr" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.7))\"" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "antlr4-runtime" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.antlr" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "ANTLR 4 Runtime" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "antlr4-master" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "antlr4-runtime" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "antlr" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "runtime" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "org.antlr.antlr4.runtime" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/www.antlr.org" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "ANTLR 4 Runtime" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.antlr.antlr4-runtime" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "ANTLR 4 Runtime" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "implementation-url", + "value": "http:\/\/www.antlr.org\/runtime\/antlr4-runtime" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.7))\"" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "antlr4-runtime" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.antlr" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "ANTLR 4 Runtime" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "antlr4-master" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "4.7.2" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "4.7.2" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "4.7.2" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "4.7.2" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/org.antlr\/antlr4-runtime@4.7.2", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/org.antlr\/antlr4-runtime@4.7.2?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "asm-9.2.jar", + "filePath": ".m2\\repository\\org\\ow2\\asm\\asm\\9.2\\asm-9.2.jar", + "md5": "8f184dce9b1bedc675d4a3640d43ddf0", + "sha1": "81a03f76019c67362299c40e0ba13405f5467bff", + "sha256": "b9d4fe4d71938df38839f0eca42aaaa64cf8b313d678da036f0cb3ca199b47f5", + "description": "ASM, a very small and fast Java bytecode manipulation framework", + "license": "BSD-3-Clause: https:\/\/asm.ow2.io\/license.html", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "asm" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "asm" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "objectweb" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/asm.ow2.org" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "J2SE-1.5" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.objectweb.asm" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "asm" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.ow2.asm" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "asm" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "organization name", + "value": "OW2" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "organization url", + "value": "http:\/\/www.ow2.org\/" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "ow2" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.ow2" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/asm.ow2.io\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "asm" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "asm" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "objectweb" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/asm.ow2.org" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "org.objectweb.asm" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "J2SE-1.5" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.objectweb.asm" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "ASM, a very small and fast Java bytecode manipulation framework" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "asm" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.ow2.asm" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "asm" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization name", + "value": "OW2" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization url", + "value": "http:\/\/www.ow2.org\/" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "ow2" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.ow2" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/asm.ow2.io\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "9.2" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "9.2" + }, + { + "type": "version", + "confidence": "LOW", + "source": "pom", + "name": "parent-version", + "value": "9.2" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "9.2" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/org.ow2.asm\/asm@9.2", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/org.ow2.asm\/asm@9.2?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "asm-analysis-9.2.jar", + "filePath": ".m2\\repository\\org\\ow2\\asm\\asm-analysis\\9.2\\asm-analysis-9.2.jar", + "md5": "e62aa59de96ae29c690c3521ea4b6359", + "sha1": "7487dd756daf96cab9986e44b9d7bcb796a61c10", + "sha256": "878fbe521731c072d14d2d65b983b1beae6ad06fda0007b6a8bae81f73f433c4", + "description": "Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework", + "license": "BSD-3-Clause: https:\/\/asm.ow2.io\/license.html", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "asm-analysis" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "analysis" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "asm" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "objectweb" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "tree" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/asm.ow2.org" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "J2SE-1.5" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.objectweb.asm.tree.analysis" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "module-requires", + "value": "org.objectweb.asm.tree;transitive=true" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "asm-analysis" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.ow2.asm" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "asm-analysis" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "organization name", + "value": "OW2" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "organization url", + "value": "http:\/\/www.ow2.org\/" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "ow2" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.ow2" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/asm.ow2.io\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "asm-analysis" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "analysis" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "asm" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "objectweb" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "tree" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/asm.ow2.org" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "org.objectweb.asm.tree.analysis" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "J2SE-1.5" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.objectweb.asm.tree.analysis" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "module-requires", + "value": "org.objectweb.asm.tree;transitive=true" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "asm-analysis" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.ow2.asm" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "asm-analysis" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization name", + "value": "OW2" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization url", + "value": "http:\/\/www.ow2.org\/" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "ow2" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.ow2" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/asm.ow2.io\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "9.2" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "9.2" + }, + { + "type": "version", + "confidence": "LOW", + "source": "pom", + "name": "parent-version", + "value": "9.2" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "9.2" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/org.ow2.asm\/asm-analysis@9.2", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/org.ow2.asm\/asm-analysis@9.2?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "asm-commons-9.2.jar", + "filePath": ".m2\\repository\\org\\ow2\\asm\\asm-commons\\9.2\\asm-commons-9.2.jar", + "md5": "3eb09775e1076eb0a085a4592faebc2a", + "sha1": "f4d7f0fc9054386f2893b602454d48e07d4fbead", + "sha256": "be4ce53138a238bb522cd781cf91f3ba5ce2f6ca93ec62d46a162a127225e0a6", + "description": "Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework", + "license": "BSD-3-Clause: https:\/\/asm.ow2.io\/license.html", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "asm-commons" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "asm" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "commons" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "objectweb" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/asm.ow2.org" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "J2SE-1.5" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.objectweb.asm.commons" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "module-requires", + "value": "org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "asm-commons" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.ow2.asm" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "asm-commons" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "organization name", + "value": "OW2" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "organization url", + "value": "http:\/\/www.ow2.org\/" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "ow2" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.ow2" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/asm.ow2.io\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "asm-commons" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "asm" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "commons" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "objectweb" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/asm.ow2.org" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "org.objectweb.asm.commons" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "J2SE-1.5" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.objectweb.asm.commons" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "module-requires", + "value": "org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "asm-commons" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.ow2.asm" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "asm-commons" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization name", + "value": "OW2" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization url", + "value": "http:\/\/www.ow2.org\/" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "ow2" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.ow2" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/asm.ow2.io\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "9.2" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "9.2" + }, + { + "type": "version", + "confidence": "LOW", + "source": "pom", + "name": "parent-version", + "value": "9.2" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "9.2" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/org.ow2.asm\/asm-commons@9.2", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/org.ow2.asm\/asm-commons@9.2?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "asm-tree-9.2.jar", + "filePath": ".m2\\repository\\org\\ow2\\asm\\asm-tree\\9.2\\asm-tree-9.2.jar", + "md5": "9c45524e94b19cc8b614b9e81ad544e2", + "sha1": "d96c99a30f5e1a19b0e609dbb19a44d8518ac01e", + "sha256": "aabf9bd23091a4ebfc109c1f3ee7cf3e4b89f6ba2d3f51c5243f16b3cffae011", + "description": "Tree API of ASM, a very small and fast Java bytecode manipulation framework", + "license": "BSD-3-Clause: https:\/\/asm.ow2.io\/license.html", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "asm-tree" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "asm" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "objectweb" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "tree" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/asm.ow2.org" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "J2SE-1.5" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.objectweb.asm.tree" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "module-requires", + "value": "org.objectweb.asm;transitive=true" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "asm-tree" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.ow2.asm" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "asm-tree" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "organization name", + "value": "OW2" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "organization url", + "value": "http:\/\/www.ow2.org\/" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "ow2" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.ow2" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/asm.ow2.io\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "asm-tree" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "asm" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "objectweb" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "tree" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/asm.ow2.org" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "org.objectweb.asm.tree" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "J2SE-1.5" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.objectweb.asm.tree" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "Tree API of ASM, a very small and fast Java bytecode manipulation framework" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "module-requires", + "value": "org.objectweb.asm;transitive=true" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "asm-tree" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.ow2.asm" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "asm-tree" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization name", + "value": "OW2" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization url", + "value": "http:\/\/www.ow2.org\/" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "ow2" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.ow2" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/asm.ow2.io\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "9.2" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "9.2" + }, + { + "type": "version", + "confidence": "LOW", + "source": "pom", + "name": "parent-version", + "value": "9.2" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "9.2" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/org.ow2.asm\/asm-tree@9.2", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/org.ow2.asm\/asm-tree@9.2?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "asm-util-9.2.jar", + "filePath": ".m2\\repository\\org\\ow2\\asm\\asm-util\\9.2\\asm-util-9.2.jar", + "md5": "8562ac2619220b948cef931285b1e13b", + "sha1": "fbc178fc5ba3dab50fd7e8a5317b8b647c8e8946", + "sha256": "ff5b3cd331ae8a9a804768280da98f50f424fef23dd3c788bb320e08c94ee598", + "description": "Utilities for ASM, a very small and fast Java bytecode manipulation framework", + "license": "BSD-3-Clause: https:\/\/asm.ow2.io\/license.html", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "asm-util" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "asm" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "objectweb" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "util" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/asm.ow2.org" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "J2SE-1.5" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.objectweb.asm.util" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "module-requires", + "value": "org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "asm-util" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.ow2.asm" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "asm-util" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "organization name", + "value": "OW2" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "organization url", + "value": "http:\/\/www.ow2.org\/" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "ow2" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.ow2" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/asm.ow2.io\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "asm-util" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "asm" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "objectweb" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "util" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/asm.ow2.org" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "org.objectweb.asm.util" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "J2SE-1.5" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.objectweb.asm.util" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "Utilities for ASM, a very small and fast Java bytecode manipulation framework" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "module-requires", + "value": "org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "asm-util" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.ow2.asm" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "asm-util" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization name", + "value": "OW2" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization url", + "value": "http:\/\/www.ow2.org\/" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "ow2" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.ow2" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/asm.ow2.io\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "9.2" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "9.2" + }, + { + "type": "version", + "confidence": "LOW", + "source": "pom", + "name": "parent-version", + "value": "9.2" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "9.2" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/org.ow2.asm\/asm-util@9.2", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/org.ow2.asm\/asm-util@9.2?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "bcel-6.5.0.jar", + "filePath": ".m2\\repository\\org\\apache\\bcel\\bcel\\6.5.0\\bcel-6.5.0.jar", + "md5": "4de81e833dd77627809d1458b984d2fa", + "sha1": "79b1975ec0c7a6c1a15e19fb3a58cc4041b4aaea", + "sha256": "bdeb381d0d19999e221e6a0f8d8bf44f5b19c2e57eabf68b70dc098652aefaf5", + "description": "Apache Commons Bytecode Engineering Library", + "license": "Apache License, Version 2.0: http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "bcel" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "bcel" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "org.apache.bcel" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "build-jdk-spec", + "value": "1.8" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/commons.apache.org\/proper\/commons-bcel" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.apache.bcel" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Vendor", + "value": "The Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.8))\"" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "specification-vendor", + "value": "The Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "bcel" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.apache.bcel" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Apache Commons BCEL" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "organization name", + "value": "The Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "organization url", + "value": "http:\/\/www.apache.org\/" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "commons-parent" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.apache.commons" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "https:\/\/commons.apache.org\/proper\/commons-bcel" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "bcel" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "bcel" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "org.apache.bcel" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "build-jdk-spec", + "value": "1.8" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/commons.apache.org\/proper\/commons-bcel" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "Apache Commons BCEL" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.apache.bcel" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "Apache Commons BCEL" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.8))\"" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "specification-title", + "value": "Apache Commons BCEL" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "bcel" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.apache.bcel" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Apache Commons BCEL" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization name", + "value": "The Apache Software Foundation" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization url", + "value": "http:\/\/www.apache.org\/" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "commons-parent" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.apache.commons" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "https:\/\/commons.apache.org\/proper\/commons-bcel" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "6.5.0" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "6.5.0" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "6.5.0" + }, + { + "type": "version", + "confidence": "LOW", + "source": "pom", + "name": "parent-version", + "value": "6.5.0" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "6.5.0" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/org.apache.bcel\/bcel@6.5.0", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/org.apache.bcel\/bcel@6.5.0?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "cglib-2.2.2.jar", + "filePath": ".m2\\repository\\cglib\\cglib\\2.2.2\\cglib-2.2.2.jar", + "md5": "b3f681be48fce094cf01a045f5bdca6f", + "sha1": "a47a971686474124562bdd4a7ccbd8ac8c3e8b11", + "sha256": "a93e4485d274277177480c4afe6ddd8355cda1cacfe356c134e25d65193935fd", + "description": "Code generation library", + "license": "ASF 2.0: http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "cglib" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "cglib" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "cglib" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "net" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "sf" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "cglib" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "cglib" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Code Generation Library" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/cglib.sourceforge.net\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "cglib" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "cglib" + }, + { + "type": "product", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "cglib" + }, + { + "type": "product", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "sf" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "cglib" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "cglib" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Code Generation Library" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/cglib.sourceforge.net\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "2.2.2" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "2.2.2" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/cglib\/cglib@2.2.2", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/cglib\/cglib@2.2.2?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "codingstyle-2.10.0.jar", + "filePath": ".m2\\repository\\edu\\hm\\hafner\\codingstyle\\2.10.0\\codingstyle-2.10.0.jar", + "md5": "6f9dd9ce8dccf98d23d49a3919ee43cf", + "sha1": "94c92a44686bd2ea1c0f594eb3989de1cb3421b2", + "sha256": "0c27ec72d5e4d31498304082ae25ec9006bfcfa55dceac46e1455b0c9cf75ebd", + "description": "Provides all necessary resources for a Java project to enforce the coding style that I am using\n in my lectures about software development at Munich University of Applied Sciences and in all of my\n open source projects. It configures several static analysis tools for Maven and IntelliJ. Moreover,\n it provides some sample classes that already use this style guide. This classes can be used as such but are not\n required in this project. These classes also use some additional libraries that are included using the Maven\n dependency mechanism. If the sample classes are deleted then the dependencies can be safely deleted, too.\n ", + "license": "MIT license\nCreative Commons Attribution 4.0 International License", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "codingstyle" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "edu" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "hafner" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "hm" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "edu.hm.hafner.codingstyle" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "build-jdk-spec", + "value": "11" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "url", + "value": "https:\/\/github.com\/uhafner\/codingstyle" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "codingstyle" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "edu.hm.hafner" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Java coding style" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "https:\/\/www.cs.hm.edu\/die_fakultaet\/ansprechpartner\/professoren\/hafner\/index.de.html" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "codingstyle" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "edu" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "hafner" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "hm" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "edu.hm.hafner.codingstyle" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "build-jdk-spec", + "value": "11" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "url", + "value": "https:\/\/github.com\/uhafner\/codingstyle" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "codingstyle" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "edu.hm.hafner" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Java coding style" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "https:\/\/www.cs.hm.edu\/die_fakultaet\/ansprechpartner\/professoren\/hafner\/index.de.html" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "2.10.0" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "2.10.0" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/edu.hm.hafner\/codingstyle@2.10.0", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/edu.hm.hafner\/codingstyle@2.10.0?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "commons-beanutils-1.8.3.jar", + "filePath": ".m2\\repository\\commons-beanutils\\commons-beanutils\\1.8.3\\commons-beanutils-1.8.3.jar", + "md5": "b45be74134796c89db7126083129532f", + "sha1": "686ef3410bcf4ab8ce7fd0b899e832aaba5facf7", + "sha256": "e1407b81d8138fb9c1fc731b87b5e0068ddccabfbc65dee59cdb378a90c5e81a", + "description": "BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.", + "license": "http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "commons-beanutils" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "beanutils" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "commons" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/commons.apache.org\/beanutils\/" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.apache.commons.beanutils" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Vendor", + "value": "The Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Implementation-Vendor-Id", + "value": "org.apache" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "specification-vendor", + "value": "The Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "commons-beanutils" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "commons-beanutils" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Commons BeanUtils" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "commons-parent" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.apache.commons" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/commons.apache.org\/beanutils\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "commons-beanutils" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "beanutils" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "commons" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/commons.apache.org\/beanutils\/" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "Commons BeanUtils" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.apache.commons.beanutils" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "Commons BeanUtils" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "specification-title", + "value": "Commons BeanUtils" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "commons-beanutils" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "commons-beanutils" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Commons BeanUtils" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "commons-parent" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.apache.commons" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/commons.apache.org\/beanutils\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "1.8.3" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "1.8.3" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "1.8.3" + }, + { + "type": "version", + "confidence": "LOW", + "source": "pom", + "name": "parent-version", + "value": "1.8.3" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "1.8.3" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/commons-beanutils\/commons-beanutils@1.8.3", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/commons-beanutils\/commons-beanutils@1.8.3?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ], + "vulnerabilityIds": [ + { + "id": "cpe:2.3:a:apache:commons_beanutils:1.8.3:*:*:*:*:*:*:*", + "confidence": "HIGHEST", + "url": "https:\/\/nvd.nist.gov\/vuln\/search\/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Acommons_beanutils&cpe_version=cpe%3A%2F%3Aapache%3Acommons_beanutils%3A1.8.3" + } + ], + "vulnerabilities": [ + { + "source": "NVD", + "name": "CVE-2014-0114", + "severity": "HIGH", + "cvssv2": { + "score": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authenticationr": "NONE", + "confidentialImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "severity": "HIGH", + "version": "2.0", + "exploitabilityScore": "10.0", + "impactScore": "6.4" + }, + "cwes": [ + "CWE-20" + ], + "description": "Apache Commons BeanUtils, as distributed in lib\/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.", + "notes": "", + "references": [ + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477@%3Ccommits.dolphinscheduler.apache.org%3E", + "name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on issue #4506: There is a vulnerability in beanutils 1.7.0,upgrade recommended" + }, + { + "source": "MISC", + "url": "https:\/\/lists.apache.org\/thread.html\/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3Cissues.commons.apache.org%3E", + "name": "https:\/\/lists.apache.org\/thread.html\/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3Cissues.commons.apache.org%3E" + }, + { + "source": "MLIST", + "url": "http:\/\/apache-ignite-developers.2346864.n4.nabble.com\/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html", + "name": "[apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114" + }, + { + "source": "CONFIRM", + "url": "https:\/\/h20566.www2.hpe.com\/portal\/site\/hpsc\/public\/kb\/docDisplay?docId=emr_na-c05324755", + "name": "https:\/\/h20566.www2.hpe.com\/portal\/site\/hpsc\/public\/kb\/docDisplay?docId=emr_na-c05324755" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd@%3Ccommits.commons.apache.org%3E", + "name": "[commons-commits] 20190528 [commons-beanutils] branch master updated: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS by default. (#7)" + }, + { + "source": "CONFIRM", + "url": "http:\/\/advisories.mageia.org\/MGASA-2014-0219.html", + "name": "http:\/\/advisories.mageia.org\/MGASA-2014-0219.html" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f@%3Cissues.commons.apache.org%3E", + "name": "[commons-issues] 20190522 [jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883@%3Cissues.commons.apache.org%3E", + "name": "[commons-issues] 20190528 [jira] [Closed] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114" + }, + { + "source": "GENTOO", + "url": "https:\/\/security.gentoo.org\/glsa\/201607-09", + "name": "GLSA-201607-09" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c@%3Cissues.activemq.apache.org%3E", + "name": "[activemq-issues] 20190909 [jira] [Work logged] (ARTEMIS-2470) Update Apache BeanUtils to Address CVE-2014-0114" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/59430", + "name": "59430" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675972", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675972" + }, + { + "source": "FEDORA", + "url": "http:\/\/lists.fedoraproject.org\/pipermail\/package-announce\/2014-August\/136958.html", + "name": "FEDORA-2014-9380" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676110", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676110" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/59245", + "name": "59245" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40@%3Cgitbox.activemq.apache.org%3E", + "name": "[activemq-gitbox] 20190903 [GitHub] [activemq-artemis] jeloba opened a new pull request #2820: Updated Apache BeanUtils to address CVE" + }, + { + "source": "CONFIRM", + "url": "https:\/\/access.redhat.com\/solutions\/869353", + "name": "https:\/\/access.redhat.com\/solutions\/869353" + }, + { + "source": "DEBIAN", + "url": "http:\/\/www.debian.org\/security\/2014\/dsa-2940", + "name": "DSA-2940" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21674812", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21674812" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5@%3Ccommits.commons.apache.org%3E", + "name": "[commons-commits] 20190906 [commons-configuration] branch master updated: [CONFIGURATION-755][CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4." + }, + { + "source": "OSSIndex", + "url": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2018-4428296.html", + "name": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2018-4428296.html" + }, + { + "source": "OSSIndex", + "url": "https:\/\/security.netapp.com\/advisory\/ntap-20140911-0001\/", + "name": "https:\/\/security.netapp.com\/advisory\/ntap-20140911-0001\/" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21674128", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21674128" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86@%3Cdev.commons.apache.org%3E", + "name": "[commons-dev] 20190605 Re: [beanutils] Towards 1.10" + }, + { + "source": "OSSIndex", + "url": "https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1116665", + "name": "https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1116665" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg27042296", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg27042296" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675387", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675387" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675266", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675266" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/59704", + "name": "59704" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2017-3236626.html", + "name": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2017-3236626.html" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676303", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676303" + }, + { + "source": "MISC", + "url": "https:\/\/lists.apache.org\/thread.html\/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3Cissues.commons.apache.org%3E", + "name": "https:\/\/lists.apache.org\/thread.html\/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3Cissues.commons.apache.org%3E" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226@%3Cissues.commons.apache.org%3E", + "name": "[commons-issues] 20191014 [jira] [Updated] (BEANUTILS-520) Mitigate CVE-2014-0114" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/59480", + "name": "59480" + }, + { + "source": "CONFIRM", + "url": "https:\/\/issues.apache.org\/jira\/browse\/BEANUTILS-463", + "name": "https:\/\/issues.apache.org\/jira\/browse\/BEANUTILS-463" + }, + { + "source": "MISC", + "url": "https:\/\/lists.apache.org\/thread.html\/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3Cissues.commons.apache.org%3E", + "name": "https:\/\/lists.apache.org\/thread.html\/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3Cissues.commons.apache.org%3E" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E", + "name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/59479", + "name": "59479" + }, + { + "source": "HP", + "url": "http:\/\/marc.info\/?l=bugtraq&m=141451023707502&w=2", + "name": "HPSBST03160" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676375", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676375" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f@%3Cuser.commons.apache.org%3E", + "name": "[commons-user] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default." + }, + { + "source": "CONFIRM", + "url": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2016-2881722.html", + "name": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2016-2881722.html" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25@%3Cdev.commons.apache.org%3E", + "name": "[commons-dev] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default." + }, + { + "source": "HP", + "url": "http:\/\/marc.info\/?l=bugtraq&m=140801096002766&w=2", + "name": "HPSBMU03090" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/59228", + "name": "59228" + }, + { + "source": "MISC", + "url": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujul2019-5072835.html", + "name": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujul2019-5072835.html" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www.vmware.com\/security\/advisories\/VMSA-2014-0012.html", + "name": "http:\/\/www.vmware.com\/security\/advisories\/VMSA-2014-0012.html" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www.ibm.com\/support\/docview.wss?uid=swg21675496", + "name": "http:\/\/www.ibm.com\/support\/docview.wss?uid=swg21675496" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675898", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675898" + }, + { + "source": "MISC", + "url": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuapr2019-5072813.html", + "name": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuapr2019-5072813.html" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675898", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675898" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/59246", + "name": "59246" + }, + { + "source": "OSSIndex", + "url": "https:\/\/security.netapp.com\/advisory\/ntap-20180629-0006\/", + "name": "https:\/\/security.netapp.com\/advisory\/ntap-20180629-0006\/" + }, + { + "source": "CONFIRM", + "url": "https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1091938", + "name": "https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1091938" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675266", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675266" + }, + { + "source": "MLIST", + "url": "http:\/\/openwall.com\/lists\/oss-security\/2014\/07\/08\/1", + "name": "[oss-security] 20140707 Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675387", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675387" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675972", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675972" + }, + { + "source": "MISC", + "url": "https:\/\/lists.apache.org\/thread.html\/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293@%3Cissues.commons.apache.org%3E", + "name": "https:\/\/lists.apache.org\/thread.html\/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293@%3Cissues.commons.apache.org%3E" + }, + { + "source": "CONFIRM", + "url": "https:\/\/security.netapp.com\/advisory\/ntap-20140911-0001\/", + "name": "https:\/\/security.netapp.com\/advisory\/ntap-20140911-0001\/" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/58851", + "name": "58851" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21674812", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21674812" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/59718", + "name": "59718" + }, + { + "source": "OSSINDEX", + "url": "https:\/\/ossindex.sonatype.org\/vulnerability\/cc1835c0-63c3-4b0a-baa5-a3891271bf60?component-type=maven&component-name=commons-beanutils.commons-beanutils&utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0", + "name": "[CVE-2014-0114] Improper Input Validation" + }, + { + "source": "CONFIRM", + "url": "https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1116665", + "name": "https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1116665" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www.oracle.com\/technetwork\/topics\/security\/cpuoct2014-1972960.html", + "name": "http:\/\/www.oracle.com\/technetwork\/topics\/security\/cpuoct2014-1972960.html" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859@%3Cdev.commons.apache.org%3E", + "name": "[commons-dev] 20190525 Re: [beanutils2] CVE-2014-0114 Pull Request" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639@%3Ccommits.commons.apache.org%3E", + "name": "[commons-commits] 20190528 [commons-beanutils] branch master updated: [BEANUTILS-520] BeanUtils2 mitigate CVE-2014-0114." + }, + { + "source": "MISC", + "url": "https:\/\/lists.apache.org\/thread.html\/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3E", + "name": "https:\/\/lists.apache.org\/thread.html\/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3E" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujul2018-4258247.html", + "name": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujul2018-4258247.html" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f@%3Cnotifications.commons.apache.org%3E", + "name": "[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #75" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2017-3236626.html", + "name": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2017-3236626.html" + }, + { + "source": "MISC", + "url": "https:\/\/lists.apache.org\/thread.html\/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6@%3Cissues.commons.apache.org%3E", + "name": "https:\/\/lists.apache.org\/thread.html\/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6@%3Cissues.commons.apache.org%3E" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e@%3Cissues.activemq.apache.org%3E", + "name": "[activemq-issues] 20200109 [jira] [Resolved] (ARTEMIS-2470) Update Apache BeanUtils to Address CVE-2014-0114" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21674128", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21674128" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21677110", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21677110" + }, + { + "source": "HP", + "url": "http:\/\/marc.info\/?l=bugtraq&m=140119284401582&w=2", + "name": "HPSBGN03041" + }, + { + "source": "FULLDISC", + "url": "http:\/\/seclists.org\/fulldisclosure\/2014\/Dec\/23", + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities" + }, + { + "source": "MISC", + "url": "https:\/\/lists.apache.org\/thread.html\/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4@%3Cissues.commons.apache.org%3E", + "name": "https:\/\/lists.apache.org\/thread.html\/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4@%3Cissues.commons.apache.org%3E" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujul2018-4258247.html", + "name": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujul2018-4258247.html" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/57477", + "name": "57477" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a@%3Cissues.commons.apache.org%3E", + "name": "[commons-issues] 20190521 [jira] [Created] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114" + }, + { + "source": "OSSIndex", + "url": "https:\/\/h20566.www2.hpe.com\/portal\/site\/hpsc\/public\/kb\/docDisplay?docId=emr_na-c05324755", + "name": "https:\/\/h20566.www2.hpe.com\/portal\/site\/hpsc\/public\/kb\/docDisplay?docId=emr_na-c05324755" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b@%3Cannounce.apache.org%3E", + "name": "[announce] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default." + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/60177", + "name": "60177" + }, + { + "source": "MISC", + "url": "https:\/\/lists.apache.org\/thread.html\/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6@%3Cissues.commons.apache.org%3E", + "name": "https:\/\/lists.apache.org\/thread.html\/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6@%3Cissues.commons.apache.org%3E" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8@%3Cissues.commons.apache.org%3E", + "name": "[commons-issues] 20190615 [jira] [Reopened] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3@%3Cissues.commons.apache.org%3E", + "name": "[commons-issues] 20190522 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114" + }, + { + "source": "OSSIndex", + "url": "http:\/\/advisories.mageia.org\/MGASA-2014-0219.html", + "name": "http:\/\/advisories.mageia.org\/MGASA-2014-0219.html" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/59014", + "name": "59014" + }, + { + "source": "OSSIndex", + "url": "https:\/\/access.redhat.com\/solutions\/869353", + "name": "https:\/\/access.redhat.com\/solutions\/869353" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676110", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676110" + }, + { + "source": "MISC", + "url": "https:\/\/lists.apache.org\/thread.html\/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3Cissues.commons.apache.org%3E", + "name": "https:\/\/lists.apache.org\/thread.html\/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3Cissues.commons.apache.org%3E" + }, + { + "source": "CONFIRM", + "url": "http:\/\/commons.apache.org\/proper\/commons-beanutils\/javadocs\/v1.9.2\/RELEASE-NOTES.txt", + "name": "http:\/\/commons.apache.org\/proper\/commons-beanutils\/javadocs\/v1.9.2\/RELEASE-NOTES.txt" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E", + "name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4." + }, + { + "source": "CONFIRM", + "url": "http:\/\/www.oracle.com\/technetwork\/topics\/security\/cpujan2015-1972971.html", + "name": "http:\/\/www.oracle.com\/technetwork\/topics\/security\/cpujan2015-1972971.html" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478@%3Cissues.commons.apache.org%3E", + "name": "[commons-issues] 20190818 [jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21677110", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21677110" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:2995", + "name": "RHSA-2019:2995" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676091", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676091" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676931", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676931" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www.oracle.com\/technetwork\/topics\/security\/cpuoct2014-1972960.html", + "name": "http:\/\/www.oracle.com\/technetwork\/topics\/security\/cpuoct2014-1972960.html" + }, + { + "source": "MISC", + "url": "https:\/\/lists.apache.org\/thread.html\/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3Cissues.commons.apache.org%3E", + "name": "https:\/\/lists.apache.org\/thread.html\/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3Cissues.commons.apache.org%3E" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujan2018-3236628.html", + "name": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujan2018-3236628.html" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2016-2881722.html", + "name": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2016-2881722.html" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E", + "name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/60703", + "name": "60703" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www.vmware.com\/security\/advisories\/VMSA-2014-0012.html", + "name": "http:\/\/www.vmware.com\/security\/advisories\/VMSA-2014-0012.html" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/58947", + "name": "58947" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/59118", + "name": "59118" + }, + { + "source": "MISC", + "url": "https:\/\/lists.apache.org\/thread.html\/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3E", + "name": "https:\/\/lists.apache.org\/thread.html\/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3E" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675689", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675689" + }, + { + "source": "CONFIRM", + "url": "https:\/\/security.netapp.com\/advisory\/ntap-20180629-0006\/", + "name": "https:\/\/security.netapp.com\/advisory\/ntap-20180629-0006\/" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3Csolr-user.lucene.apache.org%3E", + "name": "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/59464", + "name": "59464" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0@%3Cissues.commons.apache.org%3E", + "name": "[commons-issues] 20190615 [jira] [Resolved] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E", + "name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4." + }, + { + "source": "CONFIRM", + "url": "http:\/\/www.oracle.com\/technetwork\/topics\/security\/cpujul2014-1972956.html", + "name": "http:\/\/www.oracle.com\/technetwork\/topics\/security\/cpujul2014-1972956.html" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www.ibm.com\/support\/docview.wss?uid=swg21675496", + "name": "http:\/\/www.ibm.com\/support\/docview.wss?uid=swg21675496" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675689", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21675689" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www.vmware.com\/security\/advisories\/VMSA-2014-0008.html", + "name": "http:\/\/www.vmware.com\/security\/advisories\/VMSA-2014-0008.html" + }, + { + "source": "MISC", + "url": "https:\/\/lists.apache.org\/thread.html\/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3Cissues.commons.apache.org%3E", + "name": "https:\/\/lists.apache.org\/thread.html\/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3Cissues.commons.apache.org%3E" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346@%3Cissues.commons.apache.org%3E", + "name": "[commons-issues] 20190528 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676375", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676375" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www.oracle.com\/technetwork\/topics\/security\/cpujul2014-1972956.html", + "name": "http:\/\/www.oracle.com\/technetwork\/topics\/security\/cpujul2014-1972956.html" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujan2018-3236628.html", + "name": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujan2018-3236628.html" + }, + { + "source": "OSSIndex", + "url": "https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1091938", + "name": "https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1091938" + }, + { + "source": "CONFIRM", + "url": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujan2019-5072801.html", + "name": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujan2019-5072801.html" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www.vmware.com\/security\/advisories\/VMSA-2014-0008.html", + "name": "http:\/\/www.vmware.com\/security\/advisories\/VMSA-2014-0008.html" + }, + { + "source": "MANDRIVA", + "url": "http:\/\/www.mandriva.com\/security\/advisories?name=MDVSA-2014:095", + "name": "MDVSA-2014:095" + }, + { + "source": "OSSIndex", + "url": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujan2019-5072801.html", + "name": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujan2019-5072801.html" + }, + { + "source": "SECUNIA", + "url": "http:\/\/secunia.com\/advisories\/58710", + "name": "58710" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30@%3Cissues.activemq.apache.org%3E", + "name": "[activemq-issues] 20190904 [jira] [Created] (ARTEMIS-2470) Update Apache BeanUtils to Address CVE-2014-0114" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E", + "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", + "name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www.oracle.com\/technetwork\/topics\/security\/cpujan2015-1972971.html", + "name": "http:\/\/www.oracle.com\/technetwork\/topics\/security\/cpujan2015-1972971.html" + }, + { + "source": "BID", + "url": "http:\/\/www.securityfocus.com\/bid\/67121", + "name": "67121" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1@%3Cdev.commons.apache.org%3E", + "name": "[commons-dev] 20190522 [beanutils2] CVE-2014-0114 Pull Request" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a@%3Cissues.commons.apache.org%3E", + "name": "[commons-issues] 20190615 [jira] [Updated] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg27042296", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg27042296" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676931", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676931" + }, + { + "source": "BUGTRAQ", + "url": "http:\/\/www.securityfocus.com\/archive\/1\/534161\/100\/0\/threaded", + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities" + }, + { + "source": "MISC", + "url": "https:\/\/lists.apache.org\/thread.html\/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3Cissues.commons.apache.org%3E", + "name": "https:\/\/lists.apache.org\/thread.html\/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3Cissues.commons.apache.org%3E" + }, + { + "source": "OSSIndex", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676303", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676303" + }, + { + "source": "MLIST", + "url": "http:\/\/openwall.com\/lists\/oss-security\/2014\/06\/15\/10", + "name": "[oss-security] 20140616 CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:2669", + "name": "RHSA-2018:2669" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2018-4428296.html", + "name": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2018-4428296.html" + }, + { + "source": "OSSIndex", + "url": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-0114", + "name": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-0114" + }, + { + "source": "OSSIndex", + "url": "http:\/\/commons.apache.org\/proper\/commons-beanutils\/javadocs\/v1.9.2\/RELEASE-NOTES.txt", + "name": "http:\/\/commons.apache.org\/proper\/commons-beanutils\/javadocs\/v1.9.2\/RELEASE-NOTES.txt" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3@%3Cnotifications.commons.apache.org%3E", + "name": "[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #74" + }, + { + "source": "CONFIRM", + "url": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676091", + "name": "http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21676091" + }, + { + "source": "OSSIndex", + "url": "https:\/\/issues.apache.org\/jira\/browse\/BEANUTILS-463", + "name": "https:\/\/issues.apache.org\/jira\/browse\/BEANUTILS-463" + } + ], + "vulnerableSoftware": [ + { + "software": { + "id": "cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*", + "vulnerabilityIdMatched": "true", + "versionEndIncluding": "1.9.1" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.0.2:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.1:b1:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.1:b2:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.1:b3:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.1:rc1:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.1:rc2:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.2.2:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.2.4:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.2.6:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.2.7:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.2.8:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.2.9:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.3.5:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.3.8:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:struts:1.3.10:*:*:*:*:*:*:*" + } + } + ] + }, + { + "source": "NVD", + "name": "CVE-2019-10086", + "severity": "HIGH", + "cvssv2": { + "score": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authenticationr": "NONE", + "confidentialImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "severity": "HIGH", + "version": "2.0", + "exploitabilityScore": "10.0", + "impactScore": "6.4" + }, + "cvssv3": { + "baseScore": 7.3, + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseSeverity": "HIGH", + "exploitabilityScore": "3.9", + "impactScore": "3.4", + "version": "3.1" + }, + "cwes": [ + "CWE-502" + ], + "description": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.", + "notes": "", + "references": [ + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b@%3Ccommits.nifi.apache.org%3E", + "name": "[nifi-commits] 20210907 [nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin." + }, + { + "source": "MISC", + "url": "https:\/\/www.oracle.com\/security-alerts\/cpujan2021.html", + "name": "https:\/\/www.oracle.com\/security-alerts\/cpujan2021.html" + }, + { + "source": "FEDORA", + "url": "https:\/\/lists.fedoraproject.org\/archives\/list\/package-announce@lists.fedoraproject.org\/message\/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO\/", + "name": "FEDORA-2019-79b5790566" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2020:0805", + "name": "RHSA-2020:0805" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58@%3Cdev.atlas.apache.org%3E", + "name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086" + }, + { + "source": "N\/A", + "url": "https:\/\/www.oracle.com\/security-alerts\/cpuapr2020.html", + "name": "N\/A" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e@%3Cissues.nifi.apache.org%3E", + "name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c@%3Cdev.atlas.apache.org%3E", + "name": "[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe@%3Cissues.nifi.apache.org%3E", + "name": "[nifi-issues] 20210907 [GitHub] [nifi] asfgit closed pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E", + "name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix" + }, + { + "source": "OSSINDEX", + "url": "https:\/\/ossindex.sonatype.org\/vulnerability\/9dd388b6-e51b-4261-9a0d-76f9aeb4f153?component-type=maven&component-name=commons-beanutils.commons-beanutils&utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0", + "name": "[CVE-2019-10086] In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added wh..." + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E", + "name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4." + }, + { + "source": "MLIST", + "url": "http:\/\/mail-archives.apache.org\/mod_mbox\/www-announce\/201908.mbox\/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e", + "name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default." + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E", + "name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f@%3Cdev.atlas.apache.org%3E", + "name": "[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086" + }, + { + "source": "OSSIndex", + "url": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-10086", + "name": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-10086" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" + }, + { + "source": "MISC", + "url": "https:\/\/www.oracle.com\/security-alerts\/cpuApr2021.html", + "name": "https:\/\/www.oracle.com\/security-alerts\/cpuApr2021.html" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E", + "name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098@%3Cissues.nifi.apache.org%3E", + "name": "[nifi-issues] 20210827 [GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534@%3Cissues.nifi.apache.org%3E", + "name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2020:0811", + "name": "RHSA-2020:0811" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" + }, + { + "source": "MISC", + "url": "https:\/\/www.oracle.com\/security-alerts\/cpujul2020.html", + "name": "https:\/\/www.oracle.com\/security-alerts\/cpujul2020.html" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1@%3Cissues.nifi.apache.org%3E", + "name": "[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086" + }, + { + "source": "SUSE", + "url": "http:\/\/lists.opensuse.org\/opensuse-security-announce\/2019-09\/msg00007.html", + "name": "openSUSE-SU-2019:2058" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2020:0057", + "name": "RHSA-2020:0057" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2020:0804", + "name": "RHSA-2020:0804" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825@%3Ccommits.dolphinscheduler.apache.org%3E", + "name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E", + "name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db@%3Cdev.rocketmq.apache.org%3E", + "name": "[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E", + "name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4." + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba@%3Ccommits.atlas.apache.org%3E", + "name": "[atlas-commits] 20201023 [atlas] 01\/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1@%3Cdev.atlas.apache.org%3E", + "name": "[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2020:0806", + "name": "RHSA-2020:0806" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E", + "name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix" + }, + { + "source": "N\/A", + "url": "https:\/\/www.oracle.com\/\/security-alerts\/cpujul2021.html", + "name": "N\/A" + }, + { + "source": "MISC", + "url": "https:\/\/www.oracle.com\/security-alerts\/cpujan2020.html", + "name": "https:\/\/www.oracle.com\/security-alerts\/cpujan2020.html" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E", + "name": "[brooklyn-dev] 20200420 [GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E", + "name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E", + "name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997@%3Cissues.nifi.apache.org%3E", + "name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2020:0194", + "name": "RHSA-2020:0194" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E", + "name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4@%3Cdev.atlas.apache.org%3E", + "name": "[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2@%3Cissues.nifi.apache.org%3E", + "name": "[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957@%3Cissues.nifi.apache.org%3E", + "name": "[nifi-issues] 20210908 [GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c@%3Ccommits.dolphinscheduler.apache.org%3E", + "name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E", + "name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" + }, + { + "source": "MISC", + "url": "https:\/\/www.oracle.com\/security-alerts\/cpuoct2021.html", + "name": "https:\/\/www.oracle.com\/security-alerts\/cpuoct2021.html" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:4317", + "name": "RHSA-2019:4317" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.debian.org\/debian-lts-announce\/2019\/08\/msg00030.html", + "name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update" + }, + { + "source": "FEDORA", + "url": "https:\/\/lists.fedoraproject.org\/archives\/list\/package-announce@lists.fedoraproject.org\/message\/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF\/", + "name": "FEDORA-2019-bcad44b5d6" + } + ], + "vulnerableSoftware": [ + { + "software": { + "id": "cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*", + "vulnerabilityIdMatched": "true", + "versionStartIncluding": "1.0", + "versionEndIncluding": "1.9.3" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:nifi:1.14.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:apache:nifi:1.15.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:e-business_suite:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:sap:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:sap:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3.0.9:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.4.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.9.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.6.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.4.0.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:fusion_middleware:11.1.1.9:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:healthcare_foundation:7.1.5:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:healthcare_foundation:7.3.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:healthcare_foundation:8.0.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:insurance_data_gateway:1.0.2.3:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.5.3" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.3:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.5.3" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.2.0", + "versionEndIncluding": "16.2.11" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.12.0", + "versionEndIncluding": "17.12.6" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:real-time_decisions_solutions:3.2.0.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_merchandising_system:5.0.3.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_price_management:14.0.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:solaris_cluster:4.4:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.3.0.1.0", + "versionEndIncluding": "4.3.0.6.0" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*" + } + } + ] + } + ] + }, + { + "isVirtual": false, + "fileName": "commons-digester3-3.2.jar", + "filePath": ".m2\\repository\\org\\apache\\commons\\commons-digester3\\3.2\\commons-digester3-3.2.jar", + "md5": "41d2c62c7aedafa7a3627794abc83f71", + "sha1": "c3f68c5ff25ec5204470fd8fdf4cb8feff5e8a79", + "sha256": "1c150e3d2df4b4237b47e28fea2079fb0da324578d5cca6a5fed2e37a62082ec", + "description": "\n The Apache Commons Digester package lets you configure an XML to Java\n object mapping module which triggers certain actions called rules whenever\n a particular pattern of nested XML elements is recognized.\n ", + "license": "http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "commons-digester3" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "commons" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "digester" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "digester3" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "rules" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/commons.apache.org\/digester\/" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.apache.commons.digester" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "implementation-build", + "value": "tags\/DIGESTER3_3_2_RC2@r1212807; 2011-12-10 15:57:06+0100" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Vendor", + "value": "The Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Implementation-Vendor-Id", + "value": "org.apache" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "specification-vendor", + "value": "The Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "commons-digester3" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.apache.commons" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Apache Commons Digester" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "commons-parent" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/commons.apache.org\/digester\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "commons-digester3" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "commons" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "digester" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "digester3" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "rules" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/commons.apache.org\/digester\/" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "Apache Commons Digester" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.apache.commons.digester" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "implementation-build", + "value": "tags\/DIGESTER3_3_2_RC2@r1212807; 2011-12-10 15:57:06+0100" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "Apache Commons Digester" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "specification-title", + "value": "Apache Commons Digester" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "commons-digester3" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.apache.commons" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Apache Commons Digester" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "commons-parent" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/commons.apache.org\/digester\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "3.2" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "3.2" + }, + { + "type": "version", + "confidence": "LOW", + "source": "pom", + "name": "parent-version", + "value": "3.2" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "3.2" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/org.apache.commons\/commons-digester3@3.2", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/org.apache.commons\/commons-digester3@3.2?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "commons-io-2.11.0.jar", + "filePath": ".m2\\repository\\commons-io\\commons-io\\2.11.0\\commons-io-2.11.0.jar", + "md5": "3b4b7ccfaeceeac240b804839ee1a1ca", + "sha1": "a2503f302b11ebde7ebc3df41daebe0e4eea3689", + "sha256": "961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908", + "description": "\nThe Apache Commons IO library contains utility classes, stream implementations, file filters,\nfile comparators, endian transformation classes, and much more.\n ", + "license": "https:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "commons-io" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "commons" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "file" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "io" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "org.apache.commons.io" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "build-jdk-spec", + "value": "1.8" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/commons.apache.org\/proper\/commons-io\/" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.apache.commons.commons-io" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Vendor", + "value": "The Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.8))\"" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "specification-vendor", + "value": "The Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "commons-io" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "commons-io" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Apache Commons IO" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "commons-parent" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.apache.commons" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "https:\/\/commons.apache.org\/proper\/commons-io\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "commons-io" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "commons" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "file" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "io" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "org.apache.commons.io" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "build-jdk-spec", + "value": "1.8" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/commons.apache.org\/proper\/commons-io\/" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "Apache Commons IO" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.apache.commons.commons-io" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "Apache Commons IO" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.8))\"" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "specification-title", + "value": "Apache Commons IO" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "commons-io" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "commons-io" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Apache Commons IO" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "commons-parent" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.apache.commons" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "https:\/\/commons.apache.org\/proper\/commons-io\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "2.11.0" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "2.11.0" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "2.11.0" + }, + { + "type": "version", + "confidence": "LOW", + "source": "pom", + "name": "parent-version", + "value": "2.11.0" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "2.11.0" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/commons-io\/commons-io@2.11.0", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/commons-io\/commons-io@2.11.0?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ], + "vulnerabilityIds": [ + { + "id": "cpe:2.3:a:apache:commons_io:2.11.0:*:*:*:*:*:*:*", + "confidence": "HIGHEST", + "url": "https:\/\/nvd.nist.gov\/vuln\/search\/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Acommons_io&cpe_version=cpe%3A%2F%3Aapache%3Acommons_io%3A2.11.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "commons-lang3-3.12.0.jar", + "filePath": ".m2\\repository\\org\\apache\\commons\\commons-lang3\\3.12.0\\commons-lang3-3.12.0.jar", + "md5": "19fe50567358922bdad277959ea69545", + "sha1": "c6842c86792ff03b9f1d1fe2aab8dc23aa6c6f0e", + "sha256": "d919d904486c037f8d193412da0c92e22a9fa24230b9d67a57855c5c31c7e94e", + "description": "\n Apache Commons Lang, a package of Java utility classes for the\n classes that are in java.lang's hierarchy, or are considered to be so\n standard as to justify existence in java.lang.\n ", + "license": "https:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "commons-lang3" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "commons" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "lang3" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "org.apache.commons.lang3" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "build-jdk-spec", + "value": "1.8" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/commons.apache.org\/proper\/commons-lang\/" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.apache.commons.lang3" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Vendor", + "value": "The Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.8))\"" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "specification-vendor", + "value": "The Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "commons-lang3" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.apache.commons" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Apache Commons Lang" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "commons-parent" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "https:\/\/commons.apache.org\/proper\/commons-lang\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "commons-lang3" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "commons" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "lang3" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "org.apache.commons.lang3" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "build-jdk-spec", + "value": "1.8" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/commons.apache.org\/proper\/commons-lang\/" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "Apache Commons Lang" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.apache.commons.lang3" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "Apache Commons Lang" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.8))\"" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "specification-title", + "value": "Apache Commons Lang" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "commons-lang3" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.apache.commons" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Apache Commons Lang" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "commons-parent" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "https:\/\/commons.apache.org\/proper\/commons-lang\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "3.12.0" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "3.12.0" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "3.12.0" + }, + { + "type": "version", + "confidence": "LOW", + "source": "pom", + "name": "parent-version", + "value": "3.12.0" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "3.12.0" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/org.apache.commons\/commons-lang3@3.12.0", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/org.apache.commons\/commons-lang3@3.12.0?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "commons-logging-1.1.1.jar", + "filePath": ".m2\\repository\\commons-logging\\commons-logging\\1.1.1\\commons-logging-1.1.1.jar", + "md5": "ed448347fc0104034aa14c8189bf37de", + "sha1": "5043bfebc3db072ed80fbd362e7caf00e885d8ae", + "sha256": "ce6f913cad1f0db3aad70186d65c5bc7ffcc9a99e3fe8e0b137312819f7c362f", + "description": "Commons Logging is a thin adapter allowing configurable bridging to other,\n well known logging systems.", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "commons-logging" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "commons" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "logging" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "extension-name", + "value": "org.apache.commons.logging" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Implementation-Vendor-Id", + "value": "org.apache" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "specification-vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "commons-logging" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "commons-logging" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Commons Logging" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "commons-parent" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.apache.commons" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/commons.apache.org\/logging" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "commons-logging" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "commons" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "logging" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "extension-name", + "value": "org.apache.commons.logging" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "Jakarta Commons Logging" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "specification-title", + "value": "Jakarta Commons Logging" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "commons-logging" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "commons-logging" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Commons Logging" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "commons-parent" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "org.apache.commons" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/commons.apache.org\/logging" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "1.1.1" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "1.1.1" + }, + { + "type": "version", + "confidence": "LOW", + "source": "pom", + "name": "parent-version", + "value": "1.1.1" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "1.1.1" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/commons-logging\/commons-logging@1.1.1", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/commons-logging\/commons-logging@1.1.1?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "commons-text-1.9.jar", + "filePath": ".m2\\repository\\org\\apache\\commons\\commons-text\\1.9\\commons-text-1.9.jar", + "md5": "c1c130c369aa86bfe4f7a7a920bc0223", + "sha1": "ba6ac8c2807490944a0a27f6f8e68fb5ed2e80e2", + "sha256": "0812f284ac5dd0d617461d9a2ab6ac6811137f25122dfffd4788a4871e732d00", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "license": "https:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "commons-text" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "commons" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "text" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "org.apache.commons.text" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "build-jdk-spec", + "value": "1.8" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/commons.apache.org\/proper\/commons-text" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.apache.commons.commons-text" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Vendor", + "value": "The Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.8))\"" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "specification-vendor", + "value": "The Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "commons-text" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.apache.commons" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Apache Commons Text" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "commons-parent" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "https:\/\/commons.apache.org\/proper\/commons-text" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "commons-text" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "commons" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "text" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "org.apache.commons.text" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "build-jdk-spec", + "value": "1.8" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/commons.apache.org\/proper\/commons-text" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "Apache Commons Text" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.apache.commons.commons-text" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "Apache Commons Text" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.8))\"" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "specification-title", + "value": "Apache Commons Text" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "commons-text" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.apache.commons" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Apache Commons Text" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "commons-parent" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "https:\/\/commons.apache.org\/proper\/commons-text" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "1.9" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "1.9" + }, + { + "type": "version", + "confidence": "LOW", + "source": "pom", + "name": "parent-version", + "value": "1.9" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "1.9" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/org.apache.commons\/commons-text@1.9", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/org.apache.commons\/commons-text@1.9?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "dom4j-2.1.3.jar", + "filePath": ".m2\\repository\\org\\dom4j\\dom4j\\2.1.3\\dom4j-2.1.3.jar", + "md5": "41efcf234c5a05a8c590f9b51d53ca66", + "sha1": "a75914155a9f5808963170ec20653668a2ffd2fd", + "sha256": "549f3007c6290f6a901e57d1d331b4ed0e6bf7384f78bf10316ffceeca834de6", + "description": "flexible XML framework for Java", + "license": "BSD 3-clause New License: https:\/\/github.com\/dom4j\/dom4j\/blob\/master\/LICENSE", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "dom4j" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "dom4j" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "dom4j" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "dom4j" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.dom4j" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "dom4j" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/dom4j.github.io\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "dom4j" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "dom4j" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "dom4j" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.dom4j" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "dom4j" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/dom4j.github.io\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "2.1.3" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "2.1.3" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/org.dom4j\/dom4j@2.1.3", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/org.dom4j\/dom4j@2.1.3?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ], + "vulnerabilityIds": [ + { + "id": "cpe:2.3:a:dom4j_project:dom4j:2.1.3:*:*:*:*:*:*:*", + "confidence": "HIGHEST", + "url": "https:\/\/nvd.nist.gov\/vuln\/search\/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Adom4j_project&cpe_product=cpe%3A%2F%3Adom4j_project%3Adom4j&cpe_version=cpe%3A%2F%3Adom4j_project%3Adom4j%3A2.1.3" + } + ] + }, + { + "isVirtual": false, + "fileName": "error_prone_annotations-2.9.0.jar", + "filePath": ".m2\\repository\\com\\google\\errorprone\\error_prone_annotations\\2.9.0\\error_prone_annotations-2.9.0.jar", + "md5": "682f270f253a5f96458b5ebcb25e62a9", + "sha1": "74fe3b8b4f3fc84dc940d0ca4c4b270dbc902764", + "sha256": "f947bdc33ae27a6b4aa44799e6c21e1944797bd0010ba43eb82d11446e163694", + "license": "Apache 2.0: http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "error_prone_annotations" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "annotations" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "errorprone" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "google" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "com.google.errorprone.annotations" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "error_prone_annotations" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.google.errorprone" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "error-prone annotations" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "error_prone_parent" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "error_prone_annotations" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "annotations" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "errorprone" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "google" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "com.google.errorprone.annotations" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "error_prone_annotations" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.google.errorprone" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "error-prone annotations" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "error_prone_parent" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "2.9.0" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "2.9.0" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/com.google.errorprone\/error_prone_annotations@2.9.0", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/com.google.errorprone\/error_prone_annotations@2.9.0?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "gson-2.8.9.jar", + "filePath": ".m2\\repository\\com\\google\\code\\gson\\gson\\2.8.9\\gson-2.8.9.jar", + "md5": "e67627f67e03301092dc7de0a2d7cef8", + "sha1": "8a432c1d6825781e21a02db2e2c33c5fde2833b9", + "sha256": "d3999291855de495c94c743761b8ab5176cfeabe281a5ab0d8e8d45326fd703e", + "description": "Gson JSON library", + "license": "Apache-2.0: https:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "gson" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "google" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "gson" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "build-jdk-spec", + "value": "11" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-contactaddress", + "value": "https:\/\/github.com\/google\/gson" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/github.com\/google\/gson\/gson" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "JavaSE-1.6, JavaSE-1.7, JavaSE-1.8" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "com.google.gson" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.6))\"" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "gson" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.google.code.gson" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Gson" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "gson-parent" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "gson" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "google" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "gson" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "build-jdk-spec", + "value": "11" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-contactaddress", + "value": "https:\/\/github.com\/google\/gson" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/github.com\/google\/gson\/gson" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "Gson" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "JavaSE-1.6, JavaSE-1.7, JavaSE-1.8" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "com.google.gson" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.6))\"" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "gson" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.google.code.gson" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Gson" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "gson-parent" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "2.8.9" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "2.8.9" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "2.8.9" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/com.google.code.gson\/gson@2.8.9", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/com.google.code.gson\/gson@2.8.9?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "j2html-1.4.0.jar", + "filePath": ".m2\\repository\\com\\j2html\\j2html\\1.4.0\\j2html-1.4.0.jar", + "md5": "ee3e8801cbdf530b42f9807faffed02c", + "sha1": "75078093f78d7c7fed8a1fc88a6c70cb2ac67898", + "sha256": "d93613e6ee26c374214a43ad11eee3113a05d06db3be0392aedf5b817aabe14b", + "description": "Java to HTML builder with a fluent API", + "license": "The Apache Software License, Version 2.0: http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "j2html" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "j2html" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "com.j2html" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.8))\"" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "j2html" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.j2html" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "j2html" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/j2html.com" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "j2html" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "j2html" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "j2html" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "com.j2html" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.8))\"" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "j2html" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.j2html" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "j2html" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/j2html.com" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "1.4.0" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "1.4.0" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "1.4.0" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/com.j2html\/j2html@1.4.0", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/com.j2html\/j2html@1.4.0?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "javax.annotation-api-1.3.2.jar", + "filePath": ".m2\\repository\\javax\\annotation\\javax.annotation-api\\1.3.2\\javax.annotation-api-1.3.2.jar", + "md5": "2ab1973eefffaa2aeec47d50b9e40b9d", + "sha1": "934c04d3cfef185a8008e7bf34331b79730a9d43", + "sha256": "e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b", + "description": "Common Annotations for the JavaTM Platform API", + "license": "CDDL + GPLv2 with classpath exception: https:\/\/github.com\/javaee\/javax.annotation\/blob\/master\/LICENSE", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "javax.annotation-api" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "annotation" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "javax" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "java.annotation" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/javaee.github.io\/glassfish" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "javax.annotation-api" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "extension-name", + "value": "javax.annotation" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Vendor", + "value": "GlassFish Community" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Implementation-Vendor-Id", + "value": "org.glassfish" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "specification-vendor", + "value": "Oracle Corporation" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "javax.annotation-api" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "javax.annotation" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "${extension.name} API" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "organization name", + "value": "GlassFish Community" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "organization url", + "value": "https:\/\/javaee.github.io\/glassfish" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "jvnet-parent" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "net.java" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/jcp.org\/en\/jsr\/detail?id=250" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "javax.annotation-api" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "annotation" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "javax" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "java.annotation" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/javaee.github.io\/glassfish" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "javax.annotation API" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "javax.annotation-api" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "extension-name", + "value": "javax.annotation" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "javax.annotation-api" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "javax.annotation" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "${extension.name} API" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization name", + "value": "GlassFish Community" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization url", + "value": "https:\/\/javaee.github.io\/glassfish" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "jvnet-parent" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "net.java" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/jcp.org\/en\/jsr\/detail?id=250" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "1.3.2" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "1.3.2" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "1.3.2" + }, + { + "type": "version", + "confidence": "LOW", + "source": "pom", + "name": "parent-version", + "value": "1.3.2" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "1.3.2" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/javax.annotation\/javax.annotation-api@1.3.2", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/javax.annotation\/javax.annotation-api@1.3.2?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "jaxen-1.2.0.jar", + "filePath": ".m2\\repository\\jaxen\\jaxen\\1.2.0\\jaxen-1.2.0.jar", + "md5": "c32cf69356254b8f5050fce6e86358e9", + "sha1": "c10535a925bd35129a4329bc75065cc6b5293f2c", + "sha256": "70feef9dd75ad064def05a3ce8975aeba515ee7d1be146d12199c8828a64174c", + "description": "Jaxen is a universal XPath engine for Java.", + "license": "BSD License 2.0: https:\/\/raw.githubusercontent.com\/jaxen-xpath\/jaxen\/master\/LICENSE.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:runtime" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "jaxen" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "jaxen" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xpath" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/www.cafeconleche.org\/jaxen" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "jaxen" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "jaxen" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "jaxen" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "jaxen" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "organization name", + "value": "The Jaxen Project" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "organization url", + "value": "http:\/\/www.cafeconleche.org\/jaxen" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/www.cafeconleche.org\/jaxen" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "jaxen" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "jaxen" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xpath" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/www.cafeconleche.org\/jaxen" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "jaxen" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "jaxen" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "jaxen" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "jaxen" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "jaxen" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization name", + "value": "The Jaxen Project" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization url", + "value": "http:\/\/www.cafeconleche.org\/jaxen" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/www.cafeconleche.org\/jaxen" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "1.2.0" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "1.2.0" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "1.2.0" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/jaxen\/jaxen@1.2.0", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/jaxen\/jaxen@1.2.0?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "jcip-annotations-1.0.jar", + "filePath": ".m2\\repository\\net\\jcip\\jcip-annotations\\1.0\\jcip-annotations-1.0.jar", + "md5": "9d5272954896c5a5d234f66b7372b17a", + "sha1": "afba4942caaeaf46aab0b976afd57cc7c181467e", + "sha256": "be5805392060c71474bf6c9a67a099471274d30b83eef84bfc4e0889a4f1dcc0", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "jcip-annotations" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "annotations" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "annotations" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "jcip" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "jcip" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "net" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "net" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "jcip-annotations" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "net.jcip" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "\"Java Concurrency in Practice\" book annotations" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/jcip.net\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "jcip-annotations" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "annotations" + }, + { + "type": "product", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "annotations" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "jcip" + }, + { + "type": "product", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "jcip" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "net" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "jcip-annotations" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "net.jcip" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "\"Java Concurrency in Practice\" book annotations" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/jcip.net\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "1.0" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "1.0" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/net.jcip\/jcip-annotations@1.0", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/net.jcip\/jcip-annotations@1.0?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "jcommander-1.48.jar", + "filePath": ".m2\\repository\\com\\beust\\jcommander\\1.48\\jcommander-1.48.jar", + "md5": "7a84fb4b01f46c904bd549e67e6c48a1", + "sha1": "bfcb96281ea3b59d626704f74bc6d625ff51cbce", + "sha256": "a7313fcfde070930e40ec79edf3c5948cf34e4f0d25cb3a09f9963d8bdd84113", + "description": "A Java framework to parse command line options with annotations.", + "license": "The Apache Software License, Version 2.0: http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "jcommander" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "beust" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "jcommander" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "com.beust.jcommander" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "jcommander" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.beust" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "JCommander" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/beust.com\/jcommander" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "jcommander" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "beust" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "jcommander" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "JCommander" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "com.beust.jcommander" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "jcommander" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.beust" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "JCommander" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/beust.com\/jcommander" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "1.48" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "1.48" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/com.beust\/jcommander@1.48", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/com.beust\/jcommander@1.48?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "json-20210307.jar", + "filePath": ".m2\\repository\\org\\json\\json\\20210307\\json-20210307.jar", + "md5": "f73834fd29b71806597a4c6ace15170a", + "sha1": "528c8df3757e8bcf151817b1d7b9b434f6aa08d5", + "sha256": "e2c55b1fc13ce0f9b227a4981ee44157ca2c68616bc71f058ff83acaa632876e", + "description": "\n JSON is a light-weight, language independent, data interchange format.\n See http:\/\/www.JSON.org\/\n\n The files in this package implement JSON encoders\/decoders in Java.\n It also includes the capability to convert between JSON and XML, HTTP\n headers, Cookies, and CDL.\n\n This is a reference implementation. There is a large number of JSON packages\n in Java. Perhaps someday the Java community will standardize on one. Until\n then, choose carefully.\n\n The license includes this restriction: \"The software shall be used for good,\n not evil.\" If your conscience cannot live with that, then choose a different\n package.\n ", + "license": "The JSON License: http:\/\/json.org\/license.html", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "json-20210307" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "cdl" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "http" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "json" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xml" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "org.json" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "json" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.6))\"" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "json" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.json" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "JSON in Java" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "douglascrockford\/JSON-java" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "json-20210307" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "cdl" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "http" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "json" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xml" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "org.json" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "JSON in Java" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "json" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.6))\"" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "json" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.json" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "JSON in Java" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "url", + "value": "douglascrockford\/JSON-java" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "MEDIUM", + "source": "file", + "name": "version", + "value": "20210307" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "20210307" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/org.json\/json@20210307", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/org.json\/json@20210307?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "json-smart-2.4.7.jar", + "filePath": ".m2\\repository\\net\\minidev\\json-smart\\2.4.7\\json-smart-2.4.7.jar", + "md5": "f04005088df03f6efac608a7a5d53cd1", + "sha1": "8d7f4c1530c07c54930935f3da85f48b83b3c109", + "sha256": "28c17ed16ac22e6845743fd1e84321edf5d7735fc216e44ee269d106bf3d8146", + "description": "JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.", + "license": "The Apache Software License, Version 2.0: http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "json-smart" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "json" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "minidev" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "net" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "parser" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/urielch.github.io\/" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "net.minidev.json-smart" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.8))\"" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "json-smart" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "net.minidev" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "JSON Small and Fast Parser" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "organization name", + "value": "Chemouni Uriel" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "organization url", + "value": "https:\/\/urielch.github.io\/" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "https:\/\/urielch.github.io\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "json-smart" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "json" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "minidev" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "net" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "parser" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "https:\/\/urielch.github.io\/" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "json-smart" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "net.minidev.json-smart" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.8))\"" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "json-smart" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "net.minidev" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "JSON Small and Fast Parser" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization name", + "value": "Chemouni Uriel" + }, + { + "type": "product", + "confidence": "LOW", + "source": "pom", + "name": "organization url", + "value": "https:\/\/urielch.github.io\/" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "https:\/\/urielch.github.io\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "2.4.7" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "2.4.7" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "2.4.7" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/net.minidev\/json-smart@2.4.7", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/net.minidev\/json-smart@2.4.7?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ], + "vulnerabilityIds": [ + { + "id": "cpe:2.3:a:json-smart_project:json-smart-v2:2.4.7:*:*:*:*:*:*:*", + "confidence": "LOW" + }, + { + "id": "cpe:2.3:a:json_smart_project:json_smart:2.4.7:*:*:*:*:*:*:*", + "confidence": "HIGHEST", + "url": "https:\/\/nvd.nist.gov\/vuln\/search\/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajson_smart_project&cpe_product=cpe%3A%2F%3Ajson_smart_project%3Ajson_smart&cpe_version=cpe%3A%2F%3Ajson_smart_project%3Ajson_smart%3A2.4.7" + } + ] + }, + { + "isVirtual": false, + "fileName": "jsr305-3.0.2.jar", + "filePath": ".m2\\repository\\com\\google\\code\\findbugs\\jsr305\\3.0.2\\jsr305-3.0.2.jar", + "md5": "dd83accb899363c32b07d7a1b2e4ce40", + "sha1": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d", + "sha256": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7", + "description": "JSR305 Annotations for Findbugs", + "license": "The Apache Software License, Version 2.0: http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "jsr305" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.jsr-305" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "jsr305" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.google.code.findbugs" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "FindBugs-jsr305" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/findbugs.sourceforge.net\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "jsr305" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "FindBugs-jsr305" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "org.jsr-305" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "jsr305" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.google.code.findbugs" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "FindBugs-jsr305" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/findbugs.sourceforge.net\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "3.0.2" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "3.0.2" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "3.0.2" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/com.google.code.findbugs\/jsr305@3.0.2", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/com.google.code.findbugs\/jsr305@3.0.2?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "package.json", + "filePath": "IdeaProjects\\jenkins-analysis-model\\package.json", + "md5": "2ba836492384c612767c5e60414da723", + "sha1": "23007d90adafa577976478cda95cc391aef0a7af", + "sha256": "2ed72e2aa6214995d2ff8bb0ba4bd101f6a6905f8e0df253b7b2b5a3ce2d9a48", + "projectReferences": [ + "Static Analysis Model and Parsers" + ], + "evidenceCollected": { + "vendorEvidence": [], + "productEvidence": [], + "versionEvidence": [] + } + }, + { + "isVirtual": false, + "fileName": "pmd-core-6.40.0.jar", + "filePath": ".m2\\repository\\net\\sourceforge\\pmd\\pmd-core\\6.40.0\\pmd-core-6.40.0.jar", + "md5": "8044ea7fee491a935f06272fff73a0ba", + "sha1": "6561a4ce85effcae889d9f2825f67d2112ee32cd", + "sha256": "b9ef81baa369f505950fbc561ec01ebce8e675e75d9e838a879d91bc68f95af7", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "relatedDependencies": [ + { + "isVirtual": false, + "fileName": "pmd-java-6.40.0.jar", + "filePath": ".m2\\repository\\net\\sourceforge\\pmd\\pmd-java\\6.40.0\\pmd-java-6.40.0.jar", + "sha256": "8a70ef6b54038c6ac36ad7cf6b865796e69956ddf7eb07dd8055d57720e95e79", + "sha1": "d61615339dd288e1b876eda0a7b922f07b267083", + "md5": "e6b1ee5b8feca55ad6b510024b51b7b2", + "packageIds": [ + { + "id": "pkg:maven/net.sourceforge.pmd/pmd-java@6.40.0", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/net.sourceforge.pmd\/pmd-java@6.40.0?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + } + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "pmd-core" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "net" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "pmd" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "sourceforge" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "build-jdk-spec", + "value": "11" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "pmd-core" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "net.sourceforge.pmd" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "PMD Core" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "pmd" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "pmd-core" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "net" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "pmd" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "sourceforge" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "build-jdk-spec", + "value": "11" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "pmd-core" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "net.sourceforge.pmd" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "PMD Core" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "pmd" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "6.40.0" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "6.40.0" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/net.sourceforge.pmd\/pmd-core@6.40.0", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/net.sourceforge.pmd\/pmd-core@6.40.0?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ], + "vulnerabilityIds": [ + { + "id": "cpe:2.3:a:pmd_project:pmd:6.40.0:*:*:*:*:*:*:*", + "confidence": "HIGHEST", + "url": "https:\/\/nvd.nist.gov\/vuln\/search\/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Apmd_project&cpe_product=cpe%3A%2F%3Apmd_project%3Apmd&cpe_version=cpe%3A%2F%3Apmd_project%3Apmd%3A6.40.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "slf4j-api-1.7.32.jar", + "filePath": ".m2\\repository\\org\\slf4j\\slf4j-api\\1.7.32\\slf4j-api-1.7.32.jar", + "md5": "fbcf58513bc25b80f075d812aad3e3cf", + "sha1": "cdcff33940d9f2de763bc41ea05a0be5941176c3", + "sha256": "3624f8474c1af46d75f98bc097d7864a323c81b3808aa43689a6e1c601c027be", + "description": "The slf4j API", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "slf4j-api" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "slf4j" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "org.slf4j" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "J2SE-1.5" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "slf4j.api" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "slf4j-api" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.slf4j" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "SLF4J API Module" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "slf4j-parent" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/www.slf4j.org" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "slf4j-api" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "slf4j" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "org.slf4j" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "slf4j-api" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "J2SE-1.5" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "slf4j.api" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "slf4j-api" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "slf4j-api" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "org.slf4j" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "SLF4J API Module" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "slf4j-parent" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/www.slf4j.org" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "1.7.32" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "1.7.32" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "1.7.32" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "1.7.32" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/org.slf4j\/slf4j-api@1.7.32", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/org.slf4j\/slf4j-api@1.7.32?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "spotbugs-4.5.0.jar", + "filePath": ".m2\\repository\\com\\github\\spotbugs\\spotbugs\\4.5.0\\spotbugs-4.5.0.jar", + "md5": "4070eea1778855abdf86f1740805beb0", + "sha1": "6bc031deec8506968417da46ba4367d159b99d76", + "sha256": "7063b740850a27bafbfd2d4528bec2faf2ebef9845a96efea47e15ccbc8a9317", + "description": "SpotBugs: Because it's easy!", + "license": "GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https:\/\/www.gnu.org\/licenses\/old-licenses\/lgpl-2.1.en.html", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "spotbugs" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "com.github.spotbugs.spotbugs" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "spotbugs" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.github.spotbugs" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "SpotBugs" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "https:\/\/spotbugs.github.io\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "spotbugs" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "com.github.spotbugs.spotbugs" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "spotbugs" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.github.spotbugs" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "SpotBugs" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "https:\/\/spotbugs.github.io\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "4.5.0" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "4.5.0" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "4.5.0" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/com.github.spotbugs\/spotbugs@4.5.0", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/com.github.spotbugs\/spotbugs@4.5.0?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "spotbugs-annotations-4.4.1.jar", + "filePath": ".m2\\repository\\com\\github\\spotbugs\\spotbugs-annotations\\4.4.1\\spotbugs-annotations-4.4.1.jar", + "md5": "e3b081f2b8ec24ad4877be14b7b56a5d", + "sha1": "a409167be27a1b197c0432ebfc421f8f79f9bf41", + "sha256": "fa5d3b17d585868c74c0e25b3c57c17282f9a3328c73ea5259bfd9ac99c6933a", + "description": "Annotations the SpotBugs tool supports", + "license": "GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https:\/\/www.gnu.org\/licenses\/old-licenses\/lgpl-2.1.en.html", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "spotbugs-annotations" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "com.github.spotbugs.annotations" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "J2SE-1.5" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "spotbugs-annotations" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "spotbugs-annotations" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.github.spotbugs" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "SpotBugs Annotations" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "https:\/\/spotbugs.github.io\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "spotbugs-annotations" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "com.github.spotbugs.annotations" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "spotbugs-annotations" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-requiredexecutionenvironment", + "value": "J2SE-1.5" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "spotbugs-annotations" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "spotbugs-annotations" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.github.spotbugs" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "SpotBugs Annotations" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "https:\/\/spotbugs.github.io\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "4.4.1" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "4.4.1" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "4.4.1" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/com.github.spotbugs\/spotbugs-annotations@4.4.1", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/com.github.spotbugs\/spotbugs-annotations@4.4.1?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "violations-lib-1.145.4.jar (shaded: com.google.code.gson:gson:2.8.2)", + "filePath": ".m2\\repository\\se\\bjurr\\violations\\violations-lib\\1.145.4\\violations-lib-1.145.4.jar\\META-INF\/maven\/com.google.code.gson\/gson\/pom.xml", + "md5": "cd4f370197bd707193590374ef143bdf", + "sha1": "b6741c121370dbe1e40ec7dcf38f35d05099ffae", + "sha256": "91b9f17a54e6c340c8d3ea4b359401170706eb26a82d51909abe6ba80081aed8", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "gson" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.google.code.gson" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Gson" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "gson-parent" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "gson" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "com.google.code.gson" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Gson" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "gson-parent" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "2.8.2" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/com.google.code.gson\/gson@2.8.2", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/com.google.code.gson\/gson@2.8.2?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "violations-lib-1.145.4.jar", + "filePath": ".m2\\repository\\se\\bjurr\\violations\\violations-lib\\1.145.4\\violations-lib-1.145.4.jar", + "md5": "a862faf5edc642aeda327349a1dcf2da", + "sha1": "fa7082b8a3de6b2ec21e409d07a420ff55e32099", + "sha256": "65307716a0af4615bf2f06108fb18ba2ca449cb1a5c22b3af4fd75589166a89a", + "description": "'Library for parsing report files from static code analysis'", + "license": "The Apache Software License, Version 2.0: http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "violations-lib" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "bjurr" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "bjurr" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "lib" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "se" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "se" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "violations" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "violations" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "violations-lib" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "se.bjurr.violations" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "violations-lib" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "tomasbjerre\/violations-lib" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "violations-lib" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "bjurr" + }, + { + "type": "product", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "bjurr" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "lib" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "se" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "violations" + }, + { + "type": "product", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "violations" + }, + { + "type": "product", + "confidence": "LOW", + "source": "jar", + "name": "package name", + "value": "violationslib" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "violations-lib" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "se.bjurr.violations" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "violations-lib" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "url", + "value": "tomasbjerre\/violations-lib" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "1.145.4" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "1.145.4" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/se.bjurr.violations\/violations-lib@1.145.4", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/se.bjurr.violations\/violations-lib@1.145.4?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + }, + { + "isVirtual": false, + "fileName": "xercesImpl-2.12.1.jar", + "filePath": ".m2\\repository\\xerces\\xercesImpl\\2.12.1\\xercesImpl-2.12.1.jar", + "md5": "9f82c362c893779109c1de812c5d4deb", + "sha1": "3a206b25679f598a03374afd4e0410d8849b088b", + "sha256": "ae0c329a3187178c8e7b0369a5346845e426062ffbb8a08fc68ced6affe6c626", + "description": "\n Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.\n\n The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.\n\n Xerces2 is a fully conforming XML Schema 1.0 processor. A partial experimental implementation of the XML Schema 1.1 Structures and Datatypes Working Drafts (December 2009) and an experimental implementation of the XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010) are provided for evaluation. For more information, refer to the XML Schema page.\n\n Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load\/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.\n\n Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load\/save APIs are in use. \n\t", + "license": "The Apache Software License, Version 2.0: http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "xercesImpl" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "datatypes" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "dom" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "parsers" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "serialize" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "version" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "w3c" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xerces" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xinclude" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xml" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xni" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/datatype\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/namespace\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/parsers\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/stream\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/transform\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/validation\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/xpath\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: org\/apache\/xerces\/impl\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: org\/apache\/xerces\/xni\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: org\/w3c\/dom\/", + "name": "Implementation-Vendor", + "value": "World Wide Web Consortium" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: org\/w3c\/dom\/ls\/", + "name": "Implementation-Vendor", + "value": "World Wide Web Consortium" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: org\/xml\/sax\/", + "name": "Implementation-Vendor", + "value": "David Megginson" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "xercesImpl" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "xerces" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Xerces2-j" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "https:\/\/xerces.apache.org\/xerces2-j\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "xercesImpl" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "datatype" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "datatypes" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "dom" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "impl" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "parsers" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "serialize" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "validation" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "version" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "w3c" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xerces" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xinclude" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xml" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xni" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xpath" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/datatype\/", + "name": "Implementation-Title", + "value": "javax.xml.datatype" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/datatype\/", + "name": "Specification-Title", + "value": "Java API for XML Processing" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/namespace\/", + "name": "Implementation-Title", + "value": "javax.xml.namespace" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/namespace\/", + "name": "Specification-Title", + "value": "Java API for XML Processing" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/parsers\/", + "name": "Implementation-Title", + "value": "javax.xml.parsers" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/parsers\/", + "name": "Specification-Title", + "value": "Java API for XML Processing" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/stream\/", + "name": "Implementation-Title", + "value": "javax.xml.stream" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/stream\/", + "name": "Specification-Title", + "value": "Streaming API for XML" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/transform\/", + "name": "Implementation-Title", + "value": "javax.xml.transform" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/transform\/", + "name": "Specification-Title", + "value": "Java API for XML Processing" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/validation\/", + "name": "Implementation-Title", + "value": "javax.xml.validation" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/validation\/", + "name": "Specification-Title", + "value": "Java API for XML Processing" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/xpath\/", + "name": "Implementation-Title", + "value": "javax.xml.xpath" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/xpath\/", + "name": "Specification-Title", + "value": "Java API for XML Processing" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/apache\/xerces\/impl\/", + "name": "Implementation-Title", + "value": "org.apache.xerces.impl.Version" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/apache\/xerces\/xni\/", + "name": "Implementation-Title", + "value": "org.apache.xerces.xni" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/apache\/xerces\/xni\/", + "name": "Specification-Title", + "value": "Xerces Native Interface" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/w3c\/dom\/", + "name": "Implementation-Title", + "value": "org.w3c.dom" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/w3c\/dom\/", + "name": "Specification-Title", + "value": "Document Object Model, Level 3 Core" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/w3c\/dom\/ls\/", + "name": "Implementation-Title", + "value": "org.w3c.dom.ls" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/w3c\/dom\/ls\/", + "name": "Specification-Title", + "value": "Document Object Model, Level 3 Load and Save" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/xml\/sax\/", + "name": "Implementation-Title", + "value": "org.xml.sax" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/xml\/sax\/", + "name": "Specification-Title", + "value": "Simple API for XML" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "xercesImpl" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "xerces" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "Xerces2-j" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "https:\/\/xerces.apache.org\/xerces2-j\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "2.12.1" + }, + { + "type": "version", + "confidence": "MEDIUM", + "source": "manifest: org\/apache\/xerces\/impl\/", + "name": "Implementation-Version", + "value": "2.12.1" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "2.12.1" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/xerces\/xercesImpl@2.12.1", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/xerces\/xercesImpl@2.12.1?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ], + "vulnerabilityIds": [ + { + "id": "cpe:2.3:a:apache:xerces2_java:2.12.1:*:*:*:*:*:*:*", + "confidence": "LOW" + } + ] + }, + { + "isVirtual": false, + "fileName": "xml-apis-1.4.01.jar", + "filePath": ".m2\\repository\\xml-apis\\xml-apis\\1.4.01\\xml-apis-1.4.01.jar", + "md5": "7eaad6fea5925cca6c36ee8b3e02ac9d", + "sha1": "3789d9fada2d3d458c4ba2de349d48780f381ee3", + "sha256": "a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad", + "description": "xml-commons provides an Apache-hosted set of DOM, SAX, and \n JAXP interfaces for use in other xml-based projects. Our hope is that we \n can standardize on both a common version and packaging scheme for these \n critical XML standards interfaces to make the lives of both our developers \n and users easier. The External Components portion of xml-commons contains \n interfaces that are defined by external standards organizations. For DOM, \n that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for \n JAXP it's Sun.", + "license": "The Apache Software License, Version 2.0: http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt\nThe SAX License: http:\/\/www.saxproject.org\/copying.html\nThe W3C License: http:\/\/www.w3.org\/TR\/2004\/REC-DOM-Level-3-Core-20040407\/java-binding.zip", + "projectReferences": [ + "Static Analysis Model and Parsers:compile" + ], + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "xml-apis" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "dom" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "sax" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "version" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "w3c" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xml" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/datatype\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/namespace\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/parsers\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/stream\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/transform\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/validation\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/xpath\/", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: org\/apache\/xmlcommons\/Version", + "name": "Implementation-Vendor", + "value": "Apache Software Foundation" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: org\/w3c\/dom\/", + "name": "Implementation-Vendor", + "value": "World Wide Web Consortium" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: org\/w3c\/dom\/ls\/", + "name": "Implementation-Vendor", + "value": "World Wide Web Consortium" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "manifest: org\/xml\/sax\/", + "name": "Implementation-Vendor", + "value": "David Megginson" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "xml-apis" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "xml-apis" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "XML Commons External Components XML APIs" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/xml.apache.org\/commons\/components\/external\/" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "xml-apis" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "apache" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "datatype" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "document" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "dom" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "javax" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "ls" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "namespace" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "parsers" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "sax" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "stax" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "stream" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "transform" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "validation" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "version" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "w3c" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xml" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xmlcommons" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "xpath" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/datatype\/", + "name": "Implementation-Title", + "value": "javax.xml.datatype" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/datatype\/", + "name": "Specification-Title", + "value": "Java API for XML Processing (JAXP) 1.4" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/namespace\/", + "name": "Implementation-Title", + "value": "javax.xml.namespace" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/namespace\/", + "name": "Specification-Title", + "value": "Java API for XML Processing (JAXP) 1.4" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/parsers\/", + "name": "Implementation-Title", + "value": "javax.xml.parsers" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/parsers\/", + "name": "Specification-Title", + "value": "Java API for XML Processing (JAXP) 1.4" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/stream\/", + "name": "Implementation-Title", + "value": "javax.xml.stream" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/stream\/", + "name": "Specification-Title", + "value": "Streaming API for XML (StAX) 1.0" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/transform\/", + "name": "Implementation-Title", + "value": "javax.xml.transform" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/transform\/", + "name": "Specification-Title", + "value": "Java API for XML Processing (JAXP) 1.4" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/validation\/", + "name": "Implementation-Title", + "value": "javax.xml.validation" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/validation\/", + "name": "Specification-Title", + "value": "Java API for XML Processing (JAXP) 1.4" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/xpath\/", + "name": "Implementation-Title", + "value": "javax.xml.xpath" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/xpath\/", + "name": "Specification-Title", + "value": "Java API for XML Processing (JAXP) 1.4" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/apache\/xmlcommons\/Version", + "name": "Implementation-Title", + "value": "org.apache.xmlcommons.Version" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/w3c\/dom\/", + "name": "Implementation-Title", + "value": "org.w3c.dom" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/w3c\/dom\/", + "name": "Specification-Title", + "value": "Document Object Model (DOM) Level 3 Core" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/w3c\/dom\/ls\/", + "name": "Implementation-Title", + "value": "org.w3c.dom.ls" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/w3c\/dom\/ls\/", + "name": "Specification-Title", + "value": "Document Object Model (DOM) Level 3 Load and Save" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/xml\/sax\/", + "name": "Implementation-Title", + "value": "org.xml.sax" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "manifest: org\/xml\/sax\/", + "name": "Specification-Title", + "value": "Simple API for XML" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "xml-apis" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "xml-apis" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "XML Commons External Components XML APIs" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/xml.apache.org\/commons\/components\/external\/" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "1.4.01" + }, + { + "type": "version", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/datatype\/", + "name": "Implementation-Version", + "value": "1.4.01" + }, + { + "type": "version", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/namespace\/", + "name": "Implementation-Version", + "value": "1.4.01" + }, + { + "type": "version", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/parsers\/", + "name": "Implementation-Version", + "value": "1.4.01" + }, + { + "type": "version", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/stream\/", + "name": "Implementation-Version", + "value": "1.4.01" + }, + { + "type": "version", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/transform\/", + "name": "Implementation-Version", + "value": "1.4.01" + }, + { + "type": "version", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/validation\/", + "name": "Implementation-Version", + "value": "1.4.01" + }, + { + "type": "version", + "confidence": "MEDIUM", + "source": "manifest: javax\/xml\/xpath\/", + "name": "Implementation-Version", + "value": "1.4.01" + }, + { + "type": "version", + "confidence": "MEDIUM", + "source": "manifest: org\/apache\/xmlcommons\/Version", + "name": "Implementation-Version", + "value": "1.4.01" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "1.4.01" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/xml-apis\/xml-apis@1.4.01", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/xml-apis\/xml-apis@1.4.01?utm_source=dependency-check&utm_medium=integration&utm_content=6.5.0" + } + ] + } + ] +} \ No newline at end of file