Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 6.0.3Report Generated On : Tue, 6 Apr 2021 08:54:59 GMTDependencies Scanned : 96 (96 unique)Vulnerable Dependencies : 0 Vulnerabilities Found : 0Vulnerabilities Suppressed : 116... NVD CVE Checked : 2021-04-06T07:17:49NVD CVE Modified : 2021-04-06T05:01:46VersionCheckOn : 2021-03-15T15:02:51Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies apache-mime4j-0.6.jarDescription:
Java stream based MIME message parser License:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /home/jenkins/.mvnrepository/org/apache/james/apache-mime4j/0.6/apache-mime4j-0.6.jar
MD5: e90fb1ab3f8145ad00def6359da22faf
SHA1: 945007627e8d12275d755081a9e609c018e1210d
SHA256: fd7dde90195ba1aea3cfacb95b3022b2499adf676d1bc896d0fa5c257b596c6c
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://www.apache.org Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom artifactid apache-mime4j Low Vendor jar package name mime4j Highest Vendor pom groupid org.apache.james Highest Vendor pom parent-groupid org.apache.james Medium Vendor pom parent-artifactid james-project Low Vendor jar package name parser Highest Vendor pom url http://james.apache.org/mime4j Highest Vendor jar package name message Highest Vendor Manifest url http://james.apache.org/mime4j Low Vendor jar package name james Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name apache Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest originally-created-by 1.6.0_10 (Sun Microsystems Inc.) Low Vendor Manifest bundle-symbolicname org.apache.james.apache-mime4j Medium Vendor file name apache-mime4j High Vendor pom groupid apache.james Highest Vendor pom name Apache JAMES Mime4j High Product Manifest bundle-docurl http://www.apache.org Low Product Manifest Bundle-Name Apache JAMES Mime4j Medium Product pom parent-artifactid james-project Medium Product pom artifactid apache-mime4j Highest Product jar package name mime4j Highest Product pom parent-groupid org.apache.james Medium Product jar package name parser Highest Product jar package name message Highest Product Manifest url http://james.apache.org/mime4j Low Product Manifest Implementation-Title Apache Mime4j High Product jar package name james Highest Product jar package name apache Highest Product Manifest specification-title Apache Mime4j Medium Product Manifest originally-created-by 1.6.0_10 (Sun Microsystems Inc.) Low Product pom url http://james.apache.org/mime4j Medium Product Manifest bundle-symbolicname org.apache.james.apache-mime4j Medium Product file name apache-mime4j High Product pom groupid apache.james Highest Product pom name Apache JAMES Mime4j High Version file version 0.6 High Version pom version 0.6 Highest Version Manifest Bundle-Version 0.6 High Version Manifest Implementation-Version 0.6 High Version pom parent-version 0.6 Low
apiguardian-api-1.1.0.jarDescription:
@API Guardian License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/org/apiguardian/apiguardian-api/1.1.0/apiguardian-api-1.1.0.jar
MD5: 944805817b648e558ed6be6fc7f054f3
SHA1: fc9dff4bb36d627bdc553de77e1f17efd790876c
SHA256: a9aae9ff8ae3e17a2a18f79175e82b16267c246fbbd3ca9dfbbb290b08dcfdd4
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest build-revision e7f98b22d3b2a54033711e2666a047d1066b0b25 Low Vendor Manifest build-time 21:07:38.516+0200 Low Vendor pom groupid apiguardian Highest Vendor Manifest Implementation-Vendor apiguardian.org High Vendor jar package name apiguardian Highest Vendor pom artifactid apiguardian-api Low Vendor Manifest build-date 2019-06-06 Low Vendor Manifest specification-vendor apiguardian.org Low Vendor pom groupid org.apiguardian Highest Vendor pom name org.apiguardian:apiguardian-api High Vendor jar package name api Highest Vendor pom url apiguardian-team/apiguardian Highest Vendor file name apiguardian-api High Product Manifest build-revision e7f98b22d3b2a54033711e2666a047d1066b0b25 Low Product Manifest build-time 21:07:38.516+0200 Low Product pom groupid apiguardian Highest Product pom artifactid apiguardian-api Highest Product pom url apiguardian-team/apiguardian High Product jar package name apiguardian Highest Product Manifest build-date 2019-06-06 Low Product Manifest Implementation-Title apiguardian-api High Product pom name org.apiguardian:apiguardian-api High Product jar package name api Highest Product Manifest specification-title apiguardian-api Medium Product file name apiguardian-api High Version pom version 1.1.0 Highest Version file version 1.1.0 High Version Manifest Implementation-Version 1.1.0 High
arc-1.2.0.Final.jarFile Path: /home/jenkins/.mvnrepository/io/quarkus/arc/arc/1.2.0.Final/arc-1.2.0.Final.jarMD5: 407b54e2c412dfa51b8dc739149def9eSHA1: 8ca3834e147a87ef27da11abcbf4da73fa3f4e7fSHA256: 2b86becbf25944307b5b6b442b749d6a79dbd206afc338ab776183d332d2007eReferenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor file name arc High Vendor Manifest os-arch amd64 Low Vendor jar package name quarkus Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom groupid io.quarkus.arc Highest Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor jar package name io Highest Vendor jar package name arc Highest Vendor Manifest Implementation-Vendor-Id io.quarkus.arc Medium Vendor pom artifactid arc Low Vendor Manifest implementation-url http://www.jboss.org/arc-parent/arc Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor pom name ArC - Runtime High Vendor pom parent-artifactid arc-parent Low Vendor Manifest os-name Linux Medium Product pom parent-artifactid arc-parent Medium Product pom artifactid arc Highest Product file name arc High Product Manifest os-arch amd64 Low Product jar package name quarkus Highest Product pom groupid io.quarkus.arc Highest Product jar package name arc Highest Product jar package name io Highest Product Manifest implementation-url http://www.jboss.org/arc-parent/arc Low Product Manifest Implementation-Title ArC - Runtime High Product Manifest specification-title ArC - Runtime Medium Product pom name ArC - Runtime High Product Manifest os-name Linux Medium Version pom version 1.2.0.Final Highest Version Manifest Implementation-Version 1.2.0.Final High
automaton-1.11-8.jarDescription:
A DFA/NFA (finite-state automata) implementation with
Unicode alphabet (UTF16) and support for the standard regular
expression operations (concatenation, union, Kleene star) and a number
of non-standard ones (intersection, complement, etc.) License:
BSD: http://www.opensource.org/licenses/bsd-license.php File Path: /home/jenkins/.mvnrepository/dk/brics/automaton/automaton/1.11-8/automaton-1.11-8.jar
MD5: 3467dcbbba2fe68a4e07a5826988e034
SHA1: 6ebfa65eb431ff4b715a23be7a750cbc4cc96d0f
SHA256: a24475f6ccfe1cc7a4fe9e34e05ce687b0ce0c6e8cb781e0eced3b186482c61e
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom url http://www.brics.dk/automaton/ Highest Vendor pom name Automaton High Vendor pom groupid dk.brics.automaton Highest Vendor pom artifactid automaton Low Vendor jar package name state Highest Vendor jar package name automaton Highest Vendor jar package name brics Low Vendor jar package name brics Highest Vendor jar package name automaton Low Vendor file name automaton High Vendor jar package name dk Highest Vendor jar package name dk Low Product pom url http://www.brics.dk/automaton/ Medium Product jar package name automaton Highest Product jar package name brics Low Product pom name Automaton High Product pom groupid dk.brics.automaton Highest Product jar package name brics Highest Product jar package name automaton Low Product file name automaton High Product pom artifactid automaton Highest Product jar package name dk Highest Product jar package name state Highest Version pom version 1.11-8 Highest
bcpkix-jdk15on-1.60.jarDescription:
The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.html File Path: /home/jenkins/.mvnrepository/org/bouncycastle/bcpkix-jdk15on/1.60/bcpkix-jdk15on-1.60.jar
MD5: edc6f012c19cf74d70964187a4ab32ba
SHA1: d0c46320fbc07be3a24eb13a56cee4e3d38e0c75
SHA256: a82ac5bc24bcbf6ba9eb70f334d6782e25245c8da36d9848ad553b5b7b68efd1
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname bcpkix Medium Vendor pom groupid org.bouncycastle Highest Vendor Manifest application-library-allowable-codebase * Low Vendor jar package name cmp Highest Vendor file name bcpkix-jdk15on High Vendor jar package name crmf Highest Vendor jar package name bouncycastle Highest Vendor jar package name cms Highest Vendor Manifest specification-vendor BouncyCastle.org Low Vendor pom groupid bouncycastle Highest Vendor Manifest trusted-library true Low Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest permissions all-permissions Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest originally-created-by 25.171-b11 (Oracle Corporation) Low Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest application-name Bouncy Castle PKIX API Medium Vendor jar package name pkcs Highest Vendor jar package name tsp Highest Vendor Manifest caller-allowable-codebase * Low Vendor pom url http://www.bouncycastle.org/java.html Highest Vendor jar package name pkix Highest Vendor pom artifactid bcpkix-jdk15on Low Vendor Manifest automatic-module-name org.bouncycastle.pkix Medium Vendor Manifest extension-name org.bouncycastle.bcpkix Medium Vendor Manifest codebase * Low Vendor jar package name eac Highest Vendor jar package name ocsp Highest Vendor pom name Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs High Product Manifest bundle-symbolicname bcpkix Medium Product Manifest application-library-allowable-codebase * Low Product jar package name cmp Highest Product file name bcpkix-jdk15on High Product jar package name crmf Highest Product jar package name bouncycastle Highest Product jar package name cms Highest Product pom groupid bouncycastle Highest Product Manifest trusted-library true Low Product Manifest permissions all-permissions Low Product pom url http://www.bouncycastle.org/java.html Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest originally-created-by 25.171-b11 (Oracle Corporation) Low Product pom artifactid bcpkix-jdk15on Highest Product Manifest application-name Bouncy Castle PKIX API Medium Product jar package name pkcs Highest Product jar package name tsp Highest Product Manifest caller-allowable-codebase * Low Product Manifest Bundle-Name bcpkix Medium Product jar package name pkix Highest Product Manifest automatic-module-name org.bouncycastle.pkix Medium Product Manifest extension-name org.bouncycastle.bcpkix Medium Product Manifest codebase * Low Product jar package name eac Highest Product jar package name ocsp Highest Product pom name Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs High Version Manifest Bundle-Version 1.60 High Version pom version 1.60 Highest Version file version 1.60 High
bcprov-jdk15on-1.68.jarDescription:
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up. License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.html File Path: /home/jenkins/.mvnrepository/org/bouncycastle/bcprov-jdk15on/1.68/bcprov-jdk15on-1.68.jar
MD5: f34043ac8be2793843364b4406a15543
SHA1: 46a080368d38b428d237a59458f9bc915222894d
SHA256: f732a46c8de7e2232f2007c682a21d1f4cc8a8a0149b6b7bd6aa1afdc65a0f8d
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.bouncycastle Highest Vendor Manifest application-library-allowable-codebase * Low Vendor jar package name org Highest Vendor jar package name bouncycastle Highest Vendor Manifest specification-vendor BouncyCastle.org Low Vendor file name bcprov-jdk15on High Vendor pom groupid bouncycastle Highest Vendor Manifest trusted-library true Low Vendor Manifest extension-name org.bouncycastle.bcprovider Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest permissions all-permissions Low Vendor pom artifactid bcprov-jdk15on Low Vendor Manifest originally-created-by 25.275-b01 (Private Build) Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom name Bouncy Castle Provider High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor jar package name provider Highest Vendor Manifest bundle-symbolicname bcprov Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest multi-release true Low Vendor jar package name crypto Highest Vendor Manifest application-name Bouncy Castle Provider Medium Vendor jar package name jce Highest Vendor pom url http://www.bouncycastle.org/java.html Highest Vendor Manifest codebase * Low Vendor Manifest automatic-module-name org.bouncycastle.provider Medium Product Manifest application-library-allowable-codebase * Low Product Manifest Bundle-Name bcprov Medium Product jar package name org Highest Product jar package name bouncycastle Highest Product file name bcprov-jdk15on High Product pom groupid bouncycastle Highest Product Manifest trusted-library true Low Product Manifest extension-name org.bouncycastle.bcprovider Medium Product Manifest permissions all-permissions Low Product Manifest originally-created-by 25.275-b01 (Private Build) Low Product pom url http://www.bouncycastle.org/java.html Medium Product hint analyzer product legion-of-the-bouncy-castle-java-crytography-api High Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom name Bouncy Castle Provider High Product jar package name provider Highest Product Manifest bundle-symbolicname bcprov Medium Product Manifest caller-allowable-codebase * Low Product Manifest multi-release true Low Product jar package name crypto Highest Product Manifest application-name Bouncy Castle Provider Medium Product jar package name jce Highest Product pom artifactid bcprov-jdk15on Highest Product Manifest codebase * Low Product Manifest automatic-module-name org.bouncycastle.provider Medium Version Manifest Bundle-Version 1.68 High Version pom version 1.68 Highest Version file version 1.68 High
pkg:maven/org.bouncycastle/bcprov-jdk15on@1.68 (Confidence :High)cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.68:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.68:*:*:*:*:*:*:* (Confidence :Low) suppress btf-1.2.jarDescription:
null License:
Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/jenkins/.mvnrepository/com/github/fge/btf/1.2/btf-1.2.jar
MD5: 5c91cd1157e0bb99e77a33b6f42a457c
SHA1: 9e66651022eb86301b348d57e6f59459effc343b
SHA256: 38a380577a186718cb97ee8af58d4f40f7fbfdc23ff68b5f4b3c2c68a1d5c05d
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name fge Highest Vendor pom name null High Vendor jar package name github Highest Vendor pom groupid com.github.fge Highest Vendor file name btf High Vendor pom url fge/btf Highest Vendor pom artifactid btf Low Vendor Manifest bundle-symbolicname com.github.fge.btf Medium Vendor pom groupid github.fge Highest Product jar package name fge Highest Product pom name null High Product Manifest Bundle-Name btf Medium Product pom artifactid btf Highest Product jar package name github Highest Product pom url fge/btf High Product file name btf High Product Manifest bundle-symbolicname com.github.fge.btf Medium Product pom groupid github.fge Highest Version pom version 1.2 Highest Version Manifest Bundle-Version 1.2 High Version file version 1.2 High
checker-qual-2.5.2.jarDescription:
Checker Qual is the set of annotations (qualifiers) and supporting classes
used by the Checker Framework to type check Java source code. Please
see artifact:
org.checkerframework:checker
License:
The MIT License: http://opensource.org/licenses/MIT File Path: /home/jenkins/.mvnrepository/org/checkerframework/checker-qual/2.5.2/checker-qual-2.5.2.jar
MD5: 04acc78b24bbd365423da357da003cf0
SHA1: cea74543d5904a30861a61b4643a5f2bb372efc4
SHA256: 64b02691c8b9d4e7700f8ee2e742dce7ea2c6e81e662b7522c9ee3bf568c040a
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name framework Highest Vendor pom groupid checkerframework Highest Vendor file name checker-qual High Vendor pom artifactid checker-qual Low Vendor jar package name checker Highest Vendor pom name Checker Qual High Vendor Manifest implementation-url https://checkerframework.org Low Vendor pom url https://checkerframework.org Highest Vendor jar package name checkerframework Highest Vendor pom groupid org.checkerframework Highest Vendor jar package name qual Highest Product pom artifactid checker-qual Highest Product jar package name framework Highest Product pom groupid checkerframework Highest Product pom url https://checkerframework.org Medium Product file name checker-qual High Product jar package name checker Highest Product pom name Checker Qual High Product Manifest implementation-url https://checkerframework.org Low Product jar package name checkerframework Highest Product jar package name qual Highest Version pom version 2.5.2 Highest Version file version 2.5.2 High Version Manifest Implementation-Version 2.5.2 High
commons-codec-1.13.jarDescription:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/commons-codec/commons-codec/1.13/commons-codec-1.13.jar
MD5: 5085f186156822fa3a02e55bcd5584a8
SHA1: 3f18e1aa31031d89db6f01ba05d501258ce69d2c
SHA256: 61f7a3079e92b9fdd605238d0295af5fd11ac411a0a0af48deace1f6c5ffa072
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Vendor pom name Apache Commons Codec High Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-codec/ Highest Vendor Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Vendor Manifest Implementation-Vendor-Id commons-codec Medium Vendor jar package name codec Highest Vendor jar package name commons Highest Vendor pom artifactid commons-codec Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name encoder Highest Vendor Manifest implementation-url https://commons.apache.org/proper/commons-codec/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name apache Highest Vendor pom parent-artifactid commons-parent Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom groupid commons-codec Highest Vendor file name commons-codec High Vendor Manifest automatic-module-name org.apache.commons.codec Medium Product Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Product pom name Apache Commons Codec High Product pom parent-groupid org.apache.commons Medium Product Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Product pom artifactid commons-codec Highest Product jar package name codec Highest Product jar package name commons Highest Product Manifest Implementation-Title Apache Commons Codec High Product Manifest specification-title Apache Commons Codec Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom parent-artifactid commons-parent Medium Product jar package name encoder Highest Product Manifest implementation-url https://commons.apache.org/proper/commons-codec/ Low Product jar package name apache Highest Product Manifest Bundle-Name Apache Commons Codec Medium Product pom url https://commons.apache.org/proper/commons-codec/ Medium Product file name commons-codec High Product pom groupid commons-codec Highest Product Manifest automatic-module-name org.apache.commons.codec Medium Version pom parent-version 1.13 Low Version pom version 1.13 Highest Version Manifest Implementation-Version 1.13 High Version file version 1.13 High
commons-io-2.6.jarDescription:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/commons-io/commons-io/2.6/commons-io-2.6.jar
MD5: 467c2a1f64319c99b5faf03fc78572af
SHA1: 815893df5f31da2ece4040fe0a12fd44b577afaf
SHA256: f877d304660ac2a142f3865badfc971dec7ed73c747c7f8d5d2f5139ca736513
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id commons-io Medium Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-io/ Highest Vendor file name commons-io High Vendor pom groupid commons-io Highest Vendor jar package name commons Highest Vendor Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Vendor jar package name io Highest Vendor Manifest automatic-module-name org.apache.commons.io Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name apache Highest Vendor Manifest bundle-symbolicname org.apache.commons.io Medium Vendor pom artifactid commons-io Low Vendor pom parent-artifactid commons-parent Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Apache Commons IO High Product Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Product pom parent-groupid org.apache.commons Medium Product file name commons-io High Product Manifest specification-title Apache Commons IO Medium Product pom groupid commons-io Highest Product Manifest Implementation-Title Apache Commons IO High Product jar package name commons Highest Product Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Product jar package name io Highest Product Manifest automatic-module-name org.apache.commons.io Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom parent-artifactid commons-parent Medium Product Manifest Bundle-Name Apache Commons IO Medium Product pom artifactid commons-io Highest Product jar package name apache Highest Product Manifest bundle-symbolicname org.apache.commons.io Medium Product pom name Apache Commons IO High Product pom url http://commons.apache.org/proper/commons-io/ Medium Version file version 2.6 High Version pom parent-version 2.6 Low Version pom version 2.6 Highest Version Manifest Implementation-Version 2.6 High
commons-lang3-3.9.jarDescription:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/org/apache/commons/commons-lang3/3.9/commons-lang3-3.9.jar
MD5: fa752c3cb5474b05e14bf2ed7e242020
SHA1: 0122c7cee69b53ed4a7681c03d4ee4c0e2765da5
SHA256: de2e1dcdcf3ef917a8ce858661a06726a9a944f28e33ad7f9e08bea44dc3c230
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor pom parent-groupid org.apache.commons Medium Vendor pom artifactid commons-lang3 Low Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom groupid org.apache.commons Highest Vendor jar package name commons Highest Vendor jar package name lang3 Highest Vendor pom groupid apache.commons Highest Vendor file name commons-lang3 High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor jar package name apache Highest Vendor Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Vendor pom parent-artifactid commons-parent Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom url http://commons.apache.org/proper/commons-lang/ Highest Vendor pom name Apache Commons Lang High Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest specification-title Apache Commons Lang Medium Product Manifest Implementation-Title Apache Commons Lang High Product Manifest Bundle-Name Apache Commons Lang Medium Product pom parent-groupid org.apache.commons Medium Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name commons Highest Product jar package name lang3 Highest Product pom parent-artifactid commons-parent Medium Product pom artifactid commons-lang3 Highest Product pom url http://commons.apache.org/proper/commons-lang/ Medium Product pom groupid apache.commons Highest Product file name commons-lang3 High Product Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Product jar package name apache Highest Product Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Product pom name Apache Commons Lang High Version Manifest Implementation-Version 3.9 High Version pom version 3.9 Highest Version pom parent-version 3.9 Low Version file version 3.9 High
commons-logging-1.2.jarDescription:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256: daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Vendor jar package name logging Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium Vendor jar package name commons Highest Vendor pom artifactid commons-logging Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name apache Highest Vendor Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Vendor pom parent-artifactid commons-parent Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Apache Commons Logging High Vendor file name commons-logging High Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest Vendor pom groupid commons-logging Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Product jar package name logging Highest Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-logging/ Medium Product Manifest bundle-symbolicname org.apache.commons.logging Medium Product jar package name commons Highest Product pom artifactid commons-logging Highest Product Manifest Bundle-Name Apache Commons Logging Medium Product pom parent-artifactid commons-parent Medium Product Manifest Implementation-Title Apache Commons Logging High Product Manifest specification-title Apache Commons Logging Medium Product jar package name apache Highest Product Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Product pom name Apache Commons Logging High Product file name commons-logging High Product pom groupid commons-logging Highest Version pom version 1.2 Highest Version file version 1.2 High Version pom parent-version 1.2 Low Version Manifest Implementation-Version 1.2 High
entando-k8s-custom-model-6.3.4.jarDescription:
Entando's Kubernetes Custom Resources License:
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1, February 1999: https://www.gnu.org/licenses/lgpl-2.1.txt File Path: /home/jenkins/.mvnrepository/org/entando/entando-k8s-custom-model/6.3.4/entando-k8s-custom-model-6.3.4.jar
MD5: c744809d5012ba2e91767c76349709bd
SHA1: d40dc798900cb12eb1275bca1ce755a59a3aa09d
SHA256: d77e0ec0f4eb5707ebf3668bee92afeefed142b80506ba90f59e566a55002c94
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest implementation-build 6.3.4 Low Vendor pom organization name Entando Inc. High Vendor Manifest build-jdk-spec 11 Low Vendor file name entando-k8s-custom-model High Vendor jar package name kubernetes Highest Vendor jar package name entando Highest Vendor Manifest Implementation-Vendor Entando Inc. High Vendor jar package name model Highest Vendor pom url https://central.entando.com Highest Vendor pom groupid org.entando Highest Vendor pom artifactid entando-k8s-custom-model Low Vendor pom organization url http://www.entando.com/ Medium Vendor pom groupid entando Highest Vendor pom parent-groupid org.entando Medium Vendor pom parent-artifactid entando-quarkus-parent Low Vendor pom name Entando Kubernetes Custom Model High Product Manifest implementation-build 6.3.4 Low Product Manifest Implementation-Title Entando Kubernetes Custom Model High Product Manifest build-jdk-spec 11 Low Product file name entando-k8s-custom-model High Product jar package name kubernetes Highest Product jar package name entando Highest Product jar package name model Highest Product pom organization url http://www.entando.com/ Low Product pom parent-artifactid entando-quarkus-parent Medium Product pom organization name Entando Inc. Low Product pom artifactid entando-k8s-custom-model Highest Product pom groupid entando Highest Product pom parent-groupid org.entando Medium Product pom name Entando Kubernetes Custom Model High Product pom url https://central.entando.com Medium Version file version 6.3.4 High Version Manifest implementation-build 6.3.4 Low Version pom parent-version 6.3.4 Low Version pom version 6.3.4 Highest Version Manifest Implementation-Version 6.3.4 High
entando-k8s-operator-common-6.3.19.jarDescription:
Entando's K8S Operator Common Library License:
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1, February 1999: https://www.gnu.org/licenses/lgpl-2.1.txt File Path: /home/jenkins/.mvnrepository/org/entando/entando-k8s-operator-common/6.3.19/entando-k8s-operator-common-6.3.19.jar
MD5: e8592808bb86ef83a2a45506b3e8dd77
SHA1: a4efc39a030c0ae399b52124a200afdecd279471
SHA256: 7e459b109b5bb6a74d4e39ffbd4a68d9f00f68d8a01e8345d324ed0d5e083931
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid entando-k8s-operator-common Low Vendor pom organization name Entando Inc. High Vendor Manifest build-jdk-spec 11 Low Vendor jar package name entando Highest Vendor Manifest Implementation-Vendor Entando Inc. High Vendor pom url https://central.entando.com Highest Vendor file name entando-k8s-operator-common High Vendor Manifest implementation-build 6.3.19 Low Vendor pom groupid org.entando Highest Vendor pom organization url http://www.entando.com/ Medium Vendor pom groupid entando Highest Vendor pom name Entando K8S Operator Common Library High Vendor pom parent-groupid org.entando Medium Vendor pom parent-artifactid entando-quarkus-parent Low Product Manifest build-jdk-spec 11 Low Product jar package name entando Highest Product pom artifactid entando-k8s-operator-common Highest Product Manifest Implementation-Title Entando K8S Operator Common Library High Product pom organization url http://www.entando.com/ Low Product file name entando-k8s-operator-common High Product Manifest implementation-build 6.3.19 Low Product pom parent-artifactid entando-quarkus-parent Medium Product pom organization name Entando Inc. Low Product pom groupid entando Highest Product pom name Entando K8S Operator Common Library High Product pom parent-groupid org.entando Medium Product pom url https://central.entando.com Medium Version file version 6.3.19 High Version Manifest Implementation-Version 6.3.19 High Version Manifest implementation-build 6.3.19 Low Version pom parent-version 6.3.19 Low Version pom version 6.3.19 Highest
failureaccess-1.0.1.jarDescription:
Contains
com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
InternalFutures. Most users will never need to use this artifact. Its
classes is conceptually a part of Guava, but they're in this separate
artifact so that Android libraries can use them without pulling in all of
Guava (just as they can use ListenableFuture by depending on the
listenablefuture artifact).
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar
MD5: 091883993ef5bfa91da01dcc8fc52236
SHA1: 1dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256: a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name google Highest Vendor pom parent-artifactid guava-parent Low Vendor jar package name common Highest Vendor file name failureaccess High Vendor pom groupid google.guava Highest Vendor Manifest bundle-symbolicname com.google.guava.failureaccess Medium Vendor pom name Guava InternalFutureFailureAccess and InternalFutures High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid failureaccess Low Vendor jar package name concurrent Highest Vendor Manifest bundle-docurl https://github.com/google/guava/ Low Vendor jar package name util Highest Vendor pom groupid com.google.guava Highest Vendor pom parent-groupid com.google.guava Medium Product jar package name google Highest Product jar package name common Highest Product Manifest Bundle-Name Guava InternalFutureFailureAccess and InternalFutures Medium Product pom artifactid failureaccess Highest Product file name failureaccess High Product pom groupid google.guava Highest Product Manifest bundle-symbolicname com.google.guava.failureaccess Medium Product pom parent-artifactid guava-parent Medium Product pom name Guava InternalFutureFailureAccess and InternalFutures High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product jar package name concurrent Highest Product Manifest bundle-docurl https://github.com/google/guava/ Low Product jar package name util Highest Product pom parent-groupid com.google.guava Medium Version file version 1.0.1 High Version Manifest Bundle-Version 1.0.1 High Version pom version 1.0.1 Highest Version pom parent-version 1.0.1 Low
generex-1.0.2.jarDescription:
Generex A Java Library for regex to Strings generation License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/com/github/mifmif/generex/1.0.2/generex-1.0.2.jar
MD5: a832db42f9e1c4f76930f547f6f80998
SHA1: b378f873b4e8d7616c3d920e2132cb1c87679600
SHA256: 8f8ce233c335e08e113a3f9579de1046fb19927e82468b1bbebcd6cba8760b81
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest implementation-url https://github.com/mifmif/Generex/tree/master Low Vendor jar package name generex Highest Vendor pom artifactid generex Low Vendor pom groupid com.github.mifmif Highest Vendor pom groupid github.mifmif Highest Vendor pom name Generex High Vendor pom url mifmif/Generex/tree/master Highest Vendor jar package name mifmif Highest Vendor file name generex High Vendor Manifest Implementation-Vendor-Id com.github.mifmif Medium Vendor jar package name regex Highest Product Manifest implementation-url https://github.com/mifmif/Generex/tree/master Low Product jar package name generex Highest Product pom url mifmif/Generex/tree/master High Product pom artifactid generex Highest Product pom groupid github.mifmif Highest Product pom name Generex High Product jar package name mifmif Highest Product file name generex High Product Manifest Implementation-Title Generex High Product Manifest specification-title Generex Medium Product jar package name regex Highest Version file version 1.0.2 High Version Manifest Implementation-Version 1.0.2 High Version pom version 1.0.2 Highest
graal-sdk-19.2.1.jarDescription:
GraalVM is an ecosystem for compiling and running applications written in multiple languages.
GraalVM removes the isolation between programming languages and enables interoperability in a shared runtime. License:
Universal Permissive License, Version 1.0: http://opensource.org/licenses/UPL File Path: /home/jenkins/.mvnrepository/org/graalvm/sdk/graal-sdk/19.2.1/graal-sdk-19.2.1.jar
MD5: 50bb82446477beea11bc03ae9107dcdb
SHA1: 50c9bf57f1a06d266c5ad7f36d9a17a870daa353
SHA256: b1d3b795be09ade065534e80c59a360d73da488e8183bbac97851e6c23b00100
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid graal-sdk Low Vendor pom name Graal Sdk High Vendor file name graal-sdk High Vendor pom groupid graalvm.sdk Highest Vendor jar package name graalvm Highest Vendor pom url oracle/graal Highest Vendor pom groupid org.graalvm.sdk Highest Vendor jar package name graalvm Low Product pom artifactid graal-sdk Highest Product pom name Graal Sdk High Product file name graal-sdk High Product pom groupid graalvm.sdk Highest Product jar package name graalvm Highest Product pom url oracle/graal High Version pom version 19.2.1 Highest Version file version 19.2.1 High
guava-30.1-jre.jarDescription:
Guava is a suite of core and expanded libraries that include
utility classes, Google's collections, I/O classes, and
much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/com/google/guava/guava/30.1-jre/guava-30.1-jre.jar
MD5: 2f8966f27f06101a08083bfa9f9277e7
SHA1: 00d0c3ce2311c9e36e73228da25a6e99b2ab826f
SHA256: e6dd072f9d3fe02a4600688380bd422bdac184caf6fe2418cfdd0934f09432aa
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name google Highest Vendor pom parent-artifactid guava-parent Low Vendor jar package name common Highest Vendor file name guava High Vendor pom groupid google.guava Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom name Guava: Google Core Libraries for Java High Vendor pom artifactid guava Low Vendor Manifest automatic-module-name com.google.common Medium Vendor Manifest bundle-docurl https://github.com/google/guava/ Low Vendor pom groupid com.google.guava Highest Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom parent-groupid com.google.guava Medium Product jar package name google Highest Product jar package name common Highest Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product pom artifactid guava Highest Product file name guava High Product pom groupid google.guava Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-artifactid guava-parent Medium Product pom name Guava: Google Core Libraries for Java High Product Manifest automatic-module-name com.google.common Medium Product Manifest bundle-docurl https://github.com/google/guava/ Low Product Manifest bundle-symbolicname com.google.guava Medium Product pom parent-groupid com.google.guava Medium Version pom version 30.1-jre Highest
hamcrest-core-1.3.jarDescription:
This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.
File Path: /home/jenkins/.mvnrepository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jarMD5: 6393363b47ddcbba82321110c3e07519SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name hamcrest Highest Vendor file name hamcrest-core High Vendor pom groupid hamcrest Highest Vendor pom parent-artifactid hamcrest-parent Low Vendor Manifest Implementation-Vendor hamcrest.org High Vendor jar package name core Highest Vendor pom groupid org.hamcrest Highest Vendor jar package name matcher Highest Vendor pom artifactid hamcrest-core Low Vendor Manifest built-date 2012-07-09 19:49:34 Low Vendor pom parent-groupid org.hamcrest Medium Vendor pom name Hamcrest Core High Product jar package name core Highest Product jar package name hamcrest Highest Product jar package name matcher Highest Product file name hamcrest-core High Product pom parent-artifactid hamcrest-parent Medium Product Manifest Implementation-Title hamcrest-core High Product Manifest built-date 2012-07-09 19:49:34 Low Product pom artifactid hamcrest-core Highest Product pom parent-groupid org.hamcrest Medium Product pom groupid hamcrest Highest Product pom name Hamcrest Core High Version pom version 1.3 Highest Version file version 1.3 High Version Manifest Implementation-Version 1.3 High
httpclient-4.5.13.jarDescription:
Apache HttpComponents Client
File Path: /home/jenkins/.mvnrepository/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jarMD5: 40d6b9075fbd28fa10292a45a0db9457SHA1: e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cadaSHA256: 6fe9026a566c6a5001608cf3fc32196641f6c1e5e1986d1037ccdbd5f31ef743Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.httpcomponents Medium Vendor file name httpclient High Vendor pom groupid org.apache.httpcomponents Highest Vendor pom url http://hc.apache.org/httpcomponents-client Highest Vendor pom name Apache HttpClient High Vendor jar package name client Highest Vendor jar package name httpclient Highest Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor pom groupid apache.httpcomponents Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid httpclient Low Vendor jar package name apache Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-artifactid httpcomponents-client Low Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Product pom parent-groupid org.apache.httpcomponents Medium Product pom parent-artifactid httpcomponents-client Medium Product file name httpclient High Product pom name Apache HttpClient High Product jar package name client Highest Product jar package name httpclient Highest Product pom url http://hc.apache.org/httpcomponents-client Medium Product pom groupid apache.httpcomponents Highest Product Manifest Implementation-Title Apache HttpClient High Product Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Product Manifest specification-title Apache HttpClient Medium Product jar package name apache Highest Product jar package name http Highest Product Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Product pom artifactid httpclient Highest Version file version 4.5.13 High Version Manifest Implementation-Version 4.5.13 High Version pom version 4.5.13 Highest
httpcore-4.4.13.jarDescription:
Apache HttpComponents Core (blocking I/O)
File Path: /home/jenkins/.mvnrepository/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.jarMD5: e07a248f61c52776a2366c075dcd4963SHA1: 853b96d3afbb7bf8cc303fe27ee96836a10c1834SHA256: e06e89d40943245fcfa39ec537cdbfce3762aecde8f9c597780d2b00c2b43424Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.httpcomponents Medium Vendor pom groupid org.apache.httpcomponents Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor file name httpcore High Vendor pom parent-artifactid httpcomponents-core Low Vendor Manifest implementation-build ${scmBranch}@r${buildNumber}; 2020-01-09 12:56:55+0000 Low Vendor pom groupid apache.httpcomponents Highest Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low Vendor Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Vendor pom artifactid httpcore Low Vendor pom name Apache HttpCore High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name apache Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Product pom parent-groupid org.apache.httpcomponents Medium Product pom artifactid httpcore Highest Product pom parent-artifactid httpcomponents-core Medium Product file name httpcore High Product Manifest specification-title HttpComponents Apache HttpCore Medium Product Manifest Implementation-Title HttpComponents Apache HttpCore High Product Manifest implementation-build ${scmBranch}@r${buildNumber}; 2020-01-09 12:56:55+0000 Low Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Product pom groupid apache.httpcomponents Highest Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low Product Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Product pom name Apache HttpCore High Product jar package name apache Highest Product jar package name http Highest Product Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Version Manifest Implementation-Version 4.4.13 High Version pom version 4.4.13 Highest Version file version 4.4.13 High
istack-commons-runtime-3.0.10.jarDescription:
istack common utility code License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/jenkins/.mvnrepository/com/sun/istack/istack-commons-runtime/3.0.10/istack-commons-runtime-3.0.10.jar
MD5: 05660669c45f5bb65cece45bf01d92bc
SHA1: be8418d9a1c91d8569045e82e8ad73cadbaa1f0d
SHA256: 85239e7fff2463b7d8a9c3962f78ee3e2c6db9455c724f29281e2c5f663e22be
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name sun Highest Vendor Manifest bundle-symbolicname com.sun.istack.commons-runtime Medium Vendor Manifest Implementation-Vendor-Id com.sun.istack Medium Vendor pom name istack common utility code runtime High Vendor Manifest implementation-build-id 3.0.10 - 3.0.10-RELEASE-0b1ac0c, 2019-10-15T09:41:41+0000 Low Vendor file name istack-commons-runtime High Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom parent-artifactid istack-commons Low Vendor jar package name istack Highest Vendor Manifest multi-release true Low Vendor jar package name com Highest Vendor jar (hint) package name oracle Highest Vendor pom groupid com.sun.istack Highest Vendor pom artifactid istack-commons-runtime Low Vendor pom parent-groupid com.sun.istack Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor pom groupid sun.istack Highest Product jar package name sun Highest Product Manifest bundle-symbolicname com.sun.istack.commons-runtime Medium Product pom artifactid istack-commons-runtime Highest Product pom name istack common utility code runtime High Product Manifest implementation-build-id 3.0.10 - 3.0.10-RELEASE-0b1ac0c, 2019-10-15T09:41:41+0000 Low Product file name istack-commons-runtime High Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name istack Highest Product Manifest multi-release true Low Product pom parent-artifactid istack-commons Medium Product jar package name com Highest Product pom parent-groupid com.sun.istack Medium Product Manifest Bundle-Name istack common utility code runtime Medium Product pom groupid sun.istack Highest Version pom version 3.0.10 Highest Version Manifest Bundle-Version 3.0.10 High Version file version 3.0.10 High Version Manifest implementation-build-id 3.0.10 Low
jackson-annotations-2.12.0.jarDescription:
Core annotations used for value types, used by Jackson data binding package.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/core/jackson-annotations/2.12.0/jackson-annotations-2.12.0.jar
MD5: 50c38b5f97ef7804e13a754e30d0287b
SHA1: a27bf93ec3eb19801226514f5d038c6deaf46001
SHA256: c28fbe62e7be1e29df75953fa8a887ff875d4482291fbfddb1aec5c91191ecda
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom groupid fasterxml.jackson.core Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom name Jackson-annotations High Vendor Manifest specification-vendor FasterXML Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor pom artifactid jackson-annotations Low Vendor pom parent-artifactid jackson-parent Low Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor pom groupid com.fasterxml.jackson.core Highest Vendor jar package name fasterxml Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest implementation-build-date 2020-11-29 00:36:26+0000 Low Vendor jar package name jackson Highest Vendor pom url http://github.com/FasterXML/jackson Highest Vendor file name jackson-annotations High Product pom groupid fasterxml.jackson.core Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom name Jackson-annotations High Product pom url http://github.com/FasterXML/jackson Medium Product pom artifactid jackson-annotations Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product pom parent-groupid com.fasterxml.jackson Medium Product Manifest Bundle-Name Jackson-annotations Medium Product pom parent-artifactid jackson-parent Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product jar package name fasterxml Highest Product Manifest specification-title Jackson-annotations Medium Product Manifest implementation-build-date 2020-11-29 00:36:26+0000 Low Product jar package name jackson Highest Product Manifest Implementation-Title Jackson-annotations High Product file name jackson-annotations High Version pom parent-version 2.12.0 Low Version pom version 2.12.0 Highest Version Manifest Bundle-Version 2.12.0 High Version file version 2.12.0 High Version Manifest Implementation-Version 2.12.0 High
jackson-core-2.12.0.jarDescription:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/core/jackson-core/2.12.0/jackson-core-2.12.0.jar
MD5: 3b84a0bc3fa2662bdd68d0296e99b619
SHA1: afe52c6947d9939170da7989612cef544115511a
SHA256: 8acab5ef6e4f332bbb331b3fcd24d716598770d13a47e7215aa5ee625d1fd9c9
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom groupid fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid jackson-core Low Vendor Manifest implementation-build-date 2020-11-29 00:56:07+0000 Low Vendor Manifest specification-vendor FasterXML Low Vendor pom url FasterXML/jackson-core Highest Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor pom parent-artifactid jackson-base Low Vendor jar package name core Highest Vendor jar package name base Highest Vendor jar package name json Highest Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor file name jackson-core High Vendor pom groupid com.fasterxml.jackson.core Highest Vendor jar package name fasterxml Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor jar package name jackson Highest Product pom groupid fasterxml.jackson.core Highest Product pom name Jackson-core High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom parent-artifactid jackson-base Medium Product Manifest implementation-build-date 2020-11-29 00:56:07+0000 Low Product Manifest Implementation-Title Jackson-core High Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest build-jdk-spec 1.8 Low Product jar package name version Highest Product pom artifactid jackson-core Highest Product jar package name core Highest Product jar package name json Highest Product jar package name base Highest Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest specification-title Jackson-core Medium Product pom parent-groupid com.fasterxml.jackson Medium Product file name jackson-core High Product jar package name fasterxml Highest Product jar package name filter Highest Product pom url FasterXML/jackson-core High Product jar package name jackson Highest Product Manifest Bundle-Name Jackson-core Medium Version pom version 2.12.0 Highest Version Manifest Bundle-Version 2.12.0 High Version file version 2.12.0 High Version Manifest Implementation-Version 2.12.0 High
jackson-coreutils-1.6.jarDescription:
null License:
Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/jenkins/.mvnrepository/com/github/fge/jackson-coreutils/1.6/jackson-coreutils-1.6.jar
MD5: 26a6b351813e2895cba18e0ee4abe5b7
SHA1: 9e6af56eb7cc2a65700b289abc7ee2bd170fd231
SHA256: d84b416924fb061a26c48a5c90e98cf4d4e718179eb1df702aa8f1021163eed6
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name fge Highest Vendor pom name null High Vendor jar package name github Highest Vendor pom groupid com.github.fge Highest Vendor pom artifactid jackson-coreutils Low Vendor pom url fge/jackson-coreutils Highest Vendor Manifest bundle-symbolicname com.github.fge.jackson-coreutils Medium Vendor file name jackson-coreutils High Vendor jar package name jackson Highest Vendor pom groupid github.fge Highest Product Manifest Bundle-Name jackson-coreutils Medium Product jar package name fge Highest Product pom name null High Product jar package name github Highest Product pom url fge/jackson-coreutils High Product pom artifactid jackson-coreutils Highest Product Manifest bundle-symbolicname com.github.fge.jackson-coreutils Medium Product file name jackson-coreutils High Product jar package name jackson Highest Product pom groupid github.fge Highest Version file version 1.6 High Version pom version 1.6 Highest Version Manifest Bundle-Version 1.6 High
jackson-databind-2.12.0.jarDescription:
General data-binding functionality for Jackson: works on core streaming API License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar
MD5: 577d6c6a6154dd324b1058fc7791830c
SHA1: ea6945874602654e5b265a570547ceb3423168be
SHA256: 75d470eda0dd559e43f2ad08209fa09ecd268833492ba93fa46f6f3607acbab7
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom groupid fasterxml.jackson.core Highest Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest specification-vendor FasterXML Low Vendor file name jackson-databind High Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor pom parent-artifactid jackson-base Low Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom artifactid jackson-databind Low Vendor jar package name databind Highest Vendor pom name jackson-databind High Vendor pom groupid com.fasterxml.jackson.core Highest Vendor jar package name fasterxml Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest implementation-build-date 2020-11-29 01:16:17+0000 Low Vendor jar package name jackson Highest Vendor pom url http://github.com/FasterXML/jackson Highest Product pom artifactid jackson-databind Highest Product pom groupid fasterxml.jackson.core Highest Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product pom parent-artifactid jackson-base Medium Product Manifest Implementation-Title jackson-databind High Product Manifest specification-title jackson-databind Medium Product file name jackson-databind High Product pom url http://github.com/FasterXML/jackson Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom parent-groupid com.fasterxml.jackson Medium Product jar package name databind Highest Product pom name jackson-databind High Product jar package name fasterxml Highest Product Manifest Bundle-Name jackson-databind Medium Product Manifest implementation-build-date 2020-11-29 01:16:17+0000 Low Product jar package name jackson Highest Version pom version 2.12.0 Highest Version Manifest Bundle-Version 2.12.0 High Version file version 2.12.0 High Version Manifest Implementation-Version 2.12.0 High
jackson-dataformat-yaml-2.12.0.jarDescription:
Support for reading and writing YAML-encoded data via Jackson abstractions.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.12.0/jackson-dataformat-yaml-2.12.0.jar
MD5: f59a38149e56494c78f3c54641fc7fba
SHA1: 81abad4675f31e55b0c5144c8fe72e9a55a18809
SHA256: b7b3b50d3de97b2836a3e97a45adf2e67ed630720ad415bfbbd6a830a6013a55
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-dataformats-text Low Vendor jar package name yaml Highest Vendor pom groupid com.fasterxml.jackson.dataformat Highest Vendor Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-yaml Medium Vendor file name jackson-dataformat-yaml High Vendor Manifest specification-vendor FasterXML Low Vendor Manifest implementation-build-date 2020-11-29 02:59:31+0000 Low Vendor pom parent-groupid com.fasterxml.jackson.dataformat Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom url FasterXML/jackson-dataformats-text Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom groupid fasterxml.jackson.dataformat Highest Vendor jar package name fasterxml Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor pom name Jackson-dataformat-YAML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.dataformat Medium Vendor pom artifactid jackson-dataformat-yaml Low Vendor pom parent-artifactid jackson-dataformats-text Low Vendor jar package name jackson Highest Vendor jar package name dataformat Highest Product Manifest bundle-docurl https://github.com/FasterXML/jackson-dataformats-text Low Product jar package name yaml Highest Product Manifest Bundle-Name Jackson-dataformat-YAML Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-yaml Medium Product Manifest specification-title Jackson-dataformat-YAML Medium Product file name jackson-dataformat-yaml High Product Manifest implementation-build-date 2020-11-29 02:59:31+0000 Low Product pom parent-groupid com.fasterxml.jackson.dataformat Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Jackson-dataformat-YAML High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom parent-artifactid jackson-dataformats-text Medium Product pom groupid fasterxml.jackson.dataformat Highest Product jar package name fasterxml Highest Product pom name Jackson-dataformat-YAML High Product pom url FasterXML/jackson-dataformats-text High Product pom artifactid jackson-dataformat-yaml Highest Product jar package name jackson Highest Product jar package name dataformat Highest Version pom version 2.12.0 Highest Version Manifest Bundle-Version 2.12.0 High Version file version 2.12.0 High Version Manifest Implementation-Version 2.12.0 High
jackson-datatype-jdk8-2.12.0.jarDescription:
Add-on module for Jackson (http://jackson.codehaus.org) to support
JDK 8 data types.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/datatype/jackson-datatype-jdk8/2.12.0/jackson-datatype-jdk8-2.12.0.jar
MD5: 62ba3e075c99281089a467014a3b880a
SHA1: 9d8a9a6dc82d4c6ff2ffac5ae2de8c2d796779ca
SHA256: 85415e0b6ab116dcc7b394abe50a315997e514d3e2f9c17a15be41db1b503816
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid jackson-modules-java8 Low Vendor Manifest implementation-build-date 2020-11-29 01:33:30+0000 Low Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.datatype Medium Vendor Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-jdk8 Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom groupid com.fasterxml.jackson.datatype Highest Vendor jar package name jdk8 Highest Vendor pom artifactid jackson-datatype-jdk8 Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8 Low Vendor jar package name datatype Highest Vendor pom groupid fasterxml.jackson.datatype Highest Vendor pom name Jackson datatype: jdk8 High Vendor jar package name fasterxml Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor pom parent-groupid com.fasterxml.jackson.module Medium Vendor file name jackson-datatype-jdk8 High Vendor jar package name jackson Highest Product Manifest implementation-build-date 2020-11-29 01:33:30+0000 Low Product Manifest Implementation-Title Jackson datatype: jdk8 High Product Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-jdk8 Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-artifactid jackson-modules-java8 Medium Product jar package name jdk8 Highest Product pom artifactid jackson-datatype-jdk8 Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8 Low Product Manifest Bundle-Name Jackson datatype: jdk8 Medium Product jar package name datatype Highest Product pom groupid fasterxml.jackson.datatype Highest Product pom name Jackson datatype: jdk8 High Product jar package name fasterxml Highest Product pom parent-groupid com.fasterxml.jackson.module Medium Product Manifest specification-title Jackson datatype: jdk8 Medium Product file name jackson-datatype-jdk8 High Product jar package name jackson Highest Version pom version 2.12.0 Highest Version Manifest Bundle-Version 2.12.0 High Version file version 2.12.0 High Version Manifest Implementation-Version 2.12.0 High
jackson-datatype-jsr310-2.12.0.jarDescription:
Add-on module to support JSR-310 (Java 8 Date & Time API) data types. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.12.0/jackson-datatype-jsr310-2.12.0.jar
MD5: c78d5e5114aee271f75289d8e85f9811
SHA1: d4f8bbe668a1a4e649fe0706253bad6f3a44e005
SHA256: 0e9b40b7b59a750437ca7272bf0070fb4e3430647454202ef6bc10c0406de185
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid jackson-modules-java8 Low Vendor Manifest implementation-build-date 2020-11-29 01:33:30+0000 Low Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.datatype Medium Vendor jar package name jsr310 Highest Vendor file name jackson-datatype-jsr310 High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom groupid com.fasterxml.jackson.datatype Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-jsr310 Medium Vendor pom name Jackson datatype: JSR310 High Vendor jar package name datatype Highest Vendor pom groupid fasterxml.jackson.datatype Highest Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310 Low Vendor pom artifactid jackson-datatype-jsr310 Low Vendor jar package name fasterxml Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor pom parent-groupid com.fasterxml.jackson.module Medium Vendor jar package name jackson Highest Product pom artifactid jackson-datatype-jsr310 Highest Product Manifest implementation-build-date 2020-11-29 01:33:30+0000 Low Product jar package name jsr310 Highest Product Manifest Implementation-Title Jackson datatype: JSR310 High Product file name jackson-datatype-jsr310 High Product Manifest specification-title Jackson datatype: JSR310 Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-artifactid jackson-modules-java8 Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-jsr310 Medium Product pom name Jackson datatype: JSR310 High Product jar package name datatype Highest Product pom groupid fasterxml.jackson.datatype Highest Product Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310 Low Product jar package name fasterxml Highest Product Manifest Bundle-Name Jackson datatype: JSR310 Medium Product pom parent-groupid com.fasterxml.jackson.module Medium Product jar package name jackson Highest Version pom version 2.12.0 Highest Version Manifest Bundle-Version 2.12.0 High Version file version 2.12.0 High Version Manifest Implementation-Version 2.12.0 High
jackson-jaxrs-base-2.12.0.jarDescription:
Pile of code that is shared by all Jackson-based JAX-RS
providers.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.12.0/jackson-jaxrs-base-2.12.0.jar
MD5: ee48bbd1440193b2f9c99e529fa1dd1d
SHA1: 948eca90387a2a1817224c060567cdfa32addea5
SHA256: 9f524c13234447cf4ccb2708dfb8337fb6bacb918307047ca7aa9f226d6e8e5f
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor file name jackson-jaxrs-base High Vendor pom groupid fasterxml.jackson.jaxrs Highest Vendor Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-base Medium Vendor Manifest specification-vendor FasterXML Low Vendor pom parent-groupid com.fasterxml.jackson.jaxrs Medium Vendor pom groupid com.fasterxml.jackson.jaxrs Highest Vendor Manifest implementation-build-date 2020-11-29 03:31:30+0000 Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest multi-release true Low Vendor pom artifactid jackson-jaxrs-base Low Vendor jar package name jaxrs Highest Vendor jar package name base Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom parent-artifactid jackson-jaxrs-providers Low Vendor jar package name fasterxml Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.jaxrs Medium Vendor jar package name jackson Highest Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base Low Vendor pom name Jackson-JAXRS-base High Product file name jackson-jaxrs-base High Product pom artifactid jackson-jaxrs-base Highest Product Manifest specification-title Jackson-JAXRS-base Medium Product jar package name 11 Highest Product pom groupid fasterxml.jackson.jaxrs Highest Product Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-base Medium Product Manifest Bundle-Name Jackson-JAXRS-base Medium Product Manifest Implementation-Title Jackson-JAXRS-base High Product pom parent-groupid com.fasterxml.jackson.jaxrs Medium Product pom parent-artifactid jackson-jaxrs-providers Medium Product Manifest implementation-build-date 2020-11-29 03:31:30+0000 Low Product Manifest build-jdk-spec 1.8 Low Product Manifest multi-release true Low Product jar package name jaxrs Highest Product jar package name base Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest bundle-docurl http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base Low Product pom name Jackson-JAXRS-base High Version pom version 2.12.0 Highest Version Manifest Bundle-Version 2.12.0 High Version file version 2.12.0 High Version Manifest Implementation-Version 2.12.0 High
jackson-jaxrs-json-provider-2.12.0.jarDescription:
Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0/jackson-jaxrs-json-provider-2.12.0.jar
MD5: acb353422ac6cb1aa387c07c387ed810
SHA1: 5d0bbbb238b2fa0b7797c9528942fc1b58b281e0
SHA256: 7bcf0f909304403ff08f2373a0a1ebe0a80d4db5d0e702ed388074a3887d23e1
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider Medium Vendor pom groupid fasterxml.jackson.jaxrs Highest Vendor Manifest specification-vendor FasterXML Low Vendor file name jackson-jaxrs-json-provider High Vendor pom parent-groupid com.fasterxml.jackson.jaxrs Medium Vendor pom groupid com.fasterxml.jackson.jaxrs Highest Vendor Manifest implementation-build-date 2020-11-29 03:31:30+0000 Low Vendor Manifest build-jdk-spec 1.8 Low Vendor pom name Jackson-JAXRS-JSON High Vendor Manifest multi-release true Low Vendor jar package name jaxrs Highest Vendor jar package name json Highest Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom parent-artifactid jackson-jaxrs-providers Low Vendor jar package name fasterxml Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor pom artifactid jackson-jaxrs-json-provider Low Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.jaxrs Medium Vendor jar package name jackson Highest Product jar package name 11 Highest Product Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider Medium Product pom groupid fasterxml.jackson.jaxrs Highest Product file name jackson-jaxrs-json-provider High Product pom parent-groupid com.fasterxml.jackson.jaxrs Medium Product pom parent-artifactid jackson-jaxrs-providers Medium Product Manifest implementation-build-date 2020-11-29 03:31:30+0000 Low Product Manifest build-jdk-spec 1.8 Low Product pom name Jackson-JAXRS-JSON High Product Manifest multi-release true Low Product jar package name jaxrs Highest Product jar package name json Highest Product Manifest bundle-docurl http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest Bundle-Name Jackson-JAXRS-JSON Medium Product jar package name fasterxml Highest Product Manifest specification-title Jackson-JAXRS-JSON Medium Product Manifest Implementation-Title Jackson-JAXRS-JSON High Product jar package name jackson Highest Product pom artifactid jackson-jaxrs-json-provider Highest Version pom version 2.12.0 Highest Version Manifest Bundle-Version 2.12.0 High Version file version 2.12.0 High Version Manifest Implementation-Version 2.12.0 High
jackson-module-jaxb-annotations-2.12.0.jarDescription:
Support for using JAXB annotations as an alternative to "native" Jackson annotations, for configuring
data-binding.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.12.0/jackson-module-jaxb-annotations-2.12.0.jar
MD5: 4426b65bf95ebddd205f7d2665b76256
SHA1: 0b660a3fde161ad68c996725951e2cec9cf04667
SHA256: e1d9dd87cc79811cd0d95e264e186b41c07a9d1c9ae1c572f313d520b98ef431
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom groupid fasterxml.jackson.module Highest Vendor file name jackson-module-jaxb-annotations High Vendor Manifest specification-vendor FasterXML Low Vendor pom url FasterXML/jackson-modules-base Highest Vendor pom groupid com.fasterxml.jackson.module Highest Vendor pom name Jackson module: JAXB Annotations High Vendor Manifest build-jdk-spec 1.8 Low Vendor pom parent-artifactid jackson-modules-base Low Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name module Highest Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.module Medium Vendor pom artifactid jackson-module-jaxb-annotations Low Vendor jar package name fasterxml Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor jar package name jaxb Highest Vendor pom parent-groupid com.fasterxml.jackson.module Medium Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-base Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-jaxb-annotations Medium Vendor Manifest implementation-build-date 2020-11-29 01:30:09+0000 Low Vendor jar package name jackson Highest Product pom groupid fasterxml.jackson.module Highest Product jar package name 11 Highest Product pom parent-artifactid jackson-modules-base Medium Product file name jackson-module-jaxb-annotations High Product Manifest Bundle-Name Jackson module: JAXB Annotations Medium Product pom name Jackson module: JAXB Annotations High Product Manifest build-jdk-spec 1.8 Low Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product jar package name module Highest Product jar package name fasterxml Highest Product jar package name jaxb Highest Product Manifest Implementation-Title Jackson module: JAXB Annotations High Product pom parent-groupid com.fasterxml.jackson.module Medium Product Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-base Low Product pom artifactid jackson-module-jaxb-annotations Highest Product pom url FasterXML/jackson-modules-base High Product Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-jaxb-annotations Medium Product Manifest specification-title Jackson module: JAXB Annotations Medium Product Manifest implementation-build-date 2020-11-29 01:30:09+0000 Low Product jar package name jackson Highest Version pom version 2.12.0 Highest Version Manifest Bundle-Version 2.12.0 High Version file version 2.12.0 High Version Manifest Implementation-Version 2.12.0 High
jackson-module-parameter-names-2.12.0.jarDescription:
Add-on module for Jackson (http://jackson.codehaus.org) to support
introspection of method/constructor parameter names, without having to add explicit property name annotation.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/module/jackson-module-parameter-names/2.12.0/jackson-module-parameter-names-2.12.0.jar
MD5: 0de9b6558503ef0e058598d536d32750
SHA1: 74c03facb49f7ccd0d5e0b5058f84ca66048ad5c
SHA256: 345379d4d98f9907fc634290e43532ef4121f6b6fdea428aefd2118ba0182894
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom groupid fasterxml.jackson.module Highest Vendor pom artifactid jackson-module-parameter-names Low Vendor pom parent-artifactid jackson-modules-java8 Low Vendor pom name Jackson-module-parameter-names High Vendor Manifest implementation-build-date 2020-11-29 01:33:30+0000 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom groupid com.fasterxml.jackson.module Highest Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-parameter-names Medium Vendor file name jackson-module-parameter-names High Vendor jar package name module Highest Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.module Medium Vendor jar package name fasterxml Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor pom parent-groupid com.fasterxml.jackson.module Medium Vendor jar package name jackson Highest Product pom groupid fasterxml.jackson.module Highest Product pom name Jackson-module-parameter-names High Product Manifest implementation-build-date 2020-11-29 01:33:30+0000 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-artifactid jackson-modules-java8 Medium Product Manifest Implementation-Title Jackson-module-parameter-names High Product Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names Low Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-parameter-names Medium Product Manifest specification-title Jackson-module-parameter-names Medium Product file name jackson-module-parameter-names High Product jar package name module Highest Product jar package name fasterxml Highest Product pom parent-groupid com.fasterxml.jackson.module Medium Product Manifest Bundle-Name Jackson-module-parameter-names Medium Product pom artifactid jackson-module-parameter-names Highest Product jar package name jackson Highest Version pom version 2.12.0 Highest Version Manifest Bundle-Version 2.12.0 High Version file version 2.12.0 High Version Manifest Implementation-Version 2.12.0 High
jakarta.activation-1.2.1.jarDescription:
JavaBeans Activation Framework License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/jenkins/.mvnrepository/com/sun/activation/jakarta.activation/1.2.1/jakarta.activation-1.2.1.jar
MD5: dc519b1f09bbaf9274ea5da358a00110
SHA1: 8013606426a73d8ba6b568370877251e91a38b89
SHA256: d84d4ba8b55cdb7fdcbb885e6939386367433f56f5ab8cfdc302a7c3587fa92b
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name sun Highest Vendor pom groupid sun.activation Highest Vendor pom groupid com.sun.activation Highest Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor pom parent-artifactid all Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor pom artifactid jakarta.activation Low Vendor Manifest extension-name jakarta.activation Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom name JavaBeans Activation Framework High Vendor Manifest automatic-module-name jakarta.activation Medium Vendor Manifest bundle-symbolicname com.sun.activation.jakarta.activation Medium Vendor jar (hint) package name oracle Highest Vendor file name jakarta.activation High Vendor jar package name activation Highest Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor pom parent-groupid com.sun.activation Medium Product jar package name sun Highest Product pom groupid sun.activation Highest Product pom artifactid jakarta.activation Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name JavaBeans Activation Framework Medium Product Manifest extension-name jakarta.activation Medium Product pom name JavaBeans Activation Framework High Product Manifest Implementation-Title javax.activation High Product Manifest specification-title JavaBeans(TM) Activation Framework Specification Medium Product Manifest automatic-module-name jakarta.activation Medium Product Manifest bundle-symbolicname com.sun.activation.jakarta.activation Medium Product jar package name javax Highest Product file name jakarta.activation High Product jar package name activation Highest Product pom parent-groupid com.sun.activation Medium Product pom parent-artifactid all Medium Version pom version 1.2.1 Highest Version Manifest Bundle-Version 1.2.1 High Version file version 1.2.1 High Version Manifest Implementation-Version 1.2.1 High
jakarta.activation-api-1.2.1.jarDescription:
JavaBeans Activation Framework API jar License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/jenkins/.mvnrepository/jakarta/activation/jakarta.activation-api/1.2.1/jakarta.activation-api-1.2.1.jar
MD5: 9b647398add993324d3d9e5effa6005a
SHA1: 562a587face36ec7eff2db7f2fc95425c6602bc1
SHA256: 8b0a0f52fa8b05c5431921a063ed866efaa41dadf2e3a7ee3e1961f2b0d9645b
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor pom parent-artifactid all Low Vendor file name jakarta.activation-api High Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest extension-name jakarta.activation Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor Manifest bundle-symbolicname jakarta.activation-api Medium Vendor pom name JavaBeans Activation Framework API jar High Vendor Manifest automatic-module-name jakarta.activation Medium Vendor pom artifactid jakarta.activation-api Low Vendor pom groupid jakarta.activation Highest Vendor jar package name activation Highest Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor pom parent-groupid com.sun.activation Medium Product file name jakarta.activation-api High Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest extension-name jakarta.activation Medium Product Manifest bundle-symbolicname jakarta.activation-api Medium Product pom name JavaBeans Activation Framework API jar High Product Manifest specification-title jakarta.activation.jakarta.activation-api Medium Product Manifest Implementation-Title jakarta.activation.jakarta.activation-api High Product Manifest automatic-module-name jakarta.activation Medium Product Manifest Bundle-Name JavaBeans Activation Framework API jar Medium Product jar package name activation Highest Product pom groupid jakarta.activation Highest Product pom parent-groupid com.sun.activation Medium Product pom artifactid jakarta.activation-api Highest Product pom parent-artifactid all Medium Version pom version 1.2.1 Highest Version Manifest Bundle-Version 1.2.1 High Version file version 1.2.1 High Version Manifest Implementation-Version 1.2.1 High
jakarta.annotation-api-1.3.5.jarDescription:
Jakarta Annotations API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/jenkins/.mvnrepository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256: 85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom name Jakarta Annotations API High Vendor pom groupid jakarta.annotation Highest Vendor pom parent-artifactid ca-parent Low Vendor jar package name annotation Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor Manifest automatic-module-name java.annotation Medium Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor file name jakarta.annotation-api High Vendor Manifest bundle-symbolicname jakarta.annotation-api Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.ca Highest Vendor Manifest extension-name jakarta.annotation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor pom artifactid jakarta.annotation-api Low Product pom name Jakarta Annotations API High Product pom groupid jakarta.annotation Highest Product jar package name annotation Highest Product pom parent-artifactid ca-parent Medium Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest automatic-module-name java.annotation Medium Product pom url https://projects.eclipse.org/projects/ee4j.ca Medium Product file name jakarta.annotation-api High Product Manifest bundle-symbolicname jakarta.annotation-api Medium Product Manifest Bundle-Name Jakarta Annotations API Medium Product pom artifactid jakarta.annotation-api Highest Product Manifest extension-name jakarta.annotation Medium Version Manifest Implementation-Version 1.3.5 High Version Manifest Bundle-Version 1.3.5 High Version pom version 1.3.5 Highest Version file version 1.3.5 High
jakarta.el-api-3.0.3.jarDescription:
Jakarta Expression Language defines an expression language for Java applications
License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/jenkins/.mvnrepository/jakarta/el/jakarta.el-api/3.0.3/jakarta.el-api-3.0.3.jar
MD5: 528ed6138395d22fb54912b2b889e88e
SHA1: f311ab94bb1d4380690a53d737226a6b879dd4f1
SHA256: 47ae0a91fb6dd32fdaa5d9bda63df043ac8148e00c297ccce8ab9c56b95cf261
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom groupid jakarta.el Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest extension-name javax.el Medium Vendor pom artifactid jakarta.el-api Low Vendor Manifest bundle-symbolicname javax.el-api Medium Vendor jar package name expression Highest Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.el Highest Vendor jar package name javax Highest Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom name Jakarta Expression Language 3.0 API High Vendor jar package name el Highest Vendor pom parent-artifactid project Low Vendor file name jakarta.el-api High Product pom parent-artifactid project Medium Product pom url https://projects.eclipse.org/projects/ee4j.el Medium Product pom artifactid jakarta.el-api Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest extension-name javax.el Medium Product pom groupid jakarta.el Highest Product jar package name expression Highest Product Manifest bundle-symbolicname javax.el-api Medium Product pom parent-groupid org.eclipse.ee4j Medium Product jar package name javax Highest Product Manifest Bundle-Name Jakarta Expression Language 3.0 API Medium Product pom name Jakarta Expression Language 3.0 API High Product jar package name el Highest Product file name jakarta.el-api High Version Manifest Implementation-Version 3.0.3 High Version pom parent-version 3.0.3 Low Version file version 3.0.3 High Version Manifest Bundle-Version 3.0.3 High Version pom version 3.0.3 Highest
jakarta.enterprise.cdi-api-2.0.2.jarDescription:
APIs for Jakarta CDI (Contexts and Dependency Injection) License:
Apache License 2.0: https://repository.jboss.org/licenses/apache-2.0.txt File Path: /home/jenkins/.mvnrepository/jakarta/enterprise/jakarta.enterprise.cdi-api/2.0.2/jakarta.enterprise.cdi-api-2.0.2.jar
MD5: ff8956b6aa6e32e6f9064597d9c9f1bd
SHA1: 58f497f362cd19c2f8842d75c491d270f0600e7f
SHA256: e71bbe0e4cacfce5b7d609021344d883531aa3e19321db17390f849fdb04a509
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor file name jakarta.enterprise.cdi-api High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest bundle-docurl https://jakarta.ee Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom organization url https://jakarta.ee Medium Vendor pom url http://cdi-spec.org Highest Vendor pom groupid jakarta.enterprise Highest Vendor jar package name enterprise Highest Vendor pom artifactid jakarta.enterprise.cdi-api Low Vendor Manifest bundle-symbolicname jakarta.enterprise.cdi-api Medium Vendor pom parent-artifactid project Low Vendor pom organization name Eclipse Foundation High Vendor pom name Jakarta CDI High Product Manifest Bundle-Name Jakarta CDI Medium Product pom parent-artifactid project Medium Product pom artifactid jakarta.enterprise.cdi-api Highest Product file name jakarta.enterprise.cdi-api High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest bundle-docurl https://jakarta.ee Low Product pom url http://cdi-spec.org Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom groupid jakarta.enterprise Highest Product pom organization name Eclipse Foundation Low Product pom organization url https://jakarta.ee Low Product jar package name enterprise Highest Product Manifest bundle-symbolicname jakarta.enterprise.cdi-api Medium Product pom name Jakarta CDI High Version pom version 2.0.2 Highest Version Manifest Bundle-Version 2.0.2 High Version file version 2.0.2 High Version pom parent-version 2.0.2 Low
jakarta.inject-api-1.0.jarDescription:
Jakarta Dependency Injection License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/jakarta/inject/jakarta.inject-api/1.0/jakarta.inject-api-1.0.jar
MD5: 2e07624f1dc24ee8f6cdd69b0aa99ba9
SHA1: 93164437046e06b4876e069b8e7a321a02f10a2d
SHA256: 3655ffdcdc058816632666a8bcbcf4bfd09751c6a77dedf70619f37294abb01f
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name javax Low Vendor jar package name inject Highest Vendor pom artifactid jakarta.inject-api Low Vendor file name jakarta.inject-api High Vendor pom groupid jakarta.inject Highest Vendor jar package name inject Low Vendor pom url eclipse-ee4j/injection-api Highest Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom name Jakarta Dependency Injection High Product jar package name inject Highest Product file name jakarta.inject-api High Product pom parent-artifactid project Medium Product pom artifactid jakarta.inject-api Highest Product pom groupid jakarta.inject Highest Product jar package name inject Low Product pom url eclipse-ee4j/injection-api High Product pom parent-groupid org.eclipse.ee4j Medium Product pom name Jakarta Dependency Injection High Version file version 1.0 High Version pom parent-version 1.0 Low Version pom version 1.0 Highest
jakarta.interceptor-api-1.2.5.jarDescription:
Jakarta Interceptors defines a means of interposing on business method invocations
and specific events—such as lifecycle events and timeout events—that occur on instances
of Jakarta EE components and other managed classes.
License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/jenkins/.mvnrepository/jakarta/interceptor/jakarta.interceptor-api/1.2.5/jakarta.interceptor-api-1.2.5.jar
MD5: 69ab3deaef95f1a6522e7e828694ab14
SHA1: 20cbde692c555692ca835fb6ecb4a8c95acbe6e0
SHA256: 210c4f0a5a8f387457d58afa3982b9abdd28f0a891e6289b329a6d8cf2210299
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom name Jakarta Interceptors High Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor file name jakarta.interceptor-api High Vendor pom url eclipse-ee4j/interceptor-api Highest Vendor Manifest bundle-symbolicname jakarta.interceptor-api Medium Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor pom groupid jakarta.interceptor Highest Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name interceptors Highest Vendor jar package name interceptor Highest Vendor Manifest extension-name javax.interceptor Medium Vendor jar package name javax Highest Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid jakarta.interceptor-api Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor pom parent-artifactid project Low Product pom parent-artifactid project Medium Product pom name Jakarta Interceptors High Product pom url eclipse-ee4j/interceptor-api High Product Manifest bundle-docurl https://www.eclipse.org Low Product file name jakarta.interceptor-api High Product Manifest bundle-symbolicname jakarta.interceptor-api Medium Product pom groupid jakarta.interceptor Highest Product pom parent-groupid org.eclipse.ee4j Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product jar package name interceptors Highest Product jar package name interceptor Highest Product Manifest extension-name javax.interceptor Medium Product jar package name javax Highest Product pom artifactid jakarta.interceptor-api Highest Product Manifest Bundle-Name Jakarta Interceptors Medium Version file version 1.2.5 High Version pom parent-version 1.2.5 Low Version Manifest Implementation-Version 1.2.5 High Version pom version 1.2.5 Highest Version Manifest Bundle-Version 1.2.5 High
jakarta.mail-1.6.5.jarDescription:
Jakarta Mail API License:
http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html, http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/jenkins/.mvnrepository/com/sun/mail/jakarta.mail/1.6.5/jakarta.mail-1.6.5.jar
MD5: 214c580ee5913b9c69926cec66919f64
SHA1: d08124137cf42397d00b71b5985fd1dc248ac07f
SHA256: f4b500a1dd9ffd03ed7d8b2062fa5fd10d5beca4c42611672764bf4365751b53
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name sun Highest Vendor Manifest specification-vendor Oracle Low Vendor jar package name mail Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor pom groupid com.sun.mail Highest Vendor jar package name provider Highest Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor pom parent-artifactid all Low Vendor pom parent-groupid com.sun.mail Medium Vendor Manifest (hint) specification-vendor sun Low Vendor pom artifactid jakarta.mail Low Vendor pom name Jakarta Mail API High Vendor Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest Implementation-Vendor Oracle High Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name jakarta.mail Medium Vendor Manifest extension-name jakarta.mail Medium Vendor Manifest bundle-symbolicname com.sun.mail.jakarta.mail Medium Vendor pom groupid sun.mail Highest Vendor file name jakarta.mail High Vendor Manifest (hint) Implementation-Vendor sun High Product jar package name sun Highest Product jar package name mail Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Implementation-Title javax.mail High Product jar package name provider Highest Product pom parent-groupid com.sun.mail Medium Product pom name Jakarta Mail API High Product Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Product Manifest build-jdk-spec 1.8 Low Product jar package name version Highest Product Manifest specification-title Jakarta Mail API Design Specification Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest automatic-module-name jakarta.mail Medium Product pom artifactid jakarta.mail Highest Product Manifest extension-name jakarta.mail Medium Product jar package name javax Highest Product Manifest bundle-symbolicname com.sun.mail.jakarta.mail Medium Product pom groupid sun.mail Highest Product file name jakarta.mail High Product Manifest Bundle-Name Jakarta Mail API Medium Product pom parent-artifactid all Medium Version file version 1.6.5 High Version pom version 1.6.5 Highest Version Manifest Bundle-Version 1.6.5 High Version Manifest Implementation-Version 1.6.5 High
jakarta.transaction-api-1.3.3.jarDescription:
Jakarta Transactions License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/jenkins/.mvnrepository/jakarta/transaction/jakarta.transaction-api/1.3.3/jakarta.transaction-api-1.3.3.jar
MD5: cc45726045cc9a0728f803f9db4c90c4
SHA1: c4179d48720a1e87202115fbed6089bdc4195405
SHA256: 0b02a194dd04ee2e192dc9da9579e10955dd6e8ac707adfc91d92f119b0e67ab
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname jakarta.transaction-api Medium Vendor pom organization name EE4J Community High Vendor jar package name transaction Highest Vendor pom groupid jakarta.transaction Highest Vendor Manifest bundle-docurl https://github.com/eclipse-ee4j Low Vendor Manifest Implementation-Vendor EE4J Community High Vendor Manifest extension-name javax.transaction Medium Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor file name jakarta.transaction-api High Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor Manifest automatic-module-name java.transaction Medium Vendor pom organization url eclipse-ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.jta Highest Vendor jar package name javax Highest Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom name ${extension.name} API High Vendor pom artifactid jakarta.transaction-api Low Vendor pom parent-artifactid project Low Product Manifest bundle-symbolicname jakarta.transaction-api Medium Product jar package name transaction Highest Product Manifest Bundle-Name javax.transaction API Medium Product pom groupid jakarta.transaction Highest Product pom parent-artifactid project Medium Product Manifest bundle-docurl https://github.com/eclipse-ee4j Low Product Manifest extension-name javax.transaction Medium Product file name jakarta.transaction-api High Product pom parent-groupid org.eclipse.ee4j Medium Product Manifest automatic-module-name java.transaction Medium Product jar package name javax Highest Product pom artifactid jakarta.transaction-api Highest Product pom name ${extension.name} API High Product pom url https://projects.eclipse.org/projects/ee4j.jta Medium Product pom url eclipse-ee4j High Product pom organization name EE4J Community Low Version pom version 1.3.3 Highest Version Manifest Bundle-Version 1.3.3 High Version Manifest Implementation-Version 1.3.3 High Version pom parent-version 1.3.3 Low Version file version 1.3.3 High
jakarta.validation-api-2.0.2.jarDescription:
Jakarta Bean Validation API
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/jakarta/validation/jakarta.validation-api/2.0.2/jakarta.validation-api-2.0.2.jar
MD5: 77501d529c1928c9bac2500cc9f93fb0
SHA1: 5eacc6522521f7eacb081f95cee1e231648461e7
SHA256: b42d42428f3d922c892a909fa043287d577c0c5b165ad9b7d568cebf87fc9ea4
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor file name jakarta.validation-api High Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom groupid jakarta.validation Highest Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor Manifest bundle-symbolicname jakarta.validation.jakarta.validation-api Medium Vendor jar package name validation Highest Vendor pom artifactid jakarta.validation-api Low Vendor Manifest automatic-module-name java.validation Medium Vendor pom url https://beanvalidation.org Highest Vendor pom name Jakarta Bean Validation API High Vendor pom parent-artifactid project Low Product pom artifactid jakarta.validation-api Highest Product file name jakarta.validation-api High Product pom parent-artifactid project Medium Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom groupid jakarta.validation Highest Product pom parent-groupid org.eclipse.ee4j Medium Product Manifest bundle-symbolicname jakarta.validation.jakarta.validation-api Medium Product Manifest Bundle-Name Jakarta Bean Validation API Medium Product jar package name validation Highest Product Manifest automatic-module-name java.validation Medium Product pom url https://beanvalidation.org Medium Product pom name Jakarta Bean Validation API High Version pom version 2.0.2 Highest Version Manifest Bundle-Version 2.0.2 High Version file version 2.0.2 High Version pom parent-version 2.0.2 Low
javax.servlet-api-3.0.1.jarDescription:
Java.net - The Source for Java Technology Collaboration License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/jenkins/.mvnrepository/javax/servlet/javax.servlet-api/3.0.1/javax.servlet-api-3.0.1.jar
MD5: 3ef236ac4c24850cd54abff60be25f35
SHA1: 6bf0ebb7efd993e222fc1112377b5e92a13b38dd
SHA256: 377d8bde87ac6bc7f83f27df8e02456d5870bb78c832dac656ceacc28b016e56
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor file name javax.servlet-api High Vendor Manifest specification-vendor Oracle Low Vendor Manifest Implementation-Vendor GlassFish Community High Vendor pom parent-groupid net.java Medium Vendor pom groupid javax.servlet Highest Vendor jar package name servlet Highest Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor pom url http://servlet-spec.java.net Highest Vendor pom organization name GlassFish Community High Vendor Manifest (hint) specification-vendor sun Low Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor pom parent-artifactid jvnet-parent Low Vendor jar package name javax Highest Vendor pom artifactid javax.servlet-api Low Vendor Manifest extension-name javax.servlet Medium Vendor pom organization url https://glassfish.dev.java.net Medium Vendor pom name Java Servlet API High Vendor Manifest bundle-symbolicname javax.servlet-api Medium Product file name javax.servlet-api High Product pom parent-groupid net.java Medium Product pom artifactid javax.servlet-api Highest Product pom groupid javax.servlet Highest Product pom organization name GlassFish Community Low Product jar package name servlet Highest Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product pom organization url https://glassfish.dev.java.net Low Product pom url http://servlet-spec.java.net Medium Product Manifest Bundle-Name Java Servlet API Medium Product jar package name javax Highest Product Manifest extension-name javax.servlet Medium Product Manifest specification-title Java(TM) Servlet API Design Specification Medium Product pom name Java Servlet API High Product pom parent-artifactid jvnet-parent Medium Product Manifest bundle-symbolicname javax.servlet-api Medium Version Manifest Implementation-Version 3.0.1 High Version pom parent-version 3.0.1 Low Version file version 3.0.1 High Version pom version 3.0.1 Highest Version Manifest Bundle-Version 3.0.1 High
jaxb-runtime-2.3.3-b01.jarDescription:
JAXB (JSR 222) Reference Implementation File Path: /home/jenkins/.mvnrepository/org/glassfish/jaxb/jaxb-runtime/2.3.3-b01/jaxb-runtime-2.3.3-b01.jarMD5: f1d96ef7cbe6d52929f4e4a4036c1d05SHA1: 4caeecc729d73a2ee354e11c3c94d5ca10d4a8aeSHA256: 3cd95396cea903c1201dc9baa655e6b98a2e5c73425942818367448a7ecbb118Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name sun Highest Vendor pom groupid glassfish.jaxb Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest git-revision 7d3cd30 Low Vendor pom artifactid jaxb-runtime Low Vendor pom name JAXB Runtime High Vendor pom parent-groupid com.sun.xml.bind.mvn Medium Vendor jar (hint) package name oracle Highest Vendor jar package name xml Highest Vendor Manifest Implementation-Vendor-Id org.eclipse Medium Vendor pom groupid org.glassfish.jaxb Highest Vendor pom parent-artifactid jaxb-runtime-parent Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor jar package name bind Highest Vendor file name jaxb-runtime High Product pom artifactid jaxb-runtime Highest Product jar package name sun Highest Product pom groupid glassfish.jaxb Highest Product Manifest specification-title Jakarta XML Binding Medium Product Manifest build-jdk-spec 11 Low Product Manifest git-revision 7d3cd30 Low Product pom name JAXB Runtime High Product Manifest Implementation-Title Jakarta XML Binding Implementation High Product pom parent-groupid com.sun.xml.bind.mvn Medium Product pom parent-artifactid jaxb-runtime-parent Medium Product jar package name xml Highest Product jar package name bind Highest Product file name jaxb-runtime High Version pom version 2.3.3-b01 Highest Version Manifest Implementation-Version 2.3.3-b01 High Version Manifest build-id 2.3.3-b01 Medium
jaxp-api-1.4.jarFile Path: /home/jenkins/.mvnrepository/javax/xml/parsers/jaxp-api/1.4/jaxp-api-1.4.jarMD5: 0750e02841d6410dea4b2566b3168234SHA1: de89f04bd13f5b24ce02b505a976d549335e4eccSHA256: 9a45fed764520cd61adb7e47b2c4057f3398f51fca2351b53df1dea1d29a00f0Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid jaxp-api Low Vendor file name jaxp-api High Vendor jar package name parsers Highest Vendor jar package name xml Highest Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest implementation-url http://java.sun.com/xml/jaxp Low Vendor jar package name javax Highest Vendor pom groupid javax.xml.parsers Highest Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High Product file name jaxp-api High Product Manifest specification-title JSR 206 Java(TM) API for XML Processing 1.4 Medium Product Manifest Implementation-Title JSR 206 Java(TM) API for XML Processing 1.4 High Product jar package name parsers Highest Product jar package name xml Highest Product Manifest implementation-url http://java.sun.com/xml/jaxp Low Product jar package name javax Highest Product pom artifactid jaxp-api Highest Product pom groupid javax.xml.parsers Highest Version pom version 1.4 Highest Version file version 1.4 High
jaxp-ri-1.4.jarFile Path: /home/jenkins/.mvnrepository/com/sun/org/apache/jaxp-ri/1.4/jaxp-ri-1.4.jarMD5: 01b055250b26cf524695526ef9c5a668SHA1: 30525b6b3083c9fc2cdb35ab9f874a796203a942SHA256: 1815fc4d6f3af68f8342d76de57e268ef53adb27c10a2acd443e7c5def5d881eReferenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom groupid sun.org.apache Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor jar package name org Highest Vendor jar package name apache Highest Vendor pom groupid com.sun.org.apache Highest Vendor file name jaxp-ri High Vendor Manifest specification-vendor Sun Microsystems Inc. Low Vendor pom artifactid jaxp-ri Low Product pom artifactid jaxp-ri Highest Product pom groupid sun.org.apache Highest Product jar package name sun Highest Product jar package name xml Highest Product jar package name org Highest Product jar package name apache Highest Product Manifest specification-title Java API for XML Processing Medium Product file name jaxp-ri High Version pom version 1.4 Highest Version Manifest specification-version 1.4 High Version file version 1.4 High
jboss-jaxb-api_2.3_spec-2.0.0.Final.jarDescription:
Jakarta XML Binding API 2.3 Design Specification License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/jenkins/.mvnrepository/org/jboss/spec/javax/xml/bind/jboss-jaxb-api_2.3_spec/2.0.0.Final/jboss-jaxb-api_2.3_spec-2.0.0.Final.jar
MD5: 3f3c17761bb0bc98b82b3cfb9311660b
SHA1: 1d2b5404a556a4aeddde8a9676cec8ee01b4e0a0
SHA256: f73f5832acef810d4d72da3b04378b6a70b72e955fdb0315591f0115c3ee701b
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest implementation-build-id UNKNOWN-646c629bd4653190d875ca5f0424f5383f75bce3, 1568202678119 Low Vendor pom artifactid jboss-jaxb-api_2.3_spec Low Vendor Manifest bundle-symbolicname org.jboss.spec.javax.xml.bind.jboss-jaxb-api_2.3_spec Medium Vendor pom parent-groupid org.jboss.spec.javax.xml.bind Medium Vendor pom name Jakarta XML Binding API High Vendor hint analyzer vendor redhat Highest Vendor Manifest extension-name jakarta.xml.bind Medium Vendor Manifest Implementation-Vendor-Id org.jboss.spec.javax.xml.bind Medium Vendor Manifest originally-created-by 1.8.0_152 (Oracle Corporation) Low Vendor file name jboss-jaxb-api_2.3_spec-2.0.0.Final High Vendor jar package name xml Highest Vendor pom groupid org.jboss.spec.javax.xml.bind Highest Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest automatic-module-name java.xml.bind Medium Vendor jar package name bind Highest Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest os-arch amd64 Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest multi-release true Low Vendor jar package name javax Highest Vendor Manifest specification-vendor Oracle Corporation Low Vendor jar package name jaxb Highest Vendor pom groupid jboss.spec.javax.xml.bind Highest Vendor Manifest os-name Linux Medium Vendor pom parent-artifactid jboss-jaxb-api_2.3_spec-parent Low Vendor Manifest implementation-url https://github.com/eclipse-ee4j/jaxb-api/jboss-jaxb-api_2.3_spec Low Product Manifest implementation-build-id UNKNOWN-646c629bd4653190d875ca5f0424f5383f75bce3, 1568202678119 Low Product pom parent-artifactid jboss-jaxb-api_2.3_spec-parent Medium Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest os-arch amd64 Low Product Manifest bundle-symbolicname org.jboss.spec.javax.xml.bind.jboss-jaxb-api_2.3_spec Medium Product pom parent-groupid org.jboss.spec.javax.xml.bind Medium Product pom name Jakarta XML Binding API High Product Manifest extension-name jakarta.xml.bind Medium Product pom artifactid jboss-jaxb-api_2.3_spec Highest Product Manifest multi-release true Low Product Manifest Bundle-Name Jakarta XML Binding API Medium Product Manifest originally-created-by 1.8.0_152 (Oracle Corporation) Low Product file name jboss-jaxb-api_2.3_spec-2.0.0.Final High Product jar package name xml Highest Product jar package name javax Highest Product jar package name jaxb Highest Product Manifest specification-title Jakarta XML Binding API Medium Product Manifest automatic-module-name java.xml.bind Medium Product pom groupid jboss.spec.javax.xml.bind Highest Product jar package name bind Highest Product Manifest os-name Linux Medium Product Manifest Implementation-Title Jakarta XML Binding API High Product Manifest implementation-url https://github.com/eclipse-ee4j/jaxb-api/jboss-jaxb-api_2.3_spec Low Version Manifest Bundle-Version 2.0.0.Final High Version pom version 2.0.0.Final Highest
jboss-jaxrs-api_2.1_spec-2.0.1.Final.jarDescription:
Jakarta API for RESTful Web Services License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/jenkins/.mvnrepository/org/jboss/spec/javax/ws/rs/jboss-jaxrs-api_2.1_spec/2.0.1.Final/jboss-jaxrs-api_2.1_spec-2.0.1.Final.jar
MD5: 35b4d1b6b5f70f01c108c6b2349e4635
SHA1: 75cdeb26ccf87bc6f9d0f31b5ec4d80aa15b662c
SHA256: 3518db0a3980aacfdae916f0eb081d0fcefaa2076d2ba603edc779a601d2d1a4
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.jboss Medium Vendor pom artifactid jboss-jaxrs-api_2.1_spec Low Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor Manifest bundle-symbolicname org.jboss.spec.javax.ws.rs.jboss-jaxrs-api_2.1_spec Medium Vendor pom groupid org.jboss.spec.javax.ws.rs Highest Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor pom name jboss-jakarta-jaxrs-api_spec High Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor jar package name rs Highest Vendor Manifest extension-name javax.ws.rs Medium Vendor Manifest os-arch amd64 Low Vendor Manifest automatic-module-name java.ws.rs Medium Vendor Manifest Implementation-Vendor-Id org.jboss.spec.javax.ws.rs Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest implementation-url http://www.jboss.org/jboss-jaxrs-api_2.1_spec Low Vendor file name jboss-jaxrs-api_2.1_spec-2.0.1.Final High Vendor hint analyzer vendor web services Medium Vendor jar package name javax Highest Vendor pom groupid jboss.spec.javax.ws.rs Highest Vendor jar package name ws Highest Vendor Manifest os-name Linux Medium Vendor pom parent-artifactid jboss-parent Low Product Manifest bundle-docurl http://www.jboss.org Low Product pom artifactid jboss-jaxrs-api_2.1_spec Highest Product jar package name rs Highest Product Manifest extension-name javax.ws.rs Medium Product Manifest os-arch amd64 Low Product pom parent-groupid org.jboss Medium Product Manifest automatic-module-name java.ws.rs Medium Product Manifest Implementation-Title jboss-jakarta-jaxrs-api_spec High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product hint analyzer product web services Medium Product Manifest specification-title jboss-jakarta-jaxrs-api_spec Medium Product Manifest implementation-url http://www.jboss.org/jboss-jaxrs-api_2.1_spec Low Product file name jboss-jaxrs-api_2.1_spec-2.0.1.Final High Product Manifest bundle-symbolicname org.jboss.spec.javax.ws.rs.jboss-jaxrs-api_2.1_spec Medium Product pom parent-artifactid jboss-parent Medium Product jar package name javax Highest Product Manifest Bundle-Name jboss-jakarta-jaxrs-api_spec Medium Product pom groupid jboss.spec.javax.ws.rs Highest Product jar package name ws Highest Product Manifest os-name Linux Medium Product pom name jboss-jakarta-jaxrs-api_spec High Version pom parent-version 2.0.1.Final Low Version pom version 2.0.1.Final Highest Version Manifest Bundle-Version 2.0.1.Final High Version Manifest Implementation-Version 2.0.1.Final High
jboss-logging-3.3.2.Final.jarDescription:
The JBoss Logging Framework License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/org/jboss/logging/jboss-logging/3.3.2.Final/jboss-logging-3.3.2.Final.jar
MD5: c397132f958d7e8ac0d566b6723ca7ca
SHA1: 3789d00e859632e6c6206adc0c71625559e6e3b0
SHA256: cb914bfe888da7d9162e965ac8b0d6f28f2f32eca944a00fbbf6dd3cf1aacc13
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name logging Highest Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor pom groupid org.jboss.logging Highest Vendor Manifest Implementation-Vendor-Id org.jboss.logging Medium Vendor Manifest build-timestamp Wed, 14 Feb 2018 13:23:27 -0800 Low Vendor Manifest os-arch amd64 Low Vendor pom parent-groupid org.jboss Medium Vendor file name jboss-logging High Vendor jar package name jboss Highest Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor Manifest java-vendor Sun Microsystems Inc. Medium Vendor pom groupid jboss.logging Highest Vendor pom name JBoss Logging 3 High Vendor Manifest automatic-module-name org.jboss.logging Medium Vendor Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Vendor Manifest implementation-url http://www.jboss.org Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor pom artifactid jboss-logging Low Vendor Manifest os-name Linux Medium Vendor pom parent-artifactid jboss-parent Low Vendor pom url http://www.jboss.org Highest Product Manifest Implementation-Title JBoss Logging 3 High Product jar package name logging Highest Product Manifest specification-title JBoss Logging 3 Medium Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Bundle-Name JBoss Logging 3 Medium Product Manifest build-timestamp Wed, 14 Feb 2018 13:23:27 -0800 Low Product Manifest os-arch amd64 Low Product pom parent-groupid org.jboss Medium Product pom url http://www.jboss.org Medium Product file name jboss-logging High Product jar package name jboss Highest Product pom groupid jboss.logging Highest Product pom name JBoss Logging 3 High Product pom parent-artifactid jboss-parent Medium Product Manifest automatic-module-name org.jboss.logging Medium Product Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Product Manifest implementation-url http://www.jboss.org Low Product Manifest os-name Linux Medium Product pom artifactid jboss-logging Highest Version Manifest Implementation-Version 3.3.2.Final High Version Manifest Bundle-Version 3.3.2.Final High Version pom version 3.3.2.Final Highest Version pom parent-version 3.3.2.Final Low
jboss-logging-annotations-2.1.0.Final.jarLicense:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/org/jboss/logging/jboss-logging-annotations/2.1.0.Final/jboss-logging-annotations-2.1.0.Final.jar
MD5: 18d33dad7c30aaf31be36013e4a4022d
SHA1: 58c69c8dd206d92d8bcb1d602ebec0b0f235d341
SHA256: b212f95613ad416ab2e75f2bb125f93f576cba95ec9b90aaf9a05e082a786a98
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name logging Highest Vendor pom groupid org.jboss.logging Highest Vendor Manifest Implementation-Vendor-Id org.jboss.logging Medium Vendor Manifest os-arch amd64 Low Vendor Manifest implementation-url http://www.jboss.org/jboss-logging-tools-parent/jboss-logging-annotations Low Vendor jar package name jboss Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor jar package name annotations Highest Vendor hint analyzer vendor redhat Highest Vendor file name jboss-logging-annotations High Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.logging Highest Vendor pom name JBoss Logging I18n Annotations High Vendor pom parent-artifactid jboss-logging-tools-parent Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor pom artifactid jboss-logging-annotations Low Vendor pom parent-groupid org.jboss.logging Medium Vendor Manifest os-name Linux Medium Product Manifest specification-title JBoss Logging I18n Annotations Medium Product jar package name logging Highest Product Manifest os-arch amd64 Low Product Manifest implementation-url http://www.jboss.org/jboss-logging-tools-parent/jboss-logging-annotations Low Product jar package name jboss Highest Product jar package name annotations Highest Product pom parent-artifactid jboss-logging-tools-parent Medium Product file name jboss-logging-annotations High Product pom groupid jboss.logging Highest Product pom name JBoss Logging I18n Annotations High Product pom artifactid jboss-logging-annotations Highest Product pom parent-groupid org.jboss.logging Medium Product Manifest os-name Linux Medium Product Manifest Implementation-Title JBoss Logging I18n Annotations High Version pom version 2.1.0.Final Highest Version Manifest Implementation-Version 2.1.0.Final High
jboss-logmanager-embedded-1.0.4.jarDescription:
An implementation of java.util.logging.LogManager License:
Apache License 2.0: http://repository.jboss.org/licenses/apache-2.0.txt File Path: /home/jenkins/.mvnrepository/org/jboss/logmanager/jboss-logmanager-embedded/1.0.4/jboss-logmanager-embedded-1.0.4.jar
MD5: a7c56e375b02b9215f67f3b1817daef4
SHA1: 95cec2b1be8941b6c00d09f509cca59cf2a606bc
SHA256: 3fbd749c53a1d028e49803378c5c6e408eef497891ec220fb7e98526efad8d8b
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.jboss.logmanager Highest Vendor jar package name org Highest Vendor Manifest implementation-url http://www.jboss.org/jboss-logmanager-embedded Low Vendor Manifest os-arch amd64 Low Vendor pom parent-groupid org.jboss Medium Vendor jar package name logmanager Highest Vendor pom groupid jboss.logmanager Highest Vendor jar package name jboss Highest Vendor pom name JBoss Log Manager (Embedded) High Vendor Manifest java-vendor Oracle Corporation Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid jboss-logmanager-embedded Low Vendor Manifest multi-release true Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest Implementation-Vendor-Id org.jboss.logmanager Medium Vendor Manifest os-name Linux Medium Vendor file name jboss-logmanager-embedded High Vendor pom parent-artifactid jboss-parent-mr-jar Low Product Manifest specification-title JBoss Log Manager (Embedded) Medium Product Manifest implementation-url http://www.jboss.org/jboss-logmanager-embedded Low Product jar package name org Highest Product Manifest os-arch amd64 Low Product pom parent-groupid org.jboss Medium Product pom artifactid jboss-logmanager-embedded Highest Product Manifest Implementation-Title JBoss Log Manager (Embedded) High Product jar package name logmanager Highest Product pom groupid jboss.logmanager Highest Product jar package name jboss Highest Product pom name JBoss Log Manager (Embedded) High Product Manifest multi-release true Low Product pom parent-artifactid jboss-parent-mr-jar Medium Product Manifest os-name Linux Medium Product file name jboss-logmanager-embedded High Version pom version 1.0.4 Highest Version Manifest Implementation-Version 1.0.4 High Version pom parent-version 1.0.4 Low Version file version 1.0.4 High
jboss-threads-3.0.0.Final.jarLicense:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/org/jboss/threads/jboss-threads/3.0.0.Final/jboss-threads-3.0.0.Final.jar
MD5: 12d52b8b53ebd5c1d1b4cbd56d05a4ec
SHA1: 41849f5b8a43ac45835cb302ea91e34b299bd0fe
SHA256: 9c4d89e412ca771222ff4fff93f2428eaa1f7296f70988537fc09968f7f61776
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest java-vendor AdoptOpenJDK Medium Vendor pom groupid jboss.threads Highest Vendor jar package name org Highest Vendor pom name JBoss Threads High Vendor Manifest os-arch amd64 Low Vendor pom parent-groupid org.jboss Medium Vendor file name jboss-threads High Vendor jar package name jboss Highest Vendor Manifest Implementation-Vendor-Id org.jboss.threads Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor Manifest multi-release true Low Vendor jar package name threads Highest Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest implementation-url http://www.jboss.org/jboss-threads Low Vendor pom groupid org.jboss.threads Highest Vendor pom artifactid jboss-threads Low Vendor Manifest os-name Linux Medium Vendor pom parent-artifactid jboss-parent Low Product pom groupid jboss.threads Highest Product jar package name org Highest Product pom name JBoss Threads High Product pom artifactid jboss-threads Highest Product Manifest os-arch amd64 Low Product pom parent-groupid org.jboss Medium Product file name jboss-threads High Product jar package name jboss Highest Product Manifest multi-release true Low Product jar package name threads Highest Product pom parent-artifactid jboss-parent Medium Product Manifest Implementation-Title JBoss Threads High Product Manifest implementation-url http://www.jboss.org/jboss-threads Low Product Manifest specification-title JBoss Threads Medium Product Manifest os-name Linux Medium Version Manifest Implementation-Version 3.0.0.Final High Version pom version 3.0.0.Final Highest Version pom parent-version 3.0.0.Final Low
jcip-annotations-1.0-1.jarDescription:
A clean room implementation of the JCIP Annotations based entirely on the specification provided by the javadocs.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/com/github/stephenc/jcip/jcip-annotations/1.0-1/jcip-annotations-1.0-1.jar
MD5: d62dbfa8789378457ada685e2f614846
SHA1: ef31541dd28ae2cefdd17c7ebf352d93e9058c63
SHA256: 4fccff8382aafc589962c4edb262f6aa595e34f1e11e61057d1c6a96e8fc7323
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name jcip Highest Vendor pom name JCIP Annotations under Apache License High Vendor jar package name net Low Vendor pom url http://stephenc.github.com/jcip-annotations Highest Vendor pom artifactid jcip-annotations Low Vendor pom groupid com.github.stephenc.jcip Highest Vendor file name jcip-annotations High Vendor jar package name annotations Low Vendor jar package name annotations Highest Vendor jar package name jcip Low Vendor pom groupid github.stephenc.jcip Highest Product jar package name jcip Highest Product pom name JCIP Annotations under Apache License High Product pom url http://stephenc.github.com/jcip-annotations Medium Product file name jcip-annotations High Product jar package name annotations Low Product pom artifactid jcip-annotations Highest Product jar package name annotations Highest Product jar package name jcip Low Product pom groupid github.stephenc.jcip Highest Version pom version 1.0-1 Highest
json-patch-1.9.jarDescription:
JSON Patch (RFC 6902) and JSON Merge Patch (RFC 7386) implementation in Java License:
Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/jenkins/.mvnrepository/com/github/fge/json-patch/1.9/json-patch-1.9.jar
MD5: 9df773c8904f39b05b6a8a6848804c96
SHA1: 0a4c3c97a0f5965dec15795acf40d3fbc897af4b
SHA256: 2d6acbda3675e6f25b7b4ab338317006865a8416a69c2b5e1cfa8b8209fc10a1
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name fge Highest Vendor Manifest bundle-symbolicname com.github.fge.json-patch Medium Vendor jar package name github Highest Vendor pom groupid com.github.fge Highest Vendor pom name json-patch High Vendor pom url fge/json-patch Highest Vendor pom artifactid json-patch Low Vendor pom groupid github.fge Highest Vendor file name json-patch High Product jar package name fge Highest Product pom artifactid json-patch Highest Product Manifest bundle-symbolicname com.github.fge.json-patch Medium Product Manifest Bundle-Name json-patch Medium Product jar package name github Highest Product pom name json-patch High Product pom url fge/json-patch High Product pom groupid github.fge Highest Product file name json-patch High Version pom version 1.9 Highest Version Manifest Bundle-Version 1.9 High Version file version 1.9 High
junit-4.13.1.jarDescription:
JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck. License:
Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html File Path: /home/jenkins/.mvnrepository/junit/junit/4.13.1/junit-4.13.1.jar
MD5: 83d91f209ddcb104776fa41c448c7ee2
SHA1: cdd00374f1fee76b11e2a9d127405aa3f6be5b6a
SHA256: c30719db974d6452793fe191b3638a5777005485bae145924044530ffa5f6122
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id junit Medium Vendor Manifest implementation-url http://junit.org Low Vendor pom artifactid junit Low Vendor pom groupid junit Highest Vendor pom organization url http://www.junit.org Medium Vendor Manifest automatic-module-name junit Medium Vendor jar package name framework Highest Vendor pom organization name JUnit High Vendor pom url http://junit.org Highest Vendor file name junit High Vendor pom name JUnit High Vendor Manifest Implementation-Vendor JUnit High Vendor jar package name junit Highest Product pom url http://junit.org Medium Product Manifest implementation-url http://junit.org Low Product Manifest Implementation-Title JUnit High Product pom groupid junit Highest Product Manifest automatic-module-name junit Medium Product jar package name framework Highest Product pom artifactid junit Highest Product pom organization name JUnit Low Product file name junit High Product pom organization url http://www.junit.org Low Product pom name JUnit High Product jar package name junit Highest Version Manifest Implementation-Version 4.13.1 High Version pom version 4.13.1 Highest Version file version 4.13.1 High
junit-jupiter-api-5.7.0.jarDescription:
Module "junit-jupiter-api" of JUnit 5. License:
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html File Path: /home/jenkins/.mvnrepository/org/junit/jupiter/junit-jupiter-api/5.7.0/junit-jupiter-api-5.7.0.jar
MD5: e8567a8fe9ea0fa92b4da7a25f0c572c
SHA1: b25f3815c4c1860a73041e733a14a0379d00c4d5
SHA256: b03f78e0daeed2d77a0af9bcd662b4cdb9693f7ee72e01a539b508b84c63d182
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest build-revision a3528756923b588a7ecded2237cb13190229b543 Low Vendor file name junit-jupiter-api High Vendor Manifest build-time 15:13:34.624+0200 Low Vendor Manifest Implementation-Vendor junit.org High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest build-date 2020-09-13 Low Vendor pom url https://junit.org/junit5/ Highest Vendor pom name JUnit Jupiter API High Vendor pom artifactid junit-jupiter-api Low Vendor pom groupid org.junit.jupiter Highest Vendor jar package name api Highest Vendor Manifest specification-vendor junit.org Low Vendor jar package name jupiter Highest Vendor Manifest bundle-symbolicname junit-jupiter-api Medium Vendor jar package name junit Highest Vendor pom groupid junit.jupiter Highest Product Manifest build-revision a3528756923b588a7ecded2237cb13190229b543 Low Product file name junit-jupiter-api High Product pom url https://junit.org/junit5/ Medium Product Manifest build-time 15:13:34.624+0200 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest build-date 2020-09-13 Low Product pom artifactid junit-jupiter-api Highest Product pom name JUnit Jupiter API High Product jar package name api Highest Product jar package name jupiter Highest Product Manifest bundle-symbolicname junit-jupiter-api Medium Product Manifest Bundle-Name JUnit Jupiter API Medium Product jar package name junit Highest Product Manifest specification-title junit-jupiter-api Medium Product pom groupid junit.jupiter Highest Product Manifest Implementation-Title junit-jupiter-api High Version pom version 5.7.0 Highest Version Manifest Bundle-Version 5.7.0 High Version Manifest Implementation-Version 5.7.0 High Version file version 5.7.0 High
junit-jupiter-engine-5.7.0.jarDescription:
Module "junit-jupiter-engine" of JUnit 5. License:
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html File Path: /home/jenkins/.mvnrepository/org/junit/jupiter/junit-jupiter-engine/5.7.0/junit-jupiter-engine-5.7.0.jar
MD5: 7e4f06555826c36fb1f7a44598431d4e
SHA1: d9044d6b45e2232ddd53fa56c15333e43d1749fd
SHA256: dfa26af94644ac2612dde6625852fcb550a0d21caa243257de54cba738ba87af
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest build-revision a3528756923b588a7ecded2237cb13190229b543 Low Vendor pom name JUnit Jupiter Engine High Vendor file name junit-jupiter-engine High Vendor Manifest build-time 15:13:34.624+0200 Low Vendor Manifest Implementation-Vendor junit.org High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest build-date 2020-09-13 Low Vendor pom url https://junit.org/junit5/ Highest Vendor Manifest bundle-symbolicname junit-jupiter-engine Medium Vendor pom groupid org.junit.jupiter Highest Vendor pom artifactid junit-jupiter-engine Low Vendor Manifest specification-vendor junit.org Low Vendor jar package name jupiter Highest Vendor jar package name junit Highest Vendor pom groupid junit.jupiter Highest Vendor jar package name engine Highest Product pom artifactid junit-jupiter-engine Highest Product Manifest build-revision a3528756923b588a7ecded2237cb13190229b543 Low Product pom name JUnit Jupiter Engine High Product pom url https://junit.org/junit5/ Medium Product file name junit-jupiter-engine High Product Manifest build-time 15:13:34.624+0200 Low Product Manifest Implementation-Title junit-jupiter-engine High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title junit-jupiter-engine Medium Product Manifest build-date 2020-09-13 Low Product Manifest bundle-symbolicname junit-jupiter-engine Medium Product Manifest Bundle-Name JUnit Jupiter Engine Medium Product jar package name jupiter Highest Product jar package name junit Highest Product pom groupid junit.jupiter Highest Product jar package name engine Highest Version pom version 5.7.0 Highest Version Manifest Bundle-Version 5.7.0 High Version Manifest Implementation-Version 5.7.0 High Version file version 5.7.0 High
junit-jupiter-migrationsupport-5.7.0.jarDescription:
Module "junit-jupiter-migrationsupport" of JUnit 5. License:
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html File Path: /home/jenkins/.mvnrepository/org/junit/jupiter/junit-jupiter-migrationsupport/5.7.0/junit-jupiter-migrationsupport-5.7.0.jar
MD5: 56af65d97f00826afe9599c956cefb03
SHA1: 2aed57e91b278c997a68c05dd2399f4f350c7cdb
SHA256: d917be3bff689244c4a3904329b1ab6d77693cb3b829aec0a8321d56ada407e2
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest build-revision a3528756923b588a7ecded2237cb13190229b543 Low Vendor Manifest build-time 15:13:34.624+0200 Low Vendor Manifest bundle-symbolicname junit-jupiter-migrationsupport Medium Vendor Manifest Implementation-Vendor junit.org High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest build-date 2020-09-13 Low Vendor pom url https://junit.org/junit5/ Highest Vendor file name junit-jupiter-migrationsupport High Vendor jar package name migrationsupport Highest Vendor pom name JUnit Jupiter Migration Support High Vendor pom groupid org.junit.jupiter Highest Vendor Manifest specification-vendor junit.org Low Vendor jar package name jupiter Highest Vendor pom artifactid junit-jupiter-migrationsupport Low Vendor jar package name junit Highest Vendor pom groupid junit.jupiter Highest Product Manifest build-revision a3528756923b588a7ecded2237cb13190229b543 Low Product pom url https://junit.org/junit5/ Medium Product Manifest build-time 15:13:34.624+0200 Low Product Manifest bundle-symbolicname junit-jupiter-migrationsupport Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest build-date 2020-09-13 Low Product file name junit-jupiter-migrationsupport High Product jar package name migrationsupport Highest Product Manifest Implementation-Title junit-jupiter-migrationsupport High Product Manifest specification-title junit-jupiter-migrationsupport Medium Product pom name JUnit Jupiter Migration Support High Product Manifest Bundle-Name JUnit Jupiter Migration Support Medium Product pom artifactid junit-jupiter-migrationsupport Highest Product jar package name jupiter Highest Product jar package name junit Highest Product pom groupid junit.jupiter Highest Version pom version 5.7.0 Highest Version Manifest Bundle-Version 5.7.0 High Version Manifest Implementation-Version 5.7.0 High Version file version 5.7.0 High
junit-jupiter-params-5.7.0.jarDescription:
Module "junit-jupiter-params" of JUnit 5. License:
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html File Path: /home/jenkins/.mvnrepository/org/junit/jupiter/junit-jupiter-params/5.7.0/junit-jupiter-params-5.7.0.jar
MD5: 5584d8379e67651127101893d083596d
SHA1: 521dbecace93d5d7ef13a74aab231befd7954424
SHA256: ca9f555c37b9bf79effd2e834af549e4feb52ad8ac9e348fe5b430d4d8a482b7
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest build-revision a3528756923b588a7ecded2237cb13190229b543 Low Vendor pom name JUnit Jupiter Params High Vendor Manifest build-time 15:13:34.624+0200 Low Vendor Manifest Implementation-Vendor junit.org High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor file name junit-jupiter-params High Vendor Manifest build-date 2020-09-13 Low Vendor pom url https://junit.org/junit5/ Highest Vendor pom groupid org.junit.jupiter Highest Vendor Manifest bundle-symbolicname junit-jupiter-params Medium Vendor jar package name params Highest Vendor Manifest specification-vendor junit.org Low Vendor jar package name jupiter Highest Vendor jar package name junit Highest Vendor pom groupid junit.jupiter Highest Vendor pom artifactid junit-jupiter-params Low Product pom artifactid junit-jupiter-params Highest Product Manifest build-revision a3528756923b588a7ecded2237cb13190229b543 Low Product pom name JUnit Jupiter Params High Product pom url https://junit.org/junit5/ Medium Product Manifest build-time 15:13:34.624+0200 Low Product Manifest Implementation-Title junit-jupiter-params High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title junit-jupiter-params Medium Product file name junit-jupiter-params High Product Manifest build-date 2020-09-13 Low Product jar package name params Highest Product Manifest bundle-symbolicname junit-jupiter-params Medium Product jar package name jupiter Highest Product Manifest Bundle-Name JUnit Jupiter Params Medium Product jar package name junit Highest Product pom groupid junit.jupiter Highest Version pom version 5.7.0 Highest Version Manifest Bundle-Version 5.7.0 High Version Manifest Implementation-Version 5.7.0 High Version file version 5.7.0 High
junit-platform-commons-1.7.0.jarDescription:
Module "junit-platform-commons" of JUnit 5. License:
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html File Path: /home/jenkins/.mvnrepository/org/junit/platform/junit-platform-commons/1.7.0/junit-platform-commons-1.7.0.jar
MD5: d398290c354b2aeb6af8c420eff049c0
SHA1: 84e309fbf21d857aac079a3c1fffd84284e1114d
SHA256: 5330ee87cc7586e6e25175a34e9251624ff12ff525269d3415d0b4ca519b6fea
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name platform Highest Vendor Manifest build-revision a3528756923b588a7ecded2237cb13190229b543 Low Vendor Manifest build-time 15:13:34.624+0200 Low Vendor Manifest Implementation-Vendor junit.org High Vendor jar package name org Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor file name junit-platform-commons High Vendor Manifest build-date 2020-09-13 Low Vendor pom url https://junit.org/junit5/ Highest Vendor jar package name commons Highest Vendor Manifest multi-release true Low Vendor pom name JUnit Platform Commons High Vendor pom groupid org.junit.platform Highest Vendor Manifest specification-vendor junit.org Low Vendor Manifest bundle-symbolicname junit-platform-commons Medium Vendor jar package name junit Highest Vendor pom artifactid junit-platform-commons Low Vendor pom groupid junit.platform Highest Product jar package name platform Highest Product Manifest build-revision a3528756923b588a7ecded2237cb13190229b543 Low Product pom url https://junit.org/junit5/ Medium Product Manifest build-time 15:13:34.624+0200 Low Product Manifest Implementation-Title junit-platform-commons High Product Manifest Bundle-Name JUnit Platform Commons Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title junit-platform-commons Medium Product file name junit-platform-commons High Product Manifest build-date 2020-09-13 Low Product jar package name commons Highest Product Manifest multi-release true Low Product pom name JUnit Platform Commons High Product pom artifactid junit-platform-commons Highest Product Manifest bundle-symbolicname junit-platform-commons Medium Product jar package name junit Highest Product pom groupid junit.platform Highest Version Manifest Bundle-Version 1.7.0 High Version Manifest Implementation-Version 1.7.0 High Version pom version 1.7.0 Highest Version file version 1.7.0 High
junit-platform-engine-1.7.0.jarDescription:
Module "junit-platform-engine" of JUnit 5. License:
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html File Path: /home/jenkins/.mvnrepository/org/junit/platform/junit-platform-engine/1.7.0/junit-platform-engine-1.7.0.jar
MD5: 499a279ad63eb48941b252d9e1434102
SHA1: eadb73c5074a4ac71061defd00fc176152a4d12c
SHA256: 75f21a20dc594afdc875736725b408cec6d0344874d29f34b2dd3075500236f2
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor file name junit-platform-engine High Vendor jar package name platform Highest Vendor Manifest build-revision a3528756923b588a7ecded2237cb13190229b543 Low Vendor Manifest build-time 15:13:34.624+0200 Low Vendor Manifest Implementation-Vendor junit.org High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest build-date 2020-09-13 Low Vendor pom url https://junit.org/junit5/ Highest Vendor pom artifactid junit-platform-engine Low Vendor Manifest bundle-symbolicname junit-platform-engine Medium Vendor pom groupid org.junit.platform Highest Vendor Manifest specification-vendor junit.org Low Vendor pom name JUnit Platform Engine API High Vendor jar package name junit Highest Vendor pom groupid junit.platform Highest Vendor jar package name engine Highest Product file name junit-platform-engine High Product jar package name platform Highest Product Manifest build-revision a3528756923b588a7ecded2237cb13190229b543 Low Product pom url https://junit.org/junit5/ Medium Product Manifest build-time 15:13:34.624+0200 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest build-date 2020-09-13 Low Product pom artifactid junit-platform-engine Highest Product Manifest Bundle-Name JUnit Platform Engine API Medium Product Manifest bundle-symbolicname junit-platform-engine Medium Product jar package name filter Highest Product pom name JUnit Platform Engine API High Product jar package name junit Highest Product Manifest Implementation-Title junit-platform-engine High Product pom groupid junit.platform Highest Product jar package name engine Highest Product Manifest specification-title junit-platform-engine Medium Version Manifest Bundle-Version 1.7.0 High Version Manifest Implementation-Version 1.7.0 High Version pom version 1.7.0 Highest Version file version 1.7.0 High
junit-platform-launcher-1.7.0.jarDescription:
Module "junit-platform-launcher" of JUnit 5. License:
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html File Path: /home/jenkins/.mvnrepository/org/junit/platform/junit-platform-launcher/1.7.0/junit-platform-launcher-1.7.0.jar
MD5: d1513da85c9dd6c3f22416ec2d1c496b
SHA1: cfd2d9c8b6ff9f3880faad828454cd0166bc12d7
SHA256: fbdc748fde4c4279fe1d3c607447cb3b7ccd45d7338fc574f8a894ddf2d16818
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name platform Highest Vendor pom name JUnit Platform Launcher High Vendor Manifest build-revision a3528756923b588a7ecded2237cb13190229b543 Low Vendor Manifest build-time 15:13:34.624+0200 Low Vendor jar package name launcher Highest Vendor Manifest Implementation-Vendor junit.org High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest build-date 2020-09-13 Low Vendor pom artifactid junit-platform-launcher Low Vendor pom url https://junit.org/junit5/ Highest Vendor pom groupid org.junit.platform Highest Vendor Manifest specification-vendor junit.org Low Vendor Manifest bundle-symbolicname junit-platform-launcher Medium Vendor jar package name junit Highest Vendor pom groupid junit.platform Highest Vendor file name junit-platform-launcher High Product jar package name platform Highest Product pom name JUnit Platform Launcher High Product pom artifactid junit-platform-launcher Highest Product Manifest build-revision a3528756923b588a7ecded2237cb13190229b543 Low Product pom url https://junit.org/junit5/ Medium Product Manifest build-time 15:13:34.624+0200 Low Product jar package name launcher Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest build-date 2020-09-13 Low Product Manifest Implementation-Title junit-platform-launcher High Product Manifest bundle-symbolicname junit-platform-launcher Medium Product jar package name junit Highest Product pom groupid junit.platform Highest Product Manifest specification-title junit-platform-launcher Medium Product file name junit-platform-launcher High Product Manifest Bundle-Name JUnit Platform Launcher Medium Version Manifest Bundle-Version 1.7.0 High Version Manifest Implementation-Version 1.7.0 High Version pom version 1.7.0 Highest Version file version 1.7.0 High
keycloak-admin-client-9.0.3.jarFile Path: /home/jenkins/.mvnrepository/org/keycloak/keycloak-admin-client/9.0.3/keycloak-admin-client-9.0.3.jarMD5: 61a28fd1ca633bbee49d099f65d65862SHA1: d7f19c2de49e6aa201951a7845d5f8e24973097aSHA256: 5d16705f1f739499769e8ab7cb88b76030431f1f06e0e562442434156b8c359dReferenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.keycloak Medium Vendor pom name Keycloak Admin REST Client High Vendor jar package name keycloak Highest Vendor pom artifactid keycloak-admin-client Low Vendor Manifest os-arch amd64 Low Vendor pom groupid keycloak Highest Vendor pom groupid org.keycloak Highest Vendor jar package name client Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom parent-artifactid keycloak-integration-parent Low Vendor jar package name admin Highest Vendor pom parent-groupid org.keycloak Medium Vendor file name keycloak-admin-client High Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest implementation-url http://keycloak.org/keycloak-integration-parent/keycloak-admin-client Low Vendor Manifest os-name Linux Medium Product pom name Keycloak Admin REST Client High Product jar package name keycloak Highest Product Manifest os-arch amd64 Low Product pom parent-artifactid keycloak-integration-parent Medium Product pom groupid keycloak Highest Product pom artifactid keycloak-admin-client Highest Product jar package name client Highest Product jar package name admin Highest Product pom parent-groupid org.keycloak Medium Product file name keycloak-admin-client High Product Manifest implementation-url http://keycloak.org/keycloak-integration-parent/keycloak-admin-client Low Product Manifest os-name Linux Medium Product Manifest Implementation-Title Keycloak Admin REST Client High Product Manifest specification-title Keycloak Admin REST Client Medium Version Manifest Implementation-Version 9.0.3 High Version file version 9.0.3 High Version pom version 9.0.3 Highest
keycloak-common-9.0.3.jarDescription:
Common library and dependencies shared with server and all adapters License:
https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/jenkins/.mvnrepository/org/keycloak/keycloak-common/9.0.3/keycloak-common-9.0.3.jar
MD5: 904371bebd3b8d8944e7793087a95357
SHA1: 75406689a282c91c52b258167ec1d1d8d902348e
SHA256: 979f8b1c9db5ca8dbb5aa2eac73920e640e575f3090a926c85d29025b458c0ee
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.keycloak Medium Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor file name keycloak-common High Vendor jar package name common Highest Vendor jar package name keycloak Highest Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest os-arch amd64 Low Vendor Manifest implementation-url http://keycloak.org/keycloak-common Low Vendor pom groupid keycloak Highest Vendor pom groupid org.keycloak Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid keycloak-common Low Vendor pom name Keycloak Common High Vendor pom parent-groupid org.keycloak Medium Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest bundle-symbolicname org.keycloak.keycloak-common Medium Vendor Manifest os-name Linux Medium Vendor pom parent-artifactid keycloak-parent Low Product Manifest specification-title Keycloak Common Medium Product Manifest bundle-docurl http://www.jboss.org Low Product file name keycloak-common High Product jar package name common Highest Product Manifest Implementation-Title Keycloak Common High Product jar package name keycloak Highest Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom artifactid keycloak-common Highest Product Manifest os-arch amd64 Low Product pom parent-artifactid keycloak-parent Medium Product Manifest implementation-url http://keycloak.org/keycloak-common Low Product pom groupid keycloak Highest Product Manifest Bundle-Name Keycloak Common Medium Product pom name Keycloak Common High Product pom parent-groupid org.keycloak Medium Product Manifest bundle-symbolicname org.keycloak.keycloak-common Medium Product Manifest os-name Linux Medium Version Manifest Bundle-Version 9.0.3 High Version Manifest Implementation-Version 9.0.3 High Version file version 9.0.3 High Version pom version 9.0.3 Highest
keycloak-core-9.0.3.jarLicense:
https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/jenkins/.mvnrepository/org/keycloak/keycloak-core/9.0.3/keycloak-core-9.0.3.jar
MD5: cbfe7dce03d6484b9484fe001f2c9bdb
SHA1: 25064b55a0323c359ab3b3794b2bc656ccb47571
SHA256: a276663e6902c820f3484a18dabb2a9e1094be1306defd9a3a36d11e0ec6d007
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.keycloak Medium Vendor Manifest implementation-url http://keycloak.org/keycloak-core Low Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor pom name Keycloak Core High Vendor jar package name keycloak Highest Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest os-arch amd64 Low Vendor pom artifactid keycloak-core Low Vendor pom groupid keycloak Highest Vendor pom groupid org.keycloak Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom parent-groupid org.keycloak Medium Vendor file name keycloak-core High Vendor Manifest bundle-symbolicname org.keycloak.keycloak-core Medium Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest os-name Linux Medium Vendor pom parent-artifactid keycloak-parent Low Product Manifest implementation-url http://keycloak.org/keycloak-core Low Product Manifest bundle-docurl http://www.jboss.org Low Product pom name Keycloak Core High Product jar package name keycloak Highest Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest os-arch amd64 Low Product pom parent-artifactid keycloak-parent Medium Product pom groupid keycloak Highest Product Manifest specification-title Keycloak Core Medium Product Manifest Bundle-Name Keycloak Core Medium Product Manifest Implementation-Title Keycloak Core High Product pom parent-groupid org.keycloak Medium Product file name keycloak-core High Product Manifest bundle-symbolicname org.keycloak.keycloak-core Medium Product pom artifactid keycloak-core Highest Product Manifest os-name Linux Medium Version Manifest Bundle-Version 9.0.3 High Version Manifest Implementation-Version 9.0.3 High Version file version 9.0.3 High Version pom version 9.0.3 Highest
kubernetes-client-4.7.0.jarFile Path: /home/jenkins/.mvnrepository/io/fabric8/kubernetes-client/4.7.0/kubernetes-client-4.7.0.jarMD5: 1d356d064e8186b15903298b43e6be1dSHA1: 12547e58b775e415157315048224be39e3944afaSHA256: b30d0b9908d4e3f9f6a050d05e568de892f9616de4fecdac131fde3e246bf3c7Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name fabric8 Highest Vendor pom parent-artifactid kubernetes-client-project Low Vendor jar package name kubernetes Highest Vendor pom name Fabric8 :: Kubernetes :: Java Client High Vendor pom artifactid kubernetes-client Low Vendor file name kubernetes-client High Vendor jar package name client Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor pom groupid io.fabric8 Highest Vendor jar package name io Highest Product jar package name fabric8 Highest Product pom parent-artifactid kubernetes-client-project Medium Product pom artifactid kubernetes-client Highest Product jar package name kubernetes Highest Product pom name Fabric8 :: Kubernetes :: Java Client High Product file name kubernetes-client High Product jar package name client Highest Product Manifest build-jdk-spec 1.8 Low Product pom groupid io.fabric8 Highest Product jar package name io Highest Version pom version 4.7.0 Highest Version file version 4.7.0 High
kubernetes-model-4.7.0.jarDescription:
Java client for Kubernetes and OpenShift License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/io/fabric8/kubernetes-model/4.7.0/kubernetes-model-4.7.0.jar
MD5: 87609db8395ebd5136763394a11eb8fc
SHA1: cf4831621a7f61deb5e87c9390ef7b970f16d909
SHA256: 1ecfcd2bfd4ddfe457723af295ef5ec7231f02aafb9c8799fa7fb73d446411fe
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom name Fabric8 :: Kubernetes Model High Vendor jar package name fabric8 Highest Vendor Manifest os-arch amd64 Low Vendor jar package name kubernetes Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor file name kubernetes-model High Vendor Manifest bundle-docurl http://redhat.com Low Vendor Manifest implementation-url http://fabric8.io/kubernetes-model-generator/kubernetes-model/ Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor jar package name io Highest Vendor Manifest Implementation-Vendor Red Hat High Vendor Manifest bundle-symbolicname io.fabric8.kubernetes-model Medium Vendor Manifest Implementation-Vendor-Id io.fabric8 Medium Vendor pom parent-artifactid kubernetes-model-generator Low Vendor pom artifactid kubernetes-model Low Vendor Manifest os-name Linux Medium Vendor Manifest build-timestamp ${build.datetime} Low Vendor Manifest specification-vendor Red Hat Low Vendor pom groupid io.fabric8 Highest Product pom name Fabric8 :: Kubernetes Model High Product jar package name fabric8 Highest Product Manifest os-arch amd64 Low Product jar package name kubernetes Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product file name kubernetes-model High Product Manifest bundle-docurl http://redhat.com Low Product Manifest implementation-url http://fabric8.io/kubernetes-model-generator/kubernetes-model/ Low Product jar package name io Highest Product Manifest Implementation-Title Fabric8 :: Kubernetes Model High Product Manifest Bundle-Name Fabric8 :: Kubernetes Model Medium Product Manifest bundle-symbolicname io.fabric8.kubernetes-model Medium Product Manifest specification-title Fabric8 :: Kubernetes Model Medium Product jar package name openshift Highest Product pom artifactid kubernetes-model Highest Product Manifest os-name Linux Medium Product Manifest build-timestamp ${build.datetime} Low Product pom groupid io.fabric8 Highest Product pom parent-artifactid kubernetes-model-generator Medium Version pom version 4.7.0 Highest Version file version 4.7.0 High Version Manifest Bundle-Version 4.7.0 High Version Manifest Implementation-Version 4.7.0 High
kubernetes-model-common-4.7.0.jarFile Path: /home/jenkins/.mvnrepository/io/fabric8/kubernetes-model-common/4.7.0/kubernetes-model-common-4.7.0.jarMD5: 1845c2fd17622c1f9980ddbf3183e84eSHA1: 38e88a4bdf0d4a77089927494aa60358b8b66455SHA256: b5bdb86d95feba870016a67304f822a26112db7c30eb4bc656ef502a44a660f3Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom name Fabric8 :: Kubernetes Model :: Common High Vendor jar package name fabric8 Highest Vendor Manifest os-arch amd64 Low Vendor file name kubernetes-model-common High Vendor jar package name kubernetes Highest Vendor Manifest build-timestamp Wed, 8 Jan 2020 13:20:45 +0000 Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor jar package name model Highest Vendor Manifest Implementation-Vendor Red Hat High Vendor jar package name io Highest Vendor Manifest implementation-url http://fabric8.io/kubernetes-model-generator/kubernetes-model-common/ Low Vendor pom parent-artifactid kubernetes-model-generator Low Vendor pom artifactid kubernetes-model-common Low Vendor Manifest os-name Linux Medium Vendor Manifest specification-vendor Red Hat Low Vendor pom groupid io.fabric8 Highest Product pom name Fabric8 :: Kubernetes Model :: Common High Product jar package name fabric8 Highest Product Manifest os-arch amd64 Low Product file name kubernetes-model-common High Product jar package name kubernetes Highest Product Manifest build-timestamp Wed, 8 Jan 2020 13:20:45 +0000 Low Product jar package name model Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Fabric8 :: Kubernetes Model :: Common High Product Manifest specification-title Fabric8 :: Kubernetes Model :: Common Medium Product jar package name io Highest Product Manifest implementation-url http://fabric8.io/kubernetes-model-generator/kubernetes-model-common/ Low Product pom artifactid kubernetes-model-common Highest Product Manifest os-name Linux Medium Product pom groupid io.fabric8 Highest Product pom parent-artifactid kubernetes-model-generator Medium Version pom version 4.7.0 Highest Version file version 4.7.0 High Version Manifest Implementation-Version 4.7.0 High
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarDescription:
An empty artifact that Guava depends on to signal that it is providing
ListenableFuture -- but is also available in a second "version" that
contains com.google.common.util.concurrent.ListenableFuture class, without
any other Guava classes. The idea is:
- If users want only ListenableFuture, they depend on listenablefuture-1.0.
- If users want all of Guava, they depend on guava, which, as of Guava
27.0, depends on
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
version number is enough for some build systems (notably, Gradle) to select
that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
conflict with the copy of ListenableFuture in guava itself. If users are
using an older version of Guava or a build system other than Gradle, they
may see class conflicts. If so, they can solve them by manually excluding
the listenablefuture artifact or manually forcing their build systems to
use 9999.0-....
File Path: /home/jenkins/.mvnrepository/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarMD5: d094c22570d65e132c19cea5d352e381SHA1: b421526c5f297295adef1c886e5246c39d4ac629SHA256: b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid guava-parent Low Vendor pom groupid google.guava Highest Vendor pom artifactid listenablefuture Low Vendor file name listenablefuture High Vendor pom groupid com.google.guava Highest Vendor pom parent-groupid com.google.guava Medium Vendor pom name Guava ListenableFuture only High Product pom artifactid listenablefuture Highest Product pom groupid google.guava Highest Product file name listenablefuture High Product pom parent-artifactid guava-parent Medium Product pom parent-groupid com.google.guava Medium Product pom name Guava ListenableFuture only High Version pom parent-version 9999.0-empty-to-avoid-conflict-with-guava Low Version pom version 9999.0-empty-to-avoid-conflict-with-guava Highest
logging-interceptor-3.12.1.jarFile Path: /home/jenkins/.mvnrepository/com/squareup/okhttp3/logging-interceptor/3.12.1/logging-interceptor-3.12.1.jarMD5: 73b31646886b0efe515b3aad96d90077SHA1: f0304756a8d9f745fd7de3f82a32090cf5b71166SHA256: fa455a235aa7af3327babe3f0523a05dca76b71ec88c6d548fa92927efdf6cdaReferenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name logging Highest Vendor Manifest automatic-module-name okhttp3.logging Medium Vendor pom parent-artifactid parent Low Vendor file name logging-interceptor High Vendor pom groupid squareup.okhttp3 Highest Vendor pom artifactid logging-interceptor Low Vendor pom groupid com.squareup.okhttp3 Highest Vendor jar package name okhttp3 Highest Vendor pom name OkHttp Logging Interceptor High Vendor pom parent-groupid com.squareup.okhttp3 Medium Product jar package name logging Highest Product Manifest automatic-module-name okhttp3.logging Medium Product file name logging-interceptor High Product pom groupid squareup.okhttp3 Highest Product pom parent-artifactid parent Medium Product jar package name okhttp3 Highest Product pom name OkHttp Logging Interceptor High Product pom artifactid logging-interceptor Highest Product pom parent-groupid com.squareup.okhttp3 Medium Version pom version 3.12.1 Highest Version file version 3.12.1 High
microprofile-config-api-1.3.jarDescription:
MicroProfile Config :: API License:
Apache License, Version 2.0 File Path: /home/jenkins/.mvnrepository/org/eclipse/microprofile/config/microprofile-config-api/1.3/microprofile-config-api-1.3.jar
MD5: 21a30777482d84e5682181ef404a0fd9
SHA1: 5813ff0cf78ee03b483887ebf63084ae195f332f
SHA256: 6a1bf1548909e97d4866847cf8e96e2f30d15b959a68c95385daccba8abe3072
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name microprofile Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor file name microprofile-config-api High Vendor jar package name config Highest Vendor pom parent-artifactid microprofile-config-parent Low Vendor Manifest bundle-symbolicname org.eclipse.microprofile.config Medium Vendor pom parent-groupid org.eclipse.microprofile.config Medium Vendor pom groupid org.eclipse.microprofile.config Highest Vendor jar package name eclipse Highest Vendor pom groupid eclipse.microprofile.config Highest Vendor pom artifactid microprofile-config-api Low Vendor pom name MicroProfile Config API High Product jar package name microprofile Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product file name microprofile-config-api High Product jar package name config Highest Product pom parent-artifactid microprofile-config-parent Medium Product Manifest bundle-symbolicname org.eclipse.microprofile.config Medium Product pom parent-groupid org.eclipse.microprofile.config Medium Product jar package name eclipse Highest Product pom groupid eclipse.microprofile.config Highest Product Manifest Bundle-Name MicroProfile Config Bundle Medium Product pom name MicroProfile Config API High Product pom artifactid microprofile-config-api Highest Version pom version 1.3 Highest Version file version 1.3 High
microprofile-context-propagation-api-1.0.1.jarDescription:
MicroProfile Context Propagation :: API File Path: /home/jenkins/.mvnrepository/org/eclipse/microprofile/context-propagation/microprofile-context-propagation-api/1.0.1/microprofile-context-propagation-api-1.0.1.jarMD5: 7fa031f7effbfc699e51e0e6283b5340SHA1: b7825e202a09dfb9dbb4b0e65b74237ab1fc6cecSHA256: 1731627424ac020eb9f2fc3b82df8b984315387cdc0488bbf3f7a86eecfacb49Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor file name microprofile-context-propagation-api High Vendor jar package name microprofile Highest Vendor jar package name context Highest Vendor jar package name context Low Vendor pom groupid org.eclipse.microprofile.context-propagation Highest Vendor pom groupid eclipse.microprofile.context-propagation Highest Vendor pom parent-groupid org.eclipse.microprofile.context-propagation Medium Vendor pom parent-artifactid microprofile-context-propagation-parent Low Vendor jar package name microprofile Low Vendor pom artifactid microprofile-context-propagation-api Low Vendor jar package name eclipse Highest Vendor jar package name eclipse Low Vendor pom name MicroProfile Context Propagation High Product file name microprofile-context-propagation-api High Product pom parent-artifactid microprofile-context-propagation-parent Medium Product jar package name microprofile Highest Product jar package name context Highest Product jar package name context Low Product pom groupid eclipse.microprofile.context-propagation Highest Product pom parent-groupid org.eclipse.microprofile.context-propagation Medium Product jar package name microprofile Low Product jar package name spi Low Product jar package name eclipse Highest Product pom artifactid microprofile-context-propagation-api Highest Product pom name MicroProfile Context Propagation High Version file version 1.0.1 High Version pom version 1.0.1 Highest
msg-simple-1.1.jarDescription:
null License:
Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/jenkins/.mvnrepository/com/github/fge/msg-simple/1.1/msg-simple-1.1.jar
MD5: b0d8d70468edff2e223b3d2f07cc5de1
SHA1: f261263e13dd4cfa93cc6b83f1f58f619097a2c4
SHA256: c3c5add3971a9a7f1868beb7607780d73f36bb611c7505de01f1baf49ab4ff75
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name fge Highest Vendor pom name null High Vendor pom url fge/msg-simple Highest Vendor jar package name github Highest Vendor pom groupid com.github.fge Highest Vendor Manifest bundle-symbolicname com.github.fge.msg-simple Medium Vendor pom artifactid msg-simple Low Vendor file name msg-simple High Vendor pom groupid github.fge Highest Product jar package name fge Highest Product pom name null High Product pom url fge/msg-simple High Product Manifest Bundle-Name msg-simple Medium Product jar package name github Highest Product Manifest bundle-symbolicname com.github.fge.msg-simple Medium Product pom artifactid msg-simple Highest Product file name msg-simple High Product pom groupid github.fge Highest Version pom version 1.1 Highest Version Manifest Bundle-Version 1.1 High Version file version 1.1 High
okhttp-3.12.1.jarFile Path: /home/jenkins/.mvnrepository/com/squareup/okhttp3/okhttp/3.12.1/okhttp-3.12.1.jarMD5: 8e397d184bcca38deb5c06122d10adc5SHA1: dc6d02e4e68514eff5631963e28ca7742ac69efeSHA256: 07c3d82ca7eaf4722f00b2da807dc7860f6169ae60cfedcf5d40218f90880a46Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name okhttp3 Medium Vendor pom parent-artifactid parent Low Vendor pom artifactid okhttp Low Vendor file name okhttp High Vendor pom groupid squareup.okhttp3 Highest Vendor pom name OkHttp High Vendor pom groupid com.squareup.okhttp3 Highest Vendor jar package name okhttp3 Highest Vendor pom parent-groupid com.squareup.okhttp3 Medium Product Manifest automatic-module-name okhttp3 Medium Product pom artifactid okhttp Highest Product file name okhttp High Product pom groupid squareup.okhttp3 Highest Product pom parent-artifactid parent Medium Product pom name OkHttp High Product jar package name okhttp3 Highest Product pom parent-groupid com.squareup.okhttp3 Medium Version pom version 3.12.1 Highest Version file version 3.12.1 High
okio-1.15.0.jarFile Path: /home/jenkins/.mvnrepository/com/squareup/okio/okio/1.15.0/okio-1.15.0.jarMD5: e8ddbcb79210050527c2eda7562e63ceSHA1: bc28b5a964c8f5721eb58ee3f3c47a9bcbf4f4d8SHA256: 693fa319a7e8843300602b204023b7674f106ebcb577f2dd5807212b66118bd2Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name okio Highest Vendor pom groupid squareup.okio Highest Vendor pom artifactid okio Low Vendor pom name Okio High Vendor pom parent-groupid com.squareup.okio Medium Vendor pom parent-artifactid okio-parent Low Vendor pom groupid com.squareup.okio Highest Vendor file name okio High Vendor Manifest automatic-module-name okio Medium Product pom artifactid okio Highest Product jar package name okio Highest Product pom groupid squareup.okio Highest Product pom parent-artifactid okio-parent Medium Product pom name Okio High Product pom parent-groupid com.squareup.okio Medium Product file name okio High Product Manifest automatic-module-name okio Medium Version file version 1.15.0 High Version pom version 1.15.0 Highest
opentest4j-1.2.0.jarDescription:
Open Test Alliance for the JVM License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/org/opentest4j/opentest4j/1.2.0/opentest4j-1.2.0.jar
MD5: 45c9a837c21f68e8c93e85b121e2fb90
SHA1: 28c11eb91f9b6d8e200631d46e20a7f407f2a046
SHA256: 58812de60898d976fb81ef3b62da05c6604c18fd4a249f5044282479fc286af2
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid opentest4j Low Vendor pom name org.opentest4j:opentest4j High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom groupid org.opentest4j Highest Vendor Manifest build-time 21:23:52.218+0200 Low Vendor Manifest Implementation-Vendor opentest4j.org High Vendor pom url ota4j-team/opentest4j Highest Vendor Manifest build-date 2019-06-06 Low Vendor jar package name opentest4j Highest Vendor Manifest build-revision 75136304fab712895090c9c4678dc72ccbcb5e21 Low Vendor file name opentest4j High Vendor Manifest bundle-symbolicname org.opentest4j Medium Vendor pom groupid opentest4j Highest Vendor Manifest specification-vendor opentest4j.org Low Product pom name org.opentest4j:opentest4j High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest Bundle-Name opentest4j Medium Product Manifest build-time 21:23:52.218+0200 Low Product Manifest build-date 2019-06-06 Low Product pom artifactid opentest4j Highest Product jar package name opentest4j Highest Product Manifest build-revision 75136304fab712895090c9c4678dc72ccbcb5e21 Low Product file name opentest4j High Product Manifest Implementation-Title opentest4j High Product Manifest bundle-symbolicname org.opentest4j Medium Product pom url ota4j-team/opentest4j High Product pom groupid opentest4j Highest Product Manifest specification-title opentest4j Medium Version pom version 1.2.0 Highest Version Manifest Bundle-Version 1.2.0 High Version file version 1.2.0 High Version Manifest Implementation-Version 1.2.0 High
postgresql-42.2.14.jarDescription:
PostgreSQL JDBC Driver Postgresql License:
BSD-2-Clause: https://jdbc.postgresql.org/about/license.html File Path: /home/jenkins/.mvnrepository/org/postgresql/postgresql/42.2.14/postgresql-42.2.14.jar
MD5: 79869645ab65d5ef28024fc96bb1ce28
SHA1: 45fa6eef266aa80024ef2ab3688d9faa38c642e5
SHA256: 48bbba05845b40bcce66ece3d7652153d27b5379d5ae90977b78eefd7c7a0287
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid postgresql Low Vendor pom organization name PostgreSQL Global Development Group High Vendor pom groupid postgresql Highest Vendor pom groupid org.postgresql Highest Vendor Manifest Implementation-Vendor PostgreSQL Global Development Group High Vendor jar package name driver Highest Vendor Manifest Implementation-Vendor-Id org.postgresql Medium Vendor jar package name jdbc Highest Vendor Manifest automatic-module-name org.postgresql.jdbc Medium Vendor Manifest bundle-docurl https://jdbc.postgresql.org/ Low Vendor pom name PostgreSQL JDBC Driver High Vendor Manifest bundle-copyright Copyright (c) 2003-2020, PostgreSQL Global Development Group Low Vendor file name postgresql High Vendor jar package name postgresql Highest Vendor Manifest require-capability osgi.ee;filter:="(&(|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))" Low Vendor Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory" Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom organization url https://jdbc.postgresql.org/ Medium Vendor pom url https://jdbc.postgresql.org Highest Vendor Manifest bundle-symbolicname org.postgresql.jdbc Medium Product Manifest Implementation-Title PostgreSQL JDBC Driver High Product pom groupid postgresql Highest Product Manifest Bundle-Name PostgreSQL JDBC Driver Medium Product jar package name driver Highest Product jar package name jdbc Highest Product Manifest automatic-module-name org.postgresql.jdbc Medium Product Manifest bundle-docurl https://jdbc.postgresql.org/ Low Product pom artifactid postgresql Highest Product jar package name osgi Highest Product pom name PostgreSQL JDBC Driver High Product jar package name version Highest Product pom organization name PostgreSQL Global Development Group Low Product Manifest bundle-copyright Copyright (c) 2003-2020, PostgreSQL Global Development Group Low Product file name postgresql High Product jar package name postgresql Highest Product pom url https://jdbc.postgresql.org Medium Product Manifest require-capability osgi.ee;filter:="(&(|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))" Low Product Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory" Low Product Manifest bundle-symbolicname org.postgresql.jdbc Medium Product Manifest specification-title JDBC Medium Product pom organization url https://jdbc.postgresql.org/ Low Version Manifest Implementation-Version 42.2.14 High Version pom version 42.2.14 Highest Version file version 42.2.14 High Version Manifest Bundle-Version 42.2.14 High
quarkus-arc-1.2.0.Final.jarDescription:
Build time CDI dependency injection File Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-arc/1.2.0.Final/quarkus-arc-1.2.0.Final.jarMD5: de77bd4f237b2efcf13d7554829541e4SHA1: fcabaf0c5a861f5cd0980f22a6f435dcf29fc953SHA256: e93823a596983132117f966bda5f15c3f69f99f59ffdef3d0b2a4a154b9400fcReferenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-arc-parent/quarkus-arc Low Vendor pom parent-artifactid quarkus-arc-parent Low Vendor Manifest os-arch amd64 Low Vendor jar package name quarkus Highest Vendor Manifest Implementation-Vendor-Id io.quarkus Medium Vendor jar package name runtime Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom artifactid quarkus-arc Low Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor jar package name io Highest Vendor jar package name arc Highest Vendor pom name Quarkus - ArC - Runtime High Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest os-name Linux Medium Vendor file name quarkus-arc High Vendor pom groupid io.quarkus Highest Product Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-arc-parent/quarkus-arc Low Product Manifest Implementation-Title Quarkus - ArC - Runtime High Product jar package name quarkus Highest Product Manifest os-arch amd64 Low Product Manifest specification-title Quarkus - ArC - Runtime Medium Product pom artifactid quarkus-arc Highest Product jar package name runtime Highest Product jar package name arc Highest Product jar package name io Highest Product pom name Quarkus - ArC - Runtime High Product Manifest os-name Linux Medium Product file name quarkus-arc High Product pom parent-artifactid quarkus-arc-parent Medium Product pom groupid io.quarkus Highest Version pom version 1.2.0.Final Highest Version Manifest Implementation-Version 1.2.0.Final High
quarkus-core-1.2.0.Final.jarFile Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-core/1.2.0.Final/quarkus-core-1.2.0.Final.jarMD5: 995fbfc0f4271f21957f67ed13f3cd99SHA1: ffef221351007b5a644241ebfcc9fd938755b801SHA256: 3aaf703ac1f70a5dfb1e5d3eb9ead5d715ca208633dd95f9cfdc5b90883170daReferenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor file name quarkus-core High Vendor Manifest os-arch amd64 Low Vendor jar package name quarkus Highest Vendor pom parent-artifactid quarkus-core-parent Low Vendor Manifest Implementation-Vendor-Id io.quarkus Medium Vendor jar package name runtime Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor jar package name io Highest Vendor Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-core-parent/quarkus-core Low Vendor pom artifactid quarkus-core Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest os-name Linux Medium Vendor pom name Quarkus - Core - Runtime High Vendor pom groupid io.quarkus Highest Product pom artifactid quarkus-core Highest Product pom parent-artifactid quarkus-core-parent Medium Product file name quarkus-core High Product jar package name quarkus Highest Product Manifest os-arch amd64 Low Product jar package name runtime Highest Product jar package name io Highest Product Manifest Implementation-Title Quarkus - Core - Runtime High Product Manifest specification-title Quarkus - Core - Runtime Medium Product Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-core-parent/quarkus-core Low Product Manifest os-name Linux Medium Product pom name Quarkus - Core - Runtime High Product pom groupid io.quarkus Highest Version pom version 1.2.0.Final Highest Version Manifest Implementation-Version 1.2.0.Final High
quarkus-jackson-1.2.0.Final.jarDescription:
Jackson Databind support File Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-jackson/1.2.0.Final/quarkus-jackson-1.2.0.Final.jarMD5: 25ef78d56d890aec97cffe91a5eae0c8SHA1: e90c574855ea58b882d1c5b7d1e7a48b689ffedaSHA256: 6efb762c51ef1858de941b24a0591b9c998ab20ecb53d237968e8784ba0a38e7Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid quarkus-jackson Low Vendor Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-jackson-parent/quarkus-jackson Low Vendor Manifest os-arch amd64 Low Vendor jar package name quarkus Highest Vendor pom parent-artifactid quarkus-jackson-parent Low Vendor Manifest Implementation-Vendor-Id io.quarkus Medium Vendor Manifest java-vendor Oracle Corporation Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor jar package name io Highest Vendor file name quarkus-jackson High Vendor pom name Quarkus - Jackson - Runtime High Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest os-name Linux Medium Vendor jar package name jackson Highest Vendor pom groupid io.quarkus Highest Product pom parent-artifactid quarkus-jackson-parent Medium Product Manifest specification-title Quarkus - Jackson - Runtime Medium Product Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-jackson-parent/quarkus-jackson Low Product jar package name quarkus Highest Product Manifest os-arch amd64 Low Product jar package name io Highest Product pom artifactid quarkus-jackson Highest Product file name quarkus-jackson High Product pom name Quarkus - Jackson - Runtime High Product Manifest Implementation-Title Quarkus - Jackson - Runtime High Product Manifest os-name Linux Medium Product jar package name jackson Highest Product pom groupid io.quarkus Highest Version pom version 1.2.0.Final Highest Version Manifest Implementation-Version 1.2.0.Final High
quarkus-kubernetes-client-1.2.0.Final.jarDescription:
Interact with Kubernetes and develop Kubernetes Operators File Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-kubernetes-client/1.2.0.Final/quarkus-kubernetes-client-1.2.0.Final.jarMD5: 97a853c124da7945e41c4778a5eb7042SHA1: 40431f242fa7153056cf42b97769833ca99399c1SHA256: 3d61a02e62a1d205f22a47c515d52ee540ddf3b8ef45c6382591ecda9bdb062dReferenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor file name quarkus-kubernetes-client High Vendor Manifest os-arch amd64 Low Vendor jar package name quarkus Highest Vendor jar package name kubernetes Highest Vendor Manifest Implementation-Vendor-Id io.quarkus Medium Vendor jar package name client Highest Vendor pom parent-artifactid quarkus-kubernetes-client-parent Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor jar package name io Highest Vendor Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-kubernetes-client-parent/quarkus-kubernetes-client Low Vendor pom name Quarkus - Kubernetes Client - Runtime High Vendor pom artifactid quarkus-kubernetes-client Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest os-name Linux Medium Vendor pom groupid io.quarkus Highest Product pom artifactid quarkus-kubernetes-client Highest Product pom parent-artifactid quarkus-kubernetes-client-parent Medium Product file name quarkus-kubernetes-client High Product Manifest Implementation-Title Quarkus - Kubernetes Client - Runtime High Product jar package name quarkus Highest Product Manifest os-arch amd64 Low Product Manifest specification-title Quarkus - Kubernetes Client - Runtime Medium Product jar package name kubernetes Highest Product jar package name client Highest Product Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-kubernetes-client-parent/quarkus-kubernetes-client Low Product jar package name io Highest Product pom name Quarkus - Kubernetes Client - Runtime High Product Manifest os-name Linux Medium Product pom groupid io.quarkus Highest Version pom version 1.2.0.Final Highest Version Manifest Implementation-Version 1.2.0.Final High
reactive-streams-1.0.3.jarDescription:
A Protocol for Asynchronous Non-Blocking Data Sequence License:
CC0: http://creativecommons.org/publicdomain/zero/1.0/ File Path: /home/jenkins/.mvnrepository/org/reactivestreams/reactive-streams/1.0.3/reactive-streams-1.0.3.jar
MD5: 69122b098fff1c6b1bf2cd3b355e7e03
SHA1: d9fb7a7926ffa635b3dcaa5049fb2bfa25b3e7d0
SHA256: 1dee0481072d19c929b623e155e14d2f6085dc011529a0a0dbefc84cf571d865
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name org.reactivestreams Medium Vendor pom name reactive-streams High Vendor Manifest bundle-symbolicname org.reactivestreams.reactive-streams Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor jar package name reactivestreams Highest Vendor Manifest bundle-docurl http://reactive-streams.org Low Vendor pom groupid org.reactivestreams Highest Vendor pom groupid reactivestreams Highest Vendor pom url http://www.reactive-streams.org/ Highest Vendor file name reactive-streams High Vendor pom artifactid reactive-streams Low Product Manifest automatic-module-name org.reactivestreams Medium Product pom name reactive-streams High Product Manifest bundle-symbolicname org.reactivestreams.reactive-streams Medium Product Manifest Bundle-Name reactive-streams Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name reactivestreams Highest Product Manifest bundle-docurl http://reactive-streams.org Low Product pom artifactid reactive-streams Highest Product pom groupid reactivestreams Highest Product file name reactive-streams High Product pom url http://www.reactive-streams.org/ Medium Version file version 1.0.3 High Version pom version 1.0.3 Highest Version Manifest Bundle-Version 1.0.3 High
resteasy-client-3.15.0.Final.jarFile Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-client/3.15.0.Final/resteasy-client-3.15.0.Final.jarMD5: d29a786f1921d924f27025e29bbb4961SHA1: 8ac39445e8806bd82006877d1e987e303bb14efdSHA256: ddd4087c2d16fbcbd208b3fd2f3ced8e4def72018253cb0f149f47981074f11eReferenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.jboss.resteasy Medium Vendor Manifest os-arch amd64 Low Vendor jar package name resteasy Highest Vendor pom artifactid resteasy-client Low Vendor jar package name jboss Highest Vendor pom parent-artifactid resteasy-jaxrs-all Low Vendor pom groupid org.jboss.resteasy Highest Vendor jar package name client Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom parent-groupid org.jboss.resteasy Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.resteasy Highest Vendor jar package name jaxrs Highest Vendor pom name RESTEasy JAX-RS Client High Vendor Manifest implementation-url http://rest-easy.org/resteasy-client Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor file name resteasy-client High Vendor Manifest os-name Linux Medium Product Manifest specification-title RESTEasy JAX-RS Client Medium Product pom parent-artifactid resteasy-jaxrs-all Medium Product jar package name resteasy Highest Product Manifest os-arch amd64 Low Product pom artifactid resteasy-client Highest Product jar package name jboss Highest Product jar package name client Highest Product Manifest Implementation-Title RESTEasy JAX-RS Client High Product pom parent-groupid org.jboss.resteasy Medium Product pom groupid jboss.resteasy Highest Product jar package name jaxrs Highest Product pom name RESTEasy JAX-RS Client High Product Manifest implementation-url http://rest-easy.org/resteasy-client Low Product file name resteasy-client High Product Manifest os-name Linux Medium Version pom version 3.15.0.Final Highest Version Manifest Implementation-Version 3.15.0.Final High
resteasy-jackson2-provider-3.15.0.Final.jarFile Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-jackson2-provider/3.15.0.Final/resteasy-jackson2-provider-3.15.0.Final.jarMD5: 12d04533eda2a68f6a0eafeb15c76b8fSHA1: 149e9ba330b467f1992c612fbc294298edb7a59fSHA256: ec21a99def3e4f49e509a482cef139402b1a25ae12e86ed724cc694da3f6a57aReferenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.jboss.resteasy Medium Vendor Manifest implementation-url http://rest-easy.org/resteasy-jackson2-provider Low Vendor Manifest os-arch amd64 Low Vendor jar package name resteasy Highest Vendor jar package name jboss Highest Vendor pom artifactid resteasy-jackson2-provider Low Vendor pom parent-artifactid resteasy-jaxrs-all Low Vendor pom groupid org.jboss.resteasy Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom parent-groupid org.jboss.resteasy Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.resteasy Highest Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor file name resteasy-jackson2-provider High Vendor Manifest os-name Linux Medium Vendor pom name RESTEasy Jackson 2 Provider High Product Manifest implementation-url http://rest-easy.org/resteasy-jackson2-provider Low Product pom parent-artifactid resteasy-jaxrs-all Medium Product Manifest specification-title RESTEasy Jackson 2 Provider Medium Product jar package name resteasy Highest Product Manifest os-arch amd64 Low Product Manifest Implementation-Title RESTEasy Jackson 2 Provider High Product jar package name jboss Highest Product pom artifactid resteasy-jackson2-provider Highest Product pom parent-groupid org.jboss.resteasy Medium Product pom groupid jboss.resteasy Highest Product file name resteasy-jackson2-provider High Product Manifest os-name Linux Medium Product pom name RESTEasy Jackson 2 Provider High Version pom version 3.15.0.Final Highest Version Manifest Implementation-Version 3.15.0.Final High
resteasy-jaxb-provider-3.15.0.Final.jarFile Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-jaxb-provider/3.15.0.Final/resteasy-jaxb-provider-3.15.0.Final.jarMD5: e9b168cca34f3dc197b04db792427469SHA1: cfea315075875de8fb54f833b72ec05b6c69b30dSHA256: 4ee1d651db94fb9f8207a3d0aa77a469c4a011be470d44cc43809a1c1e83e3e9Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.jboss.resteasy Medium Vendor Manifest os-arch amd64 Low Vendor jar package name resteasy Highest Vendor jar package name jboss Highest Vendor pom parent-artifactid resteasy-jaxrs-all Low Vendor pom groupid org.jboss.resteasy Highest Vendor file name resteasy-jaxb-provider High Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom parent-groupid org.jboss.resteasy Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.resteasy Highest Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest implementation-url http://rest-easy.org/resteasy-jaxb-provider Low Vendor Manifest os-name Linux Medium Vendor pom artifactid resteasy-jaxb-provider Low Vendor pom name RESTEasy JAXB Provider High Product Manifest specification-title RESTEasy JAXB Provider Medium Product pom parent-artifactid resteasy-jaxrs-all Medium Product jar package name resteasy Highest Product Manifest os-arch amd64 Low Product jar package name jboss Highest Product file name resteasy-jaxb-provider High Product Manifest Implementation-Title RESTEasy JAXB Provider High Product pom parent-groupid org.jboss.resteasy Medium Product pom groupid jboss.resteasy Highest Product pom artifactid resteasy-jaxb-provider Highest Product Manifest implementation-url http://rest-easy.org/resteasy-jaxb-provider Low Product Manifest os-name Linux Medium Product pom name RESTEasy JAXB Provider High Version pom version 3.15.0.Final Highest Version Manifest Implementation-Version 3.15.0.Final High
resteasy-jaxrs-3.15.0.Final.jarFile Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-jaxrs/3.15.0.Final/resteasy-jaxrs-3.15.0.Final.jarMD5: 0745397d0abe02d81e4bd73c40cb0b79SHA1: 3b74a65a99102ddd7e57b0ad2ab747c15a9aa571SHA256: deb50838eb19788b1e6ae15a181a6aafba770040f95ea3937e74c9d478ce74ceReferenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.jboss.resteasy Medium Vendor Manifest os-arch amd64 Low Vendor jar package name resteasy Highest Vendor pom name RESTEasy JAX-RS Implementation High Vendor jar package name jboss Highest Vendor pom parent-artifactid resteasy-jaxrs-all Low Vendor pom groupid org.jboss.resteasy Highest Vendor file name resteasy-jaxrs High Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom parent-groupid org.jboss.resteasy Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.resteasy Highest Vendor jar package name jaxrs Highest Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest implementation-url http://rest-easy.org/resteasy-jaxrs Low Vendor pom artifactid resteasy-jaxrs Low Vendor Manifest os-name Linux Medium Product pom parent-artifactid resteasy-jaxrs-all Medium Product jar package name resteasy Highest Product Manifest os-arch amd64 Low Product pom name RESTEasy JAX-RS Implementation High Product jar package name jboss Highest Product file name resteasy-jaxrs High Product pom parent-groupid org.jboss.resteasy Medium Product pom groupid jboss.resteasy Highest Product jar package name jaxrs Highest Product pom artifactid resteasy-jaxrs Highest Product Manifest implementation-url http://rest-easy.org/resteasy-jaxrs Low Product Manifest Implementation-Title RESTEasy JAX-RS Implementation High Product Manifest specification-title RESTEasy JAX-RS Implementation Medium Product Manifest os-name Linux Medium Version pom version 3.15.0.Final Highest Version Manifest Implementation-Version 3.15.0.Final High
resteasy-multipart-provider-3.15.0.Final.jarFile Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-multipart-provider/3.15.0.Final/resteasy-multipart-provider-3.15.0.Final.jarMD5: c442a9d90e994fd973394bb5fd6921afSHA1: 1517ad86cab1647866c594d9cc2103323ecb9e82SHA256: 30dd1f984ce5f7b751408b5badf7365485f400db6e802cb5c5bceba4aa01df82Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.jboss.resteasy Medium Vendor pom name RESTEasy Multipart Provider High Vendor Manifest os-arch amd64 Low Vendor jar package name resteasy Highest Vendor file name resteasy-multipart-provider High Vendor jar package name jboss Highest Vendor pom parent-artifactid resteasy-jaxrs-all Low Vendor pom groupid org.jboss.resteasy Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom parent-groupid org.jboss.resteasy Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.resteasy Highest Vendor Manifest implementation-url http://rest-easy.org/resteasy-multipart-provider Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor pom artifactid resteasy-multipart-provider Low Vendor Manifest os-name Linux Medium Product pom name RESTEasy Multipart Provider High Product pom parent-artifactid resteasy-jaxrs-all Medium Product jar package name resteasy Highest Product Manifest os-arch amd64 Low Product file name resteasy-multipart-provider High Product jar package name jboss Highest Product pom parent-groupid org.jboss.resteasy Medium Product pom groupid jboss.resteasy Highest Product Manifest specification-title RESTEasy Multipart Provider Medium Product Manifest implementation-url http://rest-easy.org/resteasy-multipart-provider Low Product Manifest Implementation-Title RESTEasy Multipart Provider High Product Manifest os-name Linux Medium Product pom artifactid resteasy-multipart-provider Highest Version pom version 3.15.0.Final Highest Version Manifest Implementation-Version 3.15.0.Final High
slf4j-api-1.7.16.jarDescription:
The slf4j API File Path: /home/jenkins/.mvnrepository/org/slf4j/slf4j-api/1.7.16/slf4j-api-1.7.16.jarMD5: 88a2b365604915be96d5a472209f6a37SHA1: 3a6274f658487d5bfff9af3862beff6da1e7fd52SHA256: e56288031f5e60652c06e7bb6e9fa410a61231ab54890f7b708fc6adc4107c5bReferenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name slf4j Highest Vendor pom parent-groupid org.slf4j Medium Vendor pom groupid org.slf4j Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor file name slf4j-api High Vendor pom artifactid slf4j-api Low Vendor pom url http://www.slf4j.org Highest Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom parent-artifactid slf4j-parent Low Vendor pom groupid slf4j Highest Vendor pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom parent-groupid org.slf4j Medium Product pom artifactid slf4j-api Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product file name slf4j-api High Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product pom url http://www.slf4j.org Medium Product pom name SLF4J API Module High Product jar package name slf4j Highest Product pom groupid slf4j Highest Product Manifest Bundle-Name slf4j-api Medium Version Manifest Implementation-Version 1.7.16 High Version Manifest Bundle-Version 1.7.16 High Version file version 1.7.16 High Version pom version 1.7.16 Highest
slf4j-jboss-logging-1.2.0.Final.jarDescription:
slf4j to JBoss Logging Adapter File Path: /home/jenkins/.mvnrepository/org/jboss/slf4j/slf4j-jboss-logging/1.2.0.Final/slf4j-jboss-logging-1.2.0.Final.jarMD5: 0eb1cd6c7ae4250d88767bb869550ddfSHA1: bff294c02b64ad6bf8af6e6994e186dc035e0a47SHA256: 15c573e27ee617c996a423da7ce75560a43663155a81158701342baca2faa0daReferenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom groupid jboss.slf4j Highest Vendor pom name slf4j to JBoss Logging Adapter High Vendor Manifest os-arch amd64 Low Vendor pom parent-groupid org.jboss Medium Vendor jar package name jboss Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor file name slf4j-jboss-logging High Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor jar package name slf4j Highest Vendor pom groupid org.jboss.slf4j Highest Vendor Manifest implementation-url http://www.jboss.org Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest Implementation-Vendor-Id org.jboss.slf4j Medium Vendor Manifest os-name Linux Medium Vendor pom parent-artifactid jboss-parent Low Vendor pom url http://www.jboss.org Highest Vendor pom artifactid slf4j-jboss-logging Low Product pom groupid jboss.slf4j Highest Product pom name slf4j to JBoss Logging Adapter High Product Manifest os-arch amd64 Low Product pom parent-groupid org.jboss Medium Product pom url http://www.jboss.org Medium Product jar package name jboss Highest Product file name slf4j-jboss-logging High Product Manifest Implementation-Title slf4j to JBoss Logging Adapter High Product Manifest specification-title slf4j to JBoss Logging Adapter Medium Product jar package name slf4j Highest Product pom parent-artifactid jboss-parent Medium Product Manifest implementation-url http://www.jboss.org Low Product pom artifactid slf4j-jboss-logging Highest Product Manifest os-name Linux Medium Version pom version 1.2.0.Final Highest Version Manifest Implementation-Version 1.2.0.Final High Version pom parent-version 1.2.0.Final Low
smallrye-config-1.5.1.jarFile Path: /home/jenkins/.mvnrepository/io/smallrye/config/smallrye-config/1.5.1/smallrye-config-1.5.1.jarMD5: 1e37dc34ecc68f5605d45743dffd1c3dSHA1: 364701d3537a7738a5e6bf75fa0f967c705e2adcSHA256: 0a0cca7d455f9f8d11619f785feeaa616716a5d6e2dbee2e258d0c6eb8872783Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.smallrye.config Highest Vendor pom name SmallRye: MicroProfile Config Implementation High Vendor pom artifactid smallrye-config Low Vendor file name smallrye-config High Vendor pom parent-artifactid smallrye-config-parent Low Vendor jar package name config Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor jar package name smallrye Highest Vendor jar package name io Highest Product pom groupid io.smallrye.config Highest Product pom artifactid smallrye-config Highest Product pom name SmallRye: MicroProfile Config Implementation High Product pom parent-artifactid smallrye-config-parent Medium Product file name smallrye-config High Product jar package name config Highest Product Manifest build-jdk-spec 1.8 Low Product jar package name smallrye Highest Product jar package name io Highest Version file version 1.5.1 High Version pom version 1.5.1 Highest
smallrye-config-common-1.5.1.jarFile Path: /home/jenkins/.mvnrepository/io/smallrye/config/smallrye-config-common/1.5.1/smallrye-config-common-1.5.1.jarMD5: 86f9fc5802e8903e554fd22c33dce0bcSHA1: a7455c6ce2c1d907c2e1b4c4e32226f6350d854cSHA256: 09f01bee7e435d99a028375ea656d7b749423f71bc7c56b867105ad006d6a091Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.smallrye.config Highest Vendor jar package name common Highest Vendor file name smallrye-config-common High Vendor pom parent-artifactid smallrye-config-parent Low Vendor jar package name config Highest Vendor pom name SmallRye: Common classes High Vendor Manifest build-jdk-spec 1.8 Low Vendor jar package name smallrye Highest Vendor jar package name io Highest Vendor pom artifactid smallrye-config-common Low Product pom groupid io.smallrye.config Highest Product jar package name common Highest Product pom parent-artifactid smallrye-config-parent Medium Product pom artifactid smallrye-config-common Highest Product file name smallrye-config-common High Product jar package name config Highest Product pom name SmallRye: Common classes High Product Manifest build-jdk-spec 1.8 Low Product jar package name smallrye Highest Product jar package name io Highest Version file version 1.5.1 High Version pom version 1.5.1 Highest
snakeyaml-1.27.jarDescription:
YAML 1.1 parser and emitter for Java License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/org/yaml/snakeyaml/1.27/snakeyaml-1.27.jar
MD5: 466ff09da784f9f21b2e6bf3b486a8cd
SHA1: 359d62567480b07a679dc643f82fc926b100eed5
SHA256: 7e7cce6740ed705bfdfaac7b442c1375d2986d2f2935936a5bd40c14e18fd736
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name yaml Highest Vendor jar package name snakeyaml Highest Vendor file name snakeyaml High Vendor pom url http://www.snakeyaml.org Highest Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor jar package name parser Highest Vendor pom groupid yaml Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom name SnakeYAML High Vendor pom artifactid snakeyaml Low Vendor Manifest automatic-module-name org.yaml.snakeyaml Medium Vendor jar package name emitter Highest Vendor pom groupid org.yaml Highest Product Manifest Bundle-Name SnakeYAML Medium Product jar package name yaml Highest Product jar package name snakeyaml Highest Product file name snakeyaml High Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product jar package name parser Highest Product pom groupid yaml Highest Product pom url http://www.snakeyaml.org Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom name SnakeYAML High Product Manifest automatic-module-name org.yaml.snakeyaml Medium Product jar package name emitter Highest Product pom artifactid snakeyaml Highest Version file version 1.27 High Version pom version 1.27 Highest
txw2-2.3.3-b01.jarDescription:
TXW is a library that allows you to write XML documents.
File Path: /home/jenkins/.mvnrepository/org/glassfish/jaxb/txw2/2.3.3-b01/txw2-2.3.3-b01.jarMD5: 4e7db62b457d1876874d46956e0a9ff4SHA1: 4679019bd1f908a792a07ef9db542cf37759367eSHA256: d0de4c8f2ab610409c6659f44d7962200306ef9a6e9cb96a611ccf1e683a9f36Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name sun Highest Vendor pom groupid glassfish.jaxb Highest Vendor pom name TXW2 Runtime High Vendor jar package name txw Highest Vendor pom parent-artifactid jaxb-txw-parent Low Vendor Manifest build-jdk-spec 11 Low Vendor file name txw2 High Vendor Manifest git-revision 7d3cd30 Low Vendor pom parent-groupid com.sun.xml.bind.mvn Medium Vendor jar (hint) package name oracle Highest Vendor jar package name xml Highest Vendor jar package name txw2 Highest Vendor Manifest Implementation-Vendor-Id org.eclipse Medium Vendor pom groupid org.glassfish.jaxb Highest Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor pom artifactid txw2 Low Product jar package name sun Highest Product pom groupid glassfish.jaxb Highest Product pom name TXW2 Runtime High Product jar package name txw Highest Product Manifest specification-title Jakarta XML Binding Medium Product Manifest build-jdk-spec 11 Low Product file name txw2 High Product Manifest git-revision 7d3cd30 Low Product Manifest Implementation-Title Jakarta XML Binding Implementation High Product pom parent-groupid com.sun.xml.bind.mvn Medium Product jar package name xml Highest Product jar package name txw2 Highest Product pom artifactid txw2 Highest Product pom parent-artifactid jaxb-txw-parent Medium Version pom version 2.3.3-b01 Highest Version Manifest Implementation-Version 2.3.3-b01 High Version Manifest build-id 2.3.3-b01 Medium
wildfly-common-1.5.0.Final-format-001.jarLicense:
Apache License 2.0: http://repository.jboss.org/licenses/apache-2.0.txt File Path: /home/jenkins/.mvnrepository/org/wildfly/common/wildfly-common/1.5.0.Final-format-001/wildfly-common-1.5.0.Final-format-001.jar
MD5: 8da4ec4b383b3b133ba05d7c763dd8bf
SHA1: 2ede1a86b07475cf0657288e0c5dd1e5e47d12da
SHA256: 150e6c8c4b588e50570051151b16e10f99cb771527e563e4958bbd6649c27a9c
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor jar package name wildfly Highest Vendor pom groupid wildfly.common Highest Vendor jar package name common Highest Vendor jar package name org Highest Vendor Manifest os-arch amd64 Low Vendor pom parent-groupid org.jboss Medium Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest implementation-url http://www.jboss.org/wildfly-common Low Vendor hint analyzer vendor redhat Highest Vendor pom groupid org.wildfly.common Highest Vendor file name wildfly-common High Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor Manifest multi-release true Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest os-name Linux Medium Vendor Manifest Implementation-Vendor-Id org.wildfly.common Medium Vendor pom parent-artifactid jboss-parent-mr-jar Low Vendor pom artifactid wildfly-common Low Product jar package name wildfly Highest Product pom groupid wildfly.common Highest Product jar package name common Highest Product jar package name org Highest Product Manifest os-arch amd64 Low Product pom parent-groupid org.jboss Medium Product Manifest implementation-url http://www.jboss.org/wildfly-common Low Product file name wildfly-common High Product Manifest multi-release true Low Product Manifest specification-title wildfly-common Medium Product Manifest Implementation-Title wildfly-common High Product pom parent-artifactid jboss-parent-mr-jar Medium Product pom artifactid wildfly-common Highest Product Manifest os-name Linux Medium Version Manifest Implementation-Version 1.5.0.Final-format-001 High Version pom version 1.5.0.Final-format-001 Highest Version pom parent-version 1.5.0.Final-format-001 Low
zjsonpatch-0.3.0.jarDescription:
Java Library to find / apply JSON Patches according to RFC 6902 License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/io/fabric8/zjsonpatch/0.3.0/zjsonpatch-0.3.0.jar
MD5: c47f98189f594bd86ccbf40c5391b600
SHA1: d3ebf0f291297649b4c8dc3ecc81d2eddedc100d
SHA256: ae4e5e931646a25cb09b55186de4f3346e358e01130bef279ddf495a719c71d5
Referenced In Project/Scope: Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile
Evidence Type Source Name Value Confidence Vendor file name zjsonpatch High Vendor jar package name zjsonpatch Highest Vendor jar package name fabric8 Highest Vendor Manifest os-arch amd64 Low Vendor pom url fabric8io/zjsonpatch/ Highest Vendor Manifest implementation-url https://github.com/fabric8io/zjsonpatch/ Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor jar package name io Highest Vendor pom artifactid zjsonpatch Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest Implementation-Vendor-Id io.fabric8 Medium Vendor Manifest os-name Linux Medium Vendor Manifest build-timestamp ${build.datetime} Low Vendor pom name zjsonpatch High Vendor pom groupid io.fabric8 Highest Vendor Manifest bundle-symbolicname io.fabric8.zjsonpatch Medium Product file name zjsonpatch High Product pom artifactid zjsonpatch Highest Product Manifest specification-title zjsonpatch Medium Product jar package name zjsonpatch Highest Product jar package name fabric8 Highest Product Manifest Bundle-Name zjsonpatch Medium Product Manifest os-arch amd64 Low Product Manifest implementation-url https://github.com/fabric8io/zjsonpatch/ Low Product Manifest Implementation-Title zjsonpatch High Product jar package name io Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest os-name Linux Medium Product pom url fabric8io/zjsonpatch/ High Product Manifest build-timestamp ${build.datetime} Low Product pom name zjsonpatch High Product Manifest bundle-symbolicname io.fabric8.zjsonpatch Medium Product pom groupid io.fabric8 Highest Version pom version 0.3.0 Highest Version Manifest Bundle-Version 0.3.0 High Version Manifest Implementation-Version 0.3.0 High Version file version 0.3.0 High
Suppressed Vulnerabilities arc-1.2.0.Final.jar File Path: /home/jenkins/.mvnrepository/io/quarkus/arc/arc/1.2.0.Final/arc-1.2.0.Final.jarMD5: 407b54e2c412dfa51b8dc739149def9eSHA1: 8ca3834e147a87ef27da11abcbf4da73fa3f4e7fSHA256: 2b86becbf25944307b5b6b442b749d6a79dbd206afc338ab776183d332d2007e
Evidence Type Source Name Value Confidence Vendor file name arc High Vendor Manifest os-arch amd64 Low Vendor jar package name quarkus Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom groupid io.quarkus.arc Highest Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor jar package name io Highest Vendor jar package name arc Highest Vendor Manifest Implementation-Vendor-Id io.quarkus.arc Medium Vendor pom artifactid arc Low Vendor Manifest implementation-url http://www.jboss.org/arc-parent/arc Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor pom name ArC - Runtime High Vendor pom parent-artifactid arc-parent Low Vendor Manifest os-name Linux Medium Product pom parent-artifactid arc-parent Medium Product pom artifactid arc Highest Product file name arc High Product Manifest os-arch amd64 Low Product jar package name quarkus Highest Product pom groupid io.quarkus.arc Highest Product jar package name arc Highest Product jar package name io Highest Product Manifest implementation-url http://www.jboss.org/arc-parent/arc Low Product Manifest Implementation-Title ArC - Runtime High Product Manifest specification-title ArC - Runtime Medium Product pom name ArC - Runtime High Product Manifest os-name Linux Medium Version pom version 1.2.0.Final Highest Version Manifest Implementation-Version 1.2.0.Final High
Suppressed Vulnerabilities CVE-2017-18640 suppressed
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-14900 suppressed
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N CVSSv3:
MEDIUM (6.5) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-10693 suppressed
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. CWE-20 Improper Input Validation
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-13692 suppressed
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
HIGH (7.7) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-13956 suppressed
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. NVD-CWE-noinfo
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-1714 suppressed
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. CWE-20 Improper Input Validation
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
HIGH (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-1728 suppressed
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors. CWE-1021 Improper Restriction of Rendered UI Layers or Frames
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
MEDIUM (5.4) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-25638 suppressed
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
HIGH (7.4) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-25649 suppressed
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppressed
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. CWE-732 Incorrect Permission Assignment for Critical Resource
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
LOW (3.3) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
entando-k8s-custom-model-6.3.4.jar Description:
Entando's Kubernetes Custom Resources License:
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1, February 1999: https://www.gnu.org/licenses/lgpl-2.1.txt File Path: /home/jenkins/.mvnrepository/org/entando/entando-k8s-custom-model/6.3.4/entando-k8s-custom-model-6.3.4.jar
MD5: c744809d5012ba2e91767c76349709bd
SHA1: d40dc798900cb12eb1275bca1ce755a59a3aa09d
SHA256: d77e0ec0f4eb5707ebf3668bee92afeefed142b80506ba90f59e566a55002c94
Evidence Type Source Name Value Confidence Vendor Manifest implementation-build 6.3.4 Low Vendor pom organization name Entando Inc. High Vendor Manifest build-jdk-spec 11 Low Vendor file name entando-k8s-custom-model High Vendor jar package name kubernetes Highest Vendor jar package name entando Highest Vendor Manifest Implementation-Vendor Entando Inc. High Vendor jar package name model Highest Vendor pom url https://central.entando.com Highest Vendor pom groupid org.entando Highest Vendor pom artifactid entando-k8s-custom-model Low Vendor pom organization url http://www.entando.com/ Medium Vendor pom groupid entando Highest Vendor pom parent-groupid org.entando Medium Vendor pom parent-artifactid entando-quarkus-parent Low Vendor pom name Entando Kubernetes Custom Model High Product Manifest implementation-build 6.3.4 Low Product Manifest Implementation-Title Entando Kubernetes Custom Model High Product Manifest build-jdk-spec 11 Low Product file name entando-k8s-custom-model High Product jar package name kubernetes Highest Product jar package name entando Highest Product jar package name model Highest Product pom organization url http://www.entando.com/ Low Product pom parent-artifactid entando-quarkus-parent Medium Product pom organization name Entando Inc. Low Product pom artifactid entando-k8s-custom-model Highest Product pom groupid entando Highest Product pom parent-groupid org.entando Medium Product pom name Entando Kubernetes Custom Model High Product pom url https://central.entando.com Medium Version file version 6.3.4 High Version Manifest implementation-build 6.3.4 Low Version pom parent-version 6.3.4 Low Version pom version 6.3.4 Highest Version Manifest Implementation-Version 6.3.4 High
cpe:2.3:a:kubernetes:kubernetes:6.3.4:*:*:*:*:*:*:* suppressed (Confidence :Low)Notes: A whole lot of false positives based on K8S's internals that have nothing to do with our CRDs Suppressed Vulnerabilities CVE-2020-8554 suppressed
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
MEDIUM (5.0) CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L References:
Vulnerable Software & Versions:
keycloak-admin-client-9.0.3.jar File Path: /home/jenkins/.mvnrepository/org/keycloak/keycloak-admin-client/9.0.3/keycloak-admin-client-9.0.3.jarMD5: 61a28fd1ca633bbee49d099f65d65862SHA1: d7f19c2de49e6aa201951a7845d5f8e24973097aSHA256: 5d16705f1f739499769e8ab7cb88b76030431f1f06e0e562442434156b8c359d
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.keycloak Medium Vendor pom name Keycloak Admin REST Client High Vendor jar package name keycloak Highest Vendor pom artifactid keycloak-admin-client Low Vendor Manifest os-arch amd64 Low Vendor pom groupid keycloak Highest Vendor pom groupid org.keycloak Highest Vendor jar package name client Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom parent-artifactid keycloak-integration-parent Low Vendor jar package name admin Highest Vendor pom parent-groupid org.keycloak Medium Vendor file name keycloak-admin-client High Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest implementation-url http://keycloak.org/keycloak-integration-parent/keycloak-admin-client Low Vendor Manifest os-name Linux Medium Product pom name Keycloak Admin REST Client High Product jar package name keycloak Highest Product Manifest os-arch amd64 Low Product pom parent-artifactid keycloak-integration-parent Medium Product pom groupid keycloak Highest Product pom artifactid keycloak-admin-client Highest Product jar package name client Highest Product jar package name admin Highest Product pom parent-groupid org.keycloak Medium Product file name keycloak-admin-client High Product Manifest implementation-url http://keycloak.org/keycloak-integration-parent/keycloak-admin-client Low Product Manifest os-name Linux Medium Product Manifest Implementation-Title Keycloak Admin REST Client High Product Manifest specification-title Keycloak Admin REST Client Medium Version Manifest Implementation-Version 9.0.3 High Version file version 9.0.3 High Version pom version 9.0.3 Highest
Suppressed Vulnerabilities CVE-2020-10758 suppressed
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body. CWE-770 Allocation of Resources Without Limits or Throttling
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-10770 suppressed
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack. CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2020-10776 suppressed
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N CVSSv3:
MEDIUM (4.8) CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2020-14302 suppressed
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks. CWE-294 Authentication Bypass by Capture-replay
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N CVSSv3:
MEDIUM (4.9) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2020-14359 suppressed
A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers. CWE-305 Authentication Bypass by Primary Weakness
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
HIGH (7.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L References:
Vulnerable Software & Versions:
CVE-2020-14366 suppressed
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2020-14389 suppressed
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. CWE-269 Improper Privilege Management
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N CVSSv3:
HIGH (8.1) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2020-1694 suppressed
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions. CWE-732 Incorrect Permission Assignment for Critical Resource
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N CVSSv3:
MEDIUM (4.9) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2020-1714 suppressed
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. CWE-20 Improper Input Validation
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
HIGH (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-1725 suppressed
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token. CWE-863 Incorrect Authorization
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N CVSSv3:
MEDIUM (5.4) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2020-1728 suppressed
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors. CWE-1021 Improper Restriction of Rendered UI Layers or Frames
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
MEDIUM (5.4) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-1758 suppressed
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack. CWE-295 Improper Certificate Validation
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
MEDIUM (5.9) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-27838 suppressed
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality. CWE-287 Improper Authentication
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
MEDIUM (6.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
keycloak-common-9.0.3.jar Description:
Common library and dependencies shared with server and all adapters License:
https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/jenkins/.mvnrepository/org/keycloak/keycloak-common/9.0.3/keycloak-common-9.0.3.jar
MD5: 904371bebd3b8d8944e7793087a95357
SHA1: 75406689a282c91c52b258167ec1d1d8d902348e
SHA256: 979f8b1c9db5ca8dbb5aa2eac73920e640e575f3090a926c85d29025b458c0ee
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.keycloak Medium Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor file name keycloak-common High Vendor jar package name common Highest Vendor jar package name keycloak Highest Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest os-arch amd64 Low Vendor Manifest implementation-url http://keycloak.org/keycloak-common Low Vendor pom groupid keycloak Highest Vendor pom groupid org.keycloak Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid keycloak-common Low Vendor pom name Keycloak Common High Vendor pom parent-groupid org.keycloak Medium Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest bundle-symbolicname org.keycloak.keycloak-common Medium Vendor Manifest os-name Linux Medium Vendor pom parent-artifactid keycloak-parent Low Product Manifest specification-title Keycloak Common Medium Product Manifest bundle-docurl http://www.jboss.org Low Product file name keycloak-common High Product jar package name common Highest Product Manifest Implementation-Title Keycloak Common High Product jar package name keycloak Highest Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom artifactid keycloak-common Highest Product Manifest os-arch amd64 Low Product pom parent-artifactid keycloak-parent Medium Product Manifest implementation-url http://keycloak.org/keycloak-common Low Product pom groupid keycloak Highest Product Manifest Bundle-Name Keycloak Common Medium Product pom name Keycloak Common High Product pom parent-groupid org.keycloak Medium Product Manifest bundle-symbolicname org.keycloak.keycloak-common Medium Product Manifest os-name Linux Medium Version Manifest Bundle-Version 9.0.3 High Version Manifest Implementation-Version 9.0.3 High Version file version 9.0.3 High Version pom version 9.0.3 Highest
Suppressed Vulnerabilities CVE-2020-10758 suppressed
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body. CWE-770 Allocation of Resources Without Limits or Throttling
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-10770 suppressed
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack. CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2020-10776 suppressed
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N CVSSv3:
MEDIUM (4.8) CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2020-14302 suppressed
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks. CWE-294 Authentication Bypass by Capture-replay
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N CVSSv3:
MEDIUM (4.9) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2020-14359 suppressed
A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers. CWE-305 Authentication Bypass by Primary Weakness
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
HIGH (7.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L References:
Vulnerable Software & Versions:
CVE-2020-14366 suppressed
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2020-14389 suppressed
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. CWE-269 Improper Privilege Management
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N CVSSv3:
HIGH (8.1) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2020-1694 suppressed
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions. CWE-732 Incorrect Permission Assignment for Critical Resource
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N CVSSv3:
MEDIUM (4.9) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2020-1714 suppressed
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. CWE-20 Improper Input Validation
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
HIGH (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-1725 suppressed
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token. CWE-863 Incorrect Authorization
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N CVSSv3:
MEDIUM (5.4) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2020-1728 suppressed
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors. CWE-1021 Improper Restriction of Rendered UI Layers or Frames
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
MEDIUM (5.4) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-1758 suppressed
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack. CWE-295 Improper Certificate Validation
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
MEDIUM (5.9) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-27838 suppressed
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality. CWE-287 Improper Authentication
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
MEDIUM (6.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
keycloak-core-9.0.3.jar License:
https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/jenkins/.mvnrepository/org/keycloak/keycloak-core/9.0.3/keycloak-core-9.0.3.jar
MD5: cbfe7dce03d6484b9484fe001f2c9bdb
SHA1: 25064b55a0323c359ab3b3794b2bc656ccb47571
SHA256: a276663e6902c820f3484a18dabb2a9e1094be1306defd9a3a36d11e0ec6d007
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.keycloak Medium Vendor Manifest implementation-url http://keycloak.org/keycloak-core Low Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor pom name Keycloak Core High Vendor jar package name keycloak Highest Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest os-arch amd64 Low Vendor pom artifactid keycloak-core Low Vendor pom groupid keycloak Highest Vendor pom groupid org.keycloak Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom parent-groupid org.keycloak Medium Vendor file name keycloak-core High Vendor Manifest bundle-symbolicname org.keycloak.keycloak-core Medium Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest os-name Linux Medium Vendor pom parent-artifactid keycloak-parent Low Product Manifest implementation-url http://keycloak.org/keycloak-core Low Product Manifest bundle-docurl http://www.jboss.org Low Product pom name Keycloak Core High Product jar package name keycloak Highest Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest os-arch amd64 Low Product pom parent-artifactid keycloak-parent Medium Product pom groupid keycloak Highest Product Manifest specification-title Keycloak Core Medium Product Manifest Bundle-Name Keycloak Core Medium Product Manifest Implementation-Title Keycloak Core High Product pom parent-groupid org.keycloak Medium Product file name keycloak-core High Product Manifest bundle-symbolicname org.keycloak.keycloak-core Medium Product pom artifactid keycloak-core Highest Product Manifest os-name Linux Medium Version Manifest Bundle-Version 9.0.3 High Version Manifest Implementation-Version 9.0.3 High Version file version 9.0.3 High Version pom version 9.0.3 Highest
Suppressed Vulnerabilities CVE-2020-10758 suppressed
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body. CWE-770 Allocation of Resources Without Limits or Throttling
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-10770 suppressed
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack. CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2020-10776 suppressed
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N CVSSv3:
MEDIUM (4.8) CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2020-14302 suppressed
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks. CWE-294 Authentication Bypass by Capture-replay
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N CVSSv3:
MEDIUM (4.9) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2020-14359 suppressed
A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers. CWE-305 Authentication Bypass by Primary Weakness
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
HIGH (7.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L References:
Vulnerable Software & Versions:
CVE-2020-14366 suppressed
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2020-14389 suppressed
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. CWE-269 Improper Privilege Management
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N CVSSv3:
HIGH (8.1) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2020-1694 suppressed
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions. CWE-732 Incorrect Permission Assignment for Critical Resource
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N CVSSv3:
MEDIUM (4.9) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2020-1714 suppressed
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. CWE-20 Improper Input Validation
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
HIGH (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-1725 suppressed
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token. CWE-863 Incorrect Authorization
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N CVSSv3:
MEDIUM (5.4) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2020-1728 suppressed
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors. CWE-1021 Improper Restriction of Rendered UI Layers or Frames
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
MEDIUM (5.4) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-1758 suppressed
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack. CWE-295 Improper Certificate Validation
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
MEDIUM (5.9) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-27838 suppressed
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality. CWE-287 Improper Authentication
Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as
background processes that do not expose services.
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
MEDIUM (6.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
kubernetes-client-4.7.0.jar File Path: /home/jenkins/.mvnrepository/io/fabric8/kubernetes-client/4.7.0/kubernetes-client-4.7.0.jarMD5: 1d356d064e8186b15903298b43e6be1dSHA1: 12547e58b775e415157315048224be39e3944afaSHA256: b30d0b9908d4e3f9f6a050d05e568de892f9616de4fecdac131fde3e246bf3c7
Evidence Type Source Name Value Confidence Vendor jar package name fabric8 Highest Vendor pom parent-artifactid kubernetes-client-project Low Vendor jar package name kubernetes Highest Vendor pom name Fabric8 :: Kubernetes :: Java Client High Vendor pom artifactid kubernetes-client Low Vendor file name kubernetes-client High Vendor jar package name client Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor pom groupid io.fabric8 Highest Vendor jar package name io Highest Product jar package name fabric8 Highest Product pom parent-artifactid kubernetes-client-project Medium Product pom artifactid kubernetes-client Highest Product jar package name kubernetes Highest Product pom name Fabric8 :: Kubernetes :: Java Client High Product file name kubernetes-client High Product jar package name client Highest Product Manifest build-jdk-spec 1.8 Low Product pom groupid io.fabric8 Highest Product jar package name io Highest Version pom version 4.7.0 Highest Version file version 4.7.0 High
Suppressed Vulnerabilities CVE-2020-8554 suppressed
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
MEDIUM (5.0) CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L References:
Vulnerable Software & Versions:
CVE-2020-8570 suppressed
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Notes: A whole lot of false positives based on K8S's internals that have nothing to do with our CRDs
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:P CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
kubernetes-model-4.7.0.jar Description:
Java client for Kubernetes and OpenShift License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/jenkins/.mvnrepository/io/fabric8/kubernetes-model/4.7.0/kubernetes-model-4.7.0.jar
MD5: 87609db8395ebd5136763394a11eb8fc
SHA1: cf4831621a7f61deb5e87c9390ef7b970f16d909
SHA256: 1ecfcd2bfd4ddfe457723af295ef5ec7231f02aafb9c8799fa7fb73d446411fe
Evidence Type Source Name Value Confidence Vendor pom name Fabric8 :: Kubernetes Model High Vendor jar package name fabric8 Highest Vendor Manifest os-arch amd64 Low Vendor jar package name kubernetes Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor file name kubernetes-model High Vendor Manifest bundle-docurl http://redhat.com Low Vendor Manifest implementation-url http://fabric8.io/kubernetes-model-generator/kubernetes-model/ Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor jar package name io Highest Vendor Manifest Implementation-Vendor Red Hat High Vendor Manifest bundle-symbolicname io.fabric8.kubernetes-model Medium Vendor Manifest Implementation-Vendor-Id io.fabric8 Medium Vendor pom parent-artifactid kubernetes-model-generator Low Vendor pom artifactid kubernetes-model Low Vendor Manifest os-name Linux Medium Vendor Manifest build-timestamp ${build.datetime} Low Vendor Manifest specification-vendor Red Hat Low Vendor pom groupid io.fabric8 Highest Product pom name Fabric8 :: Kubernetes Model High Product jar package name fabric8 Highest Product Manifest os-arch amd64 Low Product jar package name kubernetes Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product file name kubernetes-model High Product Manifest bundle-docurl http://redhat.com Low Product Manifest implementation-url http://fabric8.io/kubernetes-model-generator/kubernetes-model/ Low Product jar package name io Highest Product Manifest Implementation-Title Fabric8 :: Kubernetes Model High Product Manifest Bundle-Name Fabric8 :: Kubernetes Model Medium Product Manifest bundle-symbolicname io.fabric8.kubernetes-model Medium Product Manifest specification-title Fabric8 :: Kubernetes Model Medium Product jar package name openshift Highest Product pom artifactid kubernetes-model Highest Product Manifest os-name Linux Medium Product Manifest build-timestamp ${build.datetime} Low Product pom groupid io.fabric8 Highest Product pom parent-artifactid kubernetes-model-generator Medium Version pom version 4.7.0 Highest Version file version 4.7.0 High Version Manifest Bundle-Version 4.7.0 High Version Manifest Implementation-Version 4.7.0 High
Suppressed Vulnerabilities CVE-2020-8570 suppressed
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Notes: A whole lot of false positives based on K8S's internals that have nothing to do with our CRDs
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:P CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
kubernetes-model-common-4.7.0.jar File Path: /home/jenkins/.mvnrepository/io/fabric8/kubernetes-model-common/4.7.0/kubernetes-model-common-4.7.0.jarMD5: 1845c2fd17622c1f9980ddbf3183e84eSHA1: 38e88a4bdf0d4a77089927494aa60358b8b66455SHA256: b5bdb86d95feba870016a67304f822a26112db7c30eb4bc656ef502a44a660f3
Evidence Type Source Name Value Confidence Vendor pom name Fabric8 :: Kubernetes Model :: Common High Vendor jar package name fabric8 Highest Vendor Manifest os-arch amd64 Low Vendor file name kubernetes-model-common High Vendor jar package name kubernetes Highest Vendor Manifest build-timestamp Wed, 8 Jan 2020 13:20:45 +0000 Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor jar package name model Highest Vendor Manifest Implementation-Vendor Red Hat High Vendor jar package name io Highest Vendor Manifest implementation-url http://fabric8.io/kubernetes-model-generator/kubernetes-model-common/ Low Vendor pom parent-artifactid kubernetes-model-generator Low Vendor pom artifactid kubernetes-model-common Low Vendor Manifest os-name Linux Medium Vendor Manifest specification-vendor Red Hat Low Vendor pom groupid io.fabric8 Highest Product pom name Fabric8 :: Kubernetes Model :: Common High Product jar package name fabric8 Highest Product Manifest os-arch amd64 Low Product file name kubernetes-model-common High Product jar package name kubernetes Highest Product Manifest build-timestamp Wed, 8 Jan 2020 13:20:45 +0000 Low Product jar package name model Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Fabric8 :: Kubernetes Model :: Common High Product Manifest specification-title Fabric8 :: Kubernetes Model :: Common Medium Product jar package name io Highest Product Manifest implementation-url http://fabric8.io/kubernetes-model-generator/kubernetes-model-common/ Low Product pom artifactid kubernetes-model-common Highest Product Manifest os-name Linux Medium Product pom groupid io.fabric8 Highest Product pom parent-artifactid kubernetes-model-generator Medium Version pom version 4.7.0 Highest Version file version 4.7.0 High Version Manifest Implementation-Version 4.7.0 High
Suppressed Vulnerabilities CVE-2020-8554 suppressed
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
MEDIUM (5.0) CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L References:
Vulnerable Software & Versions:
quarkus-arc-1.2.0.Final.jar Description:
Build time CDI dependency injection File Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-arc/1.2.0.Final/quarkus-arc-1.2.0.Final.jarMD5: de77bd4f237b2efcf13d7554829541e4SHA1: fcabaf0c5a861f5cd0980f22a6f435dcf29fc953SHA256: e93823a596983132117f966bda5f15c3f69f99f59ffdef3d0b2a4a154b9400fc
Evidence Type Source Name Value Confidence Vendor Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-arc-parent/quarkus-arc Low Vendor pom parent-artifactid quarkus-arc-parent Low Vendor Manifest os-arch amd64 Low Vendor jar package name quarkus Highest Vendor Manifest Implementation-Vendor-Id io.quarkus Medium Vendor jar package name runtime Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom artifactid quarkus-arc Low Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor jar package name io Highest Vendor jar package name arc Highest Vendor pom name Quarkus - ArC - Runtime High Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest os-name Linux Medium Vendor file name quarkus-arc High Vendor pom groupid io.quarkus Highest Product Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-arc-parent/quarkus-arc Low Product Manifest Implementation-Title Quarkus - ArC - Runtime High Product jar package name quarkus Highest Product Manifest os-arch amd64 Low Product Manifest specification-title Quarkus - ArC - Runtime Medium Product pom artifactid quarkus-arc Highest Product jar package name runtime Highest Product jar package name arc Highest Product jar package name io Highest Product pom name Quarkus - ArC - Runtime High Product Manifest os-name Linux Medium Product file name quarkus-arc High Product pom parent-artifactid quarkus-arc-parent Medium Product pom groupid io.quarkus Highest Version pom version 1.2.0.Final Highest Version Manifest Implementation-Version 1.2.0.Final High
Suppressed Vulnerabilities CVE-2017-18640 suppressed
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-14900 suppressed
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N CVSSv3:
MEDIUM (6.5) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-10693 suppressed
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. CWE-20 Improper Input Validation
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-13692 suppressed
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
HIGH (7.7) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-13956 suppressed
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. NVD-CWE-noinfo
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-1714 suppressed
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. CWE-20 Improper Input Validation
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
HIGH (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-1728 suppressed
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors. CWE-1021 Improper Restriction of Rendered UI Layers or Frames
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
MEDIUM (5.4) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-25638 suppressed
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
HIGH (7.4) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-25649 suppressed
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppressed
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. CWE-732 Incorrect Permission Assignment for Critical Resource
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
LOW (3.3) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
quarkus-core-1.2.0.Final.jar File Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-core/1.2.0.Final/quarkus-core-1.2.0.Final.jarMD5: 995fbfc0f4271f21957f67ed13f3cd99SHA1: ffef221351007b5a644241ebfcc9fd938755b801SHA256: 3aaf703ac1f70a5dfb1e5d3eb9ead5d715ca208633dd95f9cfdc5b90883170da
Evidence Type Source Name Value Confidence Vendor file name quarkus-core High Vendor Manifest os-arch amd64 Low Vendor jar package name quarkus Highest Vendor pom parent-artifactid quarkus-core-parent Low Vendor Manifest Implementation-Vendor-Id io.quarkus Medium Vendor jar package name runtime Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor jar package name io Highest Vendor Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-core-parent/quarkus-core Low Vendor pom artifactid quarkus-core Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest os-name Linux Medium Vendor pom name Quarkus - Core - Runtime High Vendor pom groupid io.quarkus Highest Product pom artifactid quarkus-core Highest Product pom parent-artifactid quarkus-core-parent Medium Product file name quarkus-core High Product jar package name quarkus Highest Product Manifest os-arch amd64 Low Product jar package name runtime Highest Product jar package name io Highest Product Manifest Implementation-Title Quarkus - Core - Runtime High Product Manifest specification-title Quarkus - Core - Runtime Medium Product Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-core-parent/quarkus-core Low Product Manifest os-name Linux Medium Product pom name Quarkus - Core - Runtime High Product pom groupid io.quarkus Highest Version pom version 1.2.0.Final Highest Version Manifest Implementation-Version 1.2.0.Final High
Suppressed Vulnerabilities CVE-2017-18640 suppressed
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-14900 suppressed
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N CVSSv3:
MEDIUM (6.5) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-10693 suppressed
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. CWE-20 Improper Input Validation
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-13692 suppressed
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
HIGH (7.7) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-13956 suppressed
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. NVD-CWE-noinfo
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-1714 suppressed
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. CWE-20 Improper Input Validation
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
HIGH (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-1728 suppressed
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors. CWE-1021 Improper Restriction of Rendered UI Layers or Frames
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
MEDIUM (5.4) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-25638 suppressed
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
HIGH (7.4) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-25649 suppressed
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppressed
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. CWE-732 Incorrect Permission Assignment for Critical Resource
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
LOW (3.3) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
quarkus-jackson-1.2.0.Final.jar Description:
Jackson Databind support File Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-jackson/1.2.0.Final/quarkus-jackson-1.2.0.Final.jarMD5: 25ef78d56d890aec97cffe91a5eae0c8SHA1: e90c574855ea58b882d1c5b7d1e7a48b689ffedaSHA256: 6efb762c51ef1858de941b24a0591b9c998ab20ecb53d237968e8784ba0a38e7
Evidence Type Source Name Value Confidence Vendor pom artifactid quarkus-jackson Low Vendor Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-jackson-parent/quarkus-jackson Low Vendor Manifest os-arch amd64 Low Vendor jar package name quarkus Highest Vendor pom parent-artifactid quarkus-jackson-parent Low Vendor Manifest Implementation-Vendor-Id io.quarkus Medium Vendor Manifest java-vendor Oracle Corporation Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor jar package name io Highest Vendor file name quarkus-jackson High Vendor pom name Quarkus - Jackson - Runtime High Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest os-name Linux Medium Vendor jar package name jackson Highest Vendor pom groupid io.quarkus Highest Product pom parent-artifactid quarkus-jackson-parent Medium Product Manifest specification-title Quarkus - Jackson - Runtime Medium Product Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-jackson-parent/quarkus-jackson Low Product jar package name quarkus Highest Product Manifest os-arch amd64 Low Product jar package name io Highest Product pom artifactid quarkus-jackson Highest Product file name quarkus-jackson High Product pom name Quarkus - Jackson - Runtime High Product Manifest Implementation-Title Quarkus - Jackson - Runtime High Product Manifest os-name Linux Medium Product jar package name jackson Highest Product pom groupid io.quarkus Highest Version pom version 1.2.0.Final Highest Version Manifest Implementation-Version 1.2.0.Final High
Suppressed Vulnerabilities CVE-2017-18640 suppressed
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-14900 suppressed
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N CVSSv3:
MEDIUM (6.5) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-10693 suppressed
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. CWE-20 Improper Input Validation
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-13692 suppressed
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
HIGH (7.7) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-13956 suppressed
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. NVD-CWE-noinfo
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-1714 suppressed
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. CWE-20 Improper Input Validation
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
HIGH (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-1728 suppressed
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors. CWE-1021 Improper Restriction of Rendered UI Layers or Frames
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
MEDIUM (5.4) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-25638 suppressed
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
HIGH (7.4) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-25649 suppressed
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppressed
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. CWE-732 Incorrect Permission Assignment for Critical Resource
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
LOW (3.3) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
quarkus-kubernetes-client-1.2.0.Final.jar Description:
Interact with Kubernetes and develop Kubernetes Operators File Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-kubernetes-client/1.2.0.Final/quarkus-kubernetes-client-1.2.0.Final.jarMD5: 97a853c124da7945e41c4778a5eb7042SHA1: 40431f242fa7153056cf42b97769833ca99399c1SHA256: 3d61a02e62a1d205f22a47c515d52ee540ddf3b8ef45c6382591ecda9bdb062d
Evidence Type Source Name Value Confidence Vendor file name quarkus-kubernetes-client High Vendor Manifest os-arch amd64 Low Vendor jar package name quarkus Highest Vendor jar package name kubernetes Highest Vendor Manifest Implementation-Vendor-Id io.quarkus Medium Vendor jar package name client Highest Vendor pom parent-artifactid quarkus-kubernetes-client-parent Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor jar package name io Highest Vendor Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-kubernetes-client-parent/quarkus-kubernetes-client Low Vendor pom name Quarkus - Kubernetes Client - Runtime High Vendor pom artifactid quarkus-kubernetes-client Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest os-name Linux Medium Vendor pom groupid io.quarkus Highest Product pom artifactid quarkus-kubernetes-client Highest Product pom parent-artifactid quarkus-kubernetes-client-parent Medium Product file name quarkus-kubernetes-client High Product Manifest Implementation-Title Quarkus - Kubernetes Client - Runtime High Product jar package name quarkus Highest Product Manifest os-arch amd64 Low Product Manifest specification-title Quarkus - Kubernetes Client - Runtime Medium Product jar package name kubernetes Highest Product jar package name client Highest Product Manifest implementation-url http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-kubernetes-client-parent/quarkus-kubernetes-client Low Product jar package name io Highest Product pom name Quarkus - Kubernetes Client - Runtime High Product Manifest os-name Linux Medium Product pom groupid io.quarkus Highest Version pom version 1.2.0.Final Highest Version Manifest Implementation-Version 1.2.0.Final High
cpe:2.3:a:kubernetes:kubernetes:1.2.0:*:*:*:*:*:*:* suppressed (Confidence :Highest)Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities Suppressed Vulnerabilities CVE-2015-7528 suppressed
Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. CWE-200 Information Exposure
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2017-18640 suppressed
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1002105 suppressed
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. CWE-388
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
CRITICAL (9.8) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-1002100 suppressed
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
MEDIUM (6.5) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-11246 suppressed
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
MEDIUM (6.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2019-11248 suppressed
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. CWE-862 Missing Authorization
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P CVSSv3:
HIGH (8.2) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L References:
Vulnerable Software & Versions: (show all )
CVE-2019-11249 suppressed
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:P CVSSv3:
MEDIUM (6.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2019-11250 suppressed
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected. CWE-532 Information Exposure Through Log Files
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:P/I:N/A:N CVSSv3:
MEDIUM (6.5) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2019-11252 suppressed
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes. CWE-209 Information Exposure Through an Error Message
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
MEDIUM (6.5) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2019-11253 suppressed
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-11254 suppressed
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
MEDIUM (6.5) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-14900 suppressed
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N CVSSv3:
MEDIUM (6.5) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2019-9946 suppressed
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0. CWE-670 Always-Incorrect Control Flow Implementation
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
HIGH (7.5) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-10693 suppressed
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. CWE-20 Improper Input Validation
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-13692 suppressed
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
HIGH (7.7) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-13956 suppressed
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. NVD-CWE-noinfo
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-1714 suppressed
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. CWE-20 Improper Input Validation
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
HIGH (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-1728 suppressed
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors. CWE-1021 Improper Restriction of Rendered UI Layers or Frames
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
MEDIUM (5.4) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-25638 suppressed
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
HIGH (7.4) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-25649 suppressed
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
HIGH (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-8552 suppressed
The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
MEDIUM (4.3) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L References:
Vulnerable Software & Versions: (show all )
CVE-2020-8554 suppressed
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
MEDIUM (5.0) CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L References:
Vulnerable Software & Versions:
CVE-2020-8555 suppressed
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services). CWE-918 Server-Side Request Forgery (SSRF)
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:P/I:N/A:N CVSSv3:
MEDIUM (6.3) CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-8557 suppressed
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail. CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
MEDIUM (5.5) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-8558 suppressed
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service. CWE-287 Improper Authentication
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:A/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
HIGH (8.8) CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-8563 suppressed
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3. CWE-532 Information Exposure Through Log Files
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
MEDIUM (5.5) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2020-8908 suppressed
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. CWE-732 Incorrect Permission Assignment for Critical Resource
Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow
this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to
later versions of the K8S to avoid these vulnerabilities
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
LOW (3.3) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
resteasy-client-3.15.0.Final.jar File Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-client/3.15.0.Final/resteasy-client-3.15.0.Final.jarMD5: d29a786f1921d924f27025e29bbb4961SHA1: 8ac39445e8806bd82006877d1e987e303bb14efdSHA256: ddd4087c2d16fbcbd208b3fd2f3ced8e4def72018253cb0f149f47981074f11e
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.jboss.resteasy Medium Vendor Manifest os-arch amd64 Low Vendor jar package name resteasy Highest Vendor pom artifactid resteasy-client Low Vendor jar package name jboss Highest Vendor pom parent-artifactid resteasy-jaxrs-all Low Vendor pom groupid org.jboss.resteasy Highest Vendor jar package name client Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom parent-groupid org.jboss.resteasy Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.resteasy Highest Vendor jar package name jaxrs Highest Vendor pom name RESTEasy JAX-RS Client High Vendor Manifest implementation-url http://rest-easy.org/resteasy-client Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor file name resteasy-client High Vendor Manifest os-name Linux Medium Product Manifest specification-title RESTEasy JAX-RS Client Medium Product pom parent-artifactid resteasy-jaxrs-all Medium Product jar package name resteasy Highest Product Manifest os-arch amd64 Low Product pom artifactid resteasy-client Highest Product jar package name jboss Highest Product jar package name client Highest Product Manifest Implementation-Title RESTEasy JAX-RS Client High Product pom parent-groupid org.jboss.resteasy Medium Product pom groupid jboss.resteasy Highest Product jar package name jaxrs Highest Product pom name RESTEasy JAX-RS Client High Product Manifest implementation-url http://rest-easy.org/resteasy-client Low Product file name resteasy-client High Product Manifest os-name Linux Medium Version pom version 3.15.0.Final Highest Version Manifest Implementation-Version 3.15.0.Final High
Suppressed Vulnerabilities CVE-2021-20289 suppressed
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality. CWE-209 Information Exposure Through an Error Message
Notes: Not much we can do about this one except for wait for Keycloak 8. We can only update the client if the
server is updated.
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions:
resteasy-jackson2-provider-3.15.0.Final.jar File Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-jackson2-provider/3.15.0.Final/resteasy-jackson2-provider-3.15.0.Final.jarMD5: 12d04533eda2a68f6a0eafeb15c76b8fSHA1: 149e9ba330b467f1992c612fbc294298edb7a59fSHA256: ec21a99def3e4f49e509a482cef139402b1a25ae12e86ed724cc694da3f6a57a
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.jboss.resteasy Medium Vendor Manifest implementation-url http://rest-easy.org/resteasy-jackson2-provider Low Vendor Manifest os-arch amd64 Low Vendor jar package name resteasy Highest Vendor jar package name jboss Highest Vendor pom artifactid resteasy-jackson2-provider Low Vendor pom parent-artifactid resteasy-jaxrs-all Low Vendor pom groupid org.jboss.resteasy Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom parent-groupid org.jboss.resteasy Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.resteasy Highest Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor file name resteasy-jackson2-provider High Vendor Manifest os-name Linux Medium Vendor pom name RESTEasy Jackson 2 Provider High Product Manifest implementation-url http://rest-easy.org/resteasy-jackson2-provider Low Product pom parent-artifactid resteasy-jaxrs-all Medium Product Manifest specification-title RESTEasy Jackson 2 Provider Medium Product jar package name resteasy Highest Product Manifest os-arch amd64 Low Product Manifest Implementation-Title RESTEasy Jackson 2 Provider High Product jar package name jboss Highest Product pom artifactid resteasy-jackson2-provider Highest Product pom parent-groupid org.jboss.resteasy Medium Product pom groupid jboss.resteasy Highest Product file name resteasy-jackson2-provider High Product Manifest os-name Linux Medium Product pom name RESTEasy Jackson 2 Provider High Version pom version 3.15.0.Final Highest Version Manifest Implementation-Version 3.15.0.Final High
Suppressed Vulnerabilities CVE-2021-20289 suppressed
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality. CWE-209 Information Exposure Through an Error Message
Notes: Not much we can do about this one except for wait for Keycloak 8. We can only update the client if the
server is updated.
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions:
resteasy-jaxb-provider-3.15.0.Final.jar File Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-jaxb-provider/3.15.0.Final/resteasy-jaxb-provider-3.15.0.Final.jarMD5: e9b168cca34f3dc197b04db792427469SHA1: cfea315075875de8fb54f833b72ec05b6c69b30dSHA256: 4ee1d651db94fb9f8207a3d0aa77a469c4a011be470d44cc43809a1c1e83e3e9
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.jboss.resteasy Medium Vendor Manifest os-arch amd64 Low Vendor jar package name resteasy Highest Vendor jar package name jboss Highest Vendor pom parent-artifactid resteasy-jaxrs-all Low Vendor pom groupid org.jboss.resteasy Highest Vendor file name resteasy-jaxb-provider High Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom parent-groupid org.jboss.resteasy Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.resteasy Highest Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest implementation-url http://rest-easy.org/resteasy-jaxb-provider Low Vendor Manifest os-name Linux Medium Vendor pom artifactid resteasy-jaxb-provider Low Vendor pom name RESTEasy JAXB Provider High Product Manifest specification-title RESTEasy JAXB Provider Medium Product pom parent-artifactid resteasy-jaxrs-all Medium Product jar package name resteasy Highest Product Manifest os-arch amd64 Low Product jar package name jboss Highest Product file name resteasy-jaxb-provider High Product Manifest Implementation-Title RESTEasy JAXB Provider High Product pom parent-groupid org.jboss.resteasy Medium Product pom groupid jboss.resteasy Highest Product pom artifactid resteasy-jaxb-provider Highest Product Manifest implementation-url http://rest-easy.org/resteasy-jaxb-provider Low Product Manifest os-name Linux Medium Product pom name RESTEasy JAXB Provider High Version pom version 3.15.0.Final Highest Version Manifest Implementation-Version 3.15.0.Final High
Suppressed Vulnerabilities CVE-2021-20289 suppressed
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality. CWE-209 Information Exposure Through an Error Message
Notes: Not much we can do about this one except for wait for Keycloak 8. We can only update the client if the
server is updated.
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions:
resteasy-jaxrs-3.15.0.Final.jar File Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-jaxrs/3.15.0.Final/resteasy-jaxrs-3.15.0.Final.jarMD5: 0745397d0abe02d81e4bd73c40cb0b79SHA1: 3b74a65a99102ddd7e57b0ad2ab747c15a9aa571SHA256: deb50838eb19788b1e6ae15a181a6aafba770040f95ea3937e74c9d478ce74ce
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.jboss.resteasy Medium Vendor Manifest os-arch amd64 Low Vendor jar package name resteasy Highest Vendor pom name RESTEasy JAX-RS Implementation High Vendor jar package name jboss Highest Vendor pom parent-artifactid resteasy-jaxrs-all Low Vendor pom groupid org.jboss.resteasy Highest Vendor file name resteasy-jaxrs High Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom parent-groupid org.jboss.resteasy Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.resteasy Highest Vendor jar package name jaxrs Highest Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest implementation-url http://rest-easy.org/resteasy-jaxrs Low Vendor pom artifactid resteasy-jaxrs Low Vendor Manifest os-name Linux Medium Product pom parent-artifactid resteasy-jaxrs-all Medium Product jar package name resteasy Highest Product Manifest os-arch amd64 Low Product pom name RESTEasy JAX-RS Implementation High Product jar package name jboss Highest Product file name resteasy-jaxrs High Product pom parent-groupid org.jboss.resteasy Medium Product pom groupid jboss.resteasy Highest Product jar package name jaxrs Highest Product pom artifactid resteasy-jaxrs Highest Product Manifest implementation-url http://rest-easy.org/resteasy-jaxrs Low Product Manifest Implementation-Title RESTEasy JAX-RS Implementation High Product Manifest specification-title RESTEasy JAX-RS Implementation Medium Product Manifest os-name Linux Medium Version pom version 3.15.0.Final Highest Version Manifest Implementation-Version 3.15.0.Final High
Suppressed Vulnerabilities CVE-2021-20289 suppressed
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality. CWE-209 Information Exposure Through an Error Message
Notes: Not much we can do about this one except for wait for Keycloak 8. We can only update the client if the
server is updated.
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions:
resteasy-multipart-provider-3.15.0.Final.jar File Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-multipart-provider/3.15.0.Final/resteasy-multipart-provider-3.15.0.Final.jarMD5: c442a9d90e994fd973394bb5fd6921afSHA1: 1517ad86cab1647866c594d9cc2103323ecb9e82SHA256: 30dd1f984ce5f7b751408b5badf7365485f400db6e802cb5c5bceba4aa01df82
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.jboss.resteasy Medium Vendor pom name RESTEasy Multipart Provider High Vendor Manifest os-arch amd64 Low Vendor jar package name resteasy Highest Vendor file name resteasy-multipart-provider High Vendor jar package name jboss Highest Vendor pom parent-artifactid resteasy-jaxrs-all Low Vendor pom groupid org.jboss.resteasy Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom parent-groupid org.jboss.resteasy Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.resteasy Highest Vendor Manifest implementation-url http://rest-easy.org/resteasy-multipart-provider Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor pom artifactid resteasy-multipart-provider Low Vendor Manifest os-name Linux Medium Product pom name RESTEasy Multipart Provider High Product pom parent-artifactid resteasy-jaxrs-all Medium Product jar package name resteasy Highest Product Manifest os-arch amd64 Low Product file name resteasy-multipart-provider High Product jar package name jboss Highest Product pom parent-groupid org.jboss.resteasy Medium Product pom groupid jboss.resteasy Highest Product Manifest specification-title RESTEasy Multipart Provider Medium Product Manifest implementation-url http://rest-easy.org/resteasy-multipart-provider Low Product Manifest Implementation-Title RESTEasy Multipart Provider High Product Manifest os-name Linux Medium Product pom artifactid resteasy-multipart-provider Highest Version pom version 3.15.0.Final Highest Version Manifest Implementation-Version 3.15.0.Final High
Suppressed Vulnerabilities CVE-2021-20289 suppressed
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality. CWE-209 Information Exposure Through an Error Message
Notes: Not much we can do about this one except for wait for Keycloak 8. We can only update the client if the
server is updated.
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
MEDIUM (5.3) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: