Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
* indicates the dependency has a known exploited vulnerability
Dependencies (vulnerable)
AjaxLogin.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/security/AjaxLogin.js MD5: 7103c06f778f208a528f1c42e8a7e89e SHA1: 57cd818c568971024c7151e1b404727a786b73f6 SHA256:5ee8b4a1983fe551122fb43c98f8f62b22f55cf699919830343eb7489d0438b6 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
AjaxRegister.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/security/AjaxRegister.js MD5: 5a45af101828623fa0af8ed5dc7dfc54 SHA1: c00d6ece399f6d3d3d7e98e48c2006d6ef881bf5 SHA256:ad380c66e2c4064494a0092ebbf3040fb46dc3d12008aabbf0405dc34715ef5d Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
AnalysesSearchUtils.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/analysisSearch/AnalysesSearchUtils.js MD5: f613de4312936dbda0abaac5cffe0c50 SHA1: 390800b5aa10fdebd433e73c4033d8a4cb061183 SHA256:006478fe178c685875871ebff65302d5126b3eb20385a46f12d844b716dc0402 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
AnalysisResultsSearchExamples.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/analysisSearch/AnalysisResultsSearchExamples.js MD5: fc443f1f1f00d7c2edfa6e961127f861 SHA1: bea8d21ddc6736fa3d3afdc46dd4fdd27df05a38 SHA256:103c6e9fe2e62cb0bdd30168e5300562b6b3f21556c07bb586dd9fa50152df75 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
AnalysisResultsSearchForm.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/analysisSearch/AnalysisResultsSearchForm.js MD5: c5bc25e808a1fe388b350c0d71e65d00 SHA1: bbf94185b699045038880f161e12f1ccb5ab8cce SHA256:f322676d009abc1ade51c9300b073735c707109211e71c8ef5800f052036c4c1 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
AnalysisResultsSearchMethods.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/analysisSearch/AnalysisResultsSearchMethods.js MD5: fa6ec5e68777ed4be09dce6bf3d416aa SHA1: e5eecd86ea8d9eec5d8ccc9e8b60408e5b7405fa SHA256:2b78c0d875665390bfafa79a6c45bcac5b95e1b529926655f0032e87caf627ba Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
AnnotationGrid.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/AnnotationGrid.js MD5: 8b2e3f48627d6b7209222875f9a79076 SHA1: 1a4f8020e016ad6c15e97bd140c99f446b8cc156 SHA256:5579d1194a4e8ef19ed5a57f1d5d39e6c103c7317949c0ce3441419ce3bdf0ae Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
AnnotationToolBar.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/AnnotationToolBar.js MD5: ebe3310d7c11a2541fad6834d91ac276 SHA1: 68499946d6aa5904d967e060e6324299e6e0ac6a SHA256:0c22b01a572537331818467395639aaad3934c5b651f85bb5b0e6c3d2e03ade6 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ArrayDesignCombo.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/platform/ArrayDesignCombo.js MD5: 6fd04c6213799121c3bc21b71751e1f5 SHA1: 935e02fbf3e805585e6543489a7fbdcf797b1bd4 SHA256:61cdd5c0a872cfcc5984006769b03fc29653ab0597d3f4f03d5f681680ef5628 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ArrayDesignsNonPagingGrid.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/platform/ArrayDesignsNonPagingGrid.js MD5: 8c81a4fe88ea3b560af735920e4ac745 SHA1: 980d88a6c231af781a892778fec14e58dff254a9 SHA256:da705106afa88ed9fff6cd3fbd044051a3c68811ef884d3a24b501303b6cc124 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
AuditTrailGrid.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/AuditTrailGrid.js MD5: 79f986a0fb74a73bdb6bdf0bfd118b2f SHA1: c66f6c6f738f6581d4f53e2c861a82fc1cee8ab2 SHA256:44e3b418e02fad3a3a437d630faa6691a4fd385cf68d6c3f9df95487d8a8e517 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
BioAssayGridPanel.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/BioAssayGridPanel.js MD5: cf26c9f402f817a857e5f659b2a2d5b3 SHA1: 919461bfe6503eab69eb02b82c91e19dc1bf8974 SHA256:d6a045c53f5287b49ca79435dc8678deeada4d0a2daf6a176b0d35a0e3c3ce75 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
BioMaterialEditor.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/BioMaterialEditor.js MD5: 2a03c5aca60dea84a1d7afc45eeb99fa SHA1: acb8766f6646762e5631f0a9340e1c339803c495 SHA256:ec5f8f7ad76b8f0493b086986a8b0a1ec2294a96217a23d3132cc67314eb85fd Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
BrowseButton.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/BrowseButton.js MD5: 0c099e87c8821aac56d041024fe67212 SHA1: 7f75251871682666866a999111d710327cd686e1 SHA256:43a0938ff2476cef665514e34c6a3567fbd8bddc0be5c864c0056f2d59ccb4e5 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CategoryCombo.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/CategoryCombo.js MD5: a515a8ad78f3b8af37daf0e6d4bdd80c SHA1: a85285245b1fa8141bdf5501bb5a47e33a54ace3 SHA256:27be0299782a43f6db1f4b90c724fa5f1880aafa772db7bf05959564dcab1925 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CellToolTips.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/CellToolTips.js MD5: 5dc0ca61230395db950cbf4947fc981a SHA1: f6db3cadc5150e0d35f52fffeb13fd1fdd34a7f1 SHA256:e9e5490634a58a390f2277a8373bf906caccf167d47ade85c10ab9146f61f897 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CenterLayout.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/CenterLayout.js MD5: 50636e02f0eacb1f586a01f5779168f8 SHA1: c2ace99fc4a4d9f37deec27723096add9df4f620 SHA256:1fe42ac1a290b17bfdf937179aeee11ed274a5bd8607eb3a3e36065e546e8ff4 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CharacteristicBrowser.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/CharacteristicBrowser.js MD5: 0b74c4207591fd3511bc6cc31622905f SHA1: 6ac90ae65fc99368973f3e7017e1f448110dc89f SHA256:998994d763ca1b5b60b2a09419bf341006b97d06e7844ff89aec4020acaf35a3 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CharacteristicCombo.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/CharacteristicCombo.js MD5: 3a10d07a90c20f616dc89efd19367b2c SHA1: 311ce182d574dee2a7d65ce2171c84d5d969daf7 SHA256:e22c8b4d7d4587707f4bd4166bf7a4ba31f3b42b43a18b1fe13527db877a7082 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CheckColumn.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/CheckColumn.js MD5: a06a32551766823ef2940a3e24fec5ac SHA1: 2ffc8c56d6539a58ec40d782d093623ae3fe4ccc SHA256:755294f88a0e24e6afc9af60e538673672e77629a65ac11aa8bd777e1c594cc7 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CoexGraphData.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CoexGraphData.js MD5: 67859ccf17d7fad41aa491bcf6d6cdf3 SHA1: 84fde9149f855e602b88c2a43489f3f7e1df3259 SHA256:f692b78e4d0f0923161d2b62f32187a4753b5ff5223a3ae4412efcdd329aa599 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CoexVOUtil.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/coexpression/CoexVOUtil.js MD5: fccaecae5fa7c7fbfa249eb831f9ad0f SHA1: 39d9dad25c04dd189395d4d0b325c698ebc10f6f SHA256:3d3cb540ccd373821174d62de942f5d6d1bc4d769a87dc11d00d8f12a9570608 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CoexpressionDisplaySettings.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionDisplaySettings.js MD5: a2932a4461451c48e3203e226eead96e SHA1: 22a70a654612879f12b8c02eece95dec72d11af8 SHA256:b045fe4eb6045623447b50e16ced15423a4cf1c24c36baa57862420ecb5294e5 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CoexpressionDownloadWindow.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionDownloadWindow.js MD5: f54d6926e2b07a580fc1b08d4abd71e3 SHA1: 823c898056c12322302fcd632d45f5c0f8b5e766 SHA256:6672122e74ace3aa7ed3e2a0427497be4dddaaae4c160c6094f70fb6acf35b97 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CoexpressionGrid.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionGrid.js MD5: 22faf34499b68b2f207f3a1777953837 SHA1: c3a15acef352ff643b557321edc6cde51529f39e SHA256:5be0915c73b6a89745543dcc2311b20ce177cdd597059ea2b073e9af5d96e3cb Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CoexpressionGridLight.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionGridLight.js MD5: 3b8b3e419bc7ed6a2ffbd93cc0e50dc7 SHA1: bb4b28fe7760d771d467eaf713efad25f6e97bf8 SHA256:9ff09bc5829d4e381a0b60406321d3b0f48c2603d6dd7833ec405685d9c034a0 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CoexpressionGridRecord.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionGridRecord.js MD5: c0d5dc29a142d75aa00cb004045e18b1 SHA1: ece356d3f6fd19beb81f2934a383e5de36bedcd2 SHA256:75448f4e53b606ad72acd3da66fe2a6352a0cc76c598a263db7097864aa97e85 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CoexpressionJSONUtils.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CoexpressionJSONUtils.js MD5: 13834b46c25da9e1e97c54099f158046 SHA1: 993bf9d48829c0b35885f80bc80899af5f223093 SHA256:0860e5376e715051e8236b4534b1efc4c0aa8887ae26b7b40983913487e3daa0 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CoexpressionSearchData.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/coexpression/CoexpressionSearchData.js MD5: 8e9a9c6d8e53d7e87336ae101a4ed323 SHA1: 2aee607a440b54b2fb6a4b547a1834554eb15c76 SHA256:971b718a43422d2ef8b242a23f5bdc64fa121b3ebff5df19fae2c058c199ee09 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CollapsedPanelTitlePlugin.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/ext/CollapsedPanelTitlePlugin.js MD5: dfe5f380e817ff658c4cb96ce0de7c28 SHA1: ba26621556df39b8a29b05f08bed7a95a6da1fd4 SHA256:e2414fdf811c5c0d32e94aedc2925e7d1f500475bd233cdac40ff7a18c04512e Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ContainerMask.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/ContainerMask.js MD5: 5d51f5ab173aa74d93a51ed98d94ea13 SHA1: d55cfab417d68fa456278d8819d466d1aaae8984 SHA256:81e28b0e6a972ec5b9ac697cdc70c0fb667e6b7346ba7d4d0a710f65125e4595 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CreateSetDetailsWindow.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/CreateSetDetailsWindow.js MD5: 53dcc25f87b5a5d045b88608c27a7616 SHA1: 9f2293074ed9624a731d25da2241f49129d6d588 SHA256:66b78888a2892df12ebcc9b5449ec9b83565465e6f10e52f8414c4d82db89eb0 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CurationTools.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/CurationTools.js MD5: 253fe0c021ffee20e373e07770bebb29 SHA1: 68e19496b1c7447d140211f4c96ed4e7310a7a8c SHA256:d71198cd761265c01d3cd8613aabf3199c14d3306a8d46abfbae20b07e23e488 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CytoscapeControlBar.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeControlBar.js MD5: 43b9140bd7cf009faf161ce315630a8b SHA1: a172f07f120bd46d813e585aea3dae52dfc9a6d4 SHA256:a40052c21aa0c196054e27a8517e6c05585c725f4ca727068b251970a75a460e Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CytoscapeDownloadPanel.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeDownloadPanel.js MD5: 0cbf8d1a2105e92aa0279e6656498c3f SHA1: 019247333e80c2bf8d5a7c2e8473fe77c7c6a37c SHA256:852310a75233817e2b45e9b7153b1336f3bc3f675623d9311f6aadf1b4df7186 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CytoscapeJSCoexGraphInitializer.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeJSCoexGraphInitializer.js MD5: cd8baa0e81b10a472dcfcc4879e77336 SHA1: 9a4633e73a290204ea96265c1c38a3d0b509569d SHA256:064d62250504501e2a610e55c9fc96f7c44207daf25f066641de2c1f2bbc7994 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CytoscapeJSDisplay.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeJSDisplay.js MD5: 0e45041d9c967dc6ebcac6c20c3d0726 SHA1: a26be17b48a82e779e001daf49ed7650df5aa389 SHA256:b63d9080f1d33df5e3b84a6f5d84e67675ce77cf545f39bf7886a51b2f7b37cd Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CytoscapeJSPanel.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeJSPanel.js MD5: fc51d38ab5c41da211094b2ae9ea7c02 SHA1: 4c5f86778a5722b432fd4cb555a6f062f1d3e4e6 SHA256:1b278217cd4ff361d36c25067be0565e7e6e6f362dbea909a1b68b8a3cce8723 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CytoscapePanelUtil.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapePanelUtil.js MD5: 90321e21b5f187cec2566614b950e8dc SHA1: 4c0da31d682d97bde90b65da17b5d2c783cb6bc7 SHA256:2e021bbbf8353ece5fce840a4d372ebaac376337eab049b99b7e1ffb1a9dbda2 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
CytoscapeSettings.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/CytoscapeSettings.js MD5: bc57a89876dfb0499f1e997d9593e64a SHA1: 56ee9001f1450723d7c464451e3d4d05694cfa20 SHA256:f794bcd36d84d584f4630663e41cbad428e3afc10192b94cb8ce98db42b7cdb3 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
DataFilterCombo.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DataFilterCombo.js MD5: 34cf0d4935e8c120d4b764d4f51bd913 SHA1: 51a9dd547e46831caf4add32310e34dcf392ba1f SHA256:f769338c0b890e700436f60edb8d7816c0a6758bc72f13161e394daf06ab0a91 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
DatasetGroupCombo.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetGroupCombo.js MD5: d008f93620af35382fffab6ed9bafe55 SHA1: 6bef3947f97643051279c9a6cf242ee0e3d46314 SHA256:f4034eb971d20fc7b964ff15581ff34c7b0f9945f1146c20fb9624318963a98d Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
DatasetGroupComboPanel.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetGroupComboPanel.js MD5: 088f61b869594b9fd822c5c90e1ca309 SHA1: cce02040ded312245fe189f4f39d5af3724bf355 SHA256:c76bd063f1c17649fe01d77c9adfaba6c8362845bb66af9a260beff72ec78329 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
DatasetGroupEditor.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetGroupEditor.js MD5: a8dd58a2c21a4f84b1d875003ada7cfc SHA1: ddcc76157ab847b30a8e61c052ba667dc1b082bc SHA256:d0dff2d6582f3a77192c78e196aff36e64fcaffaaa612f5b15253d12b2c72ccd Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
DatasetGroupPanel.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetGroupPanel.js MD5: 03e367e8037a0a2e0c694cecfb144fd6 SHA1: 054906cc9bc96b4fade3181d0a569f1b04c129f7 SHA256:050304f2860eb444fff875fe9fb9a45ffc21aa17a331998e20d22b2d52d3bbb6 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
DatasetGroupStore.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetGroupStore.js MD5: caf82b22b3bbb6ac6b83ae3a13bd5358 SHA1: 1720a7d794c049b1ae4c35809a3d71da966abca4 SHA256:80406bd8075b28bf997bfca0879d054fd3e80db480c69c3f7b7b61c13b781b0e Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
DatasetSearchField.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetSearchField.js MD5: 827856a3cf6d8887ca0e51b939cffc78 SHA1: 280112865ccf06dff30bc2fa2976f588a8f2b352 SHA256:d0f4021bca2ca524f8a3ca7bf5255c5a718bebae7360cc5d0f5082d1ccf3f5e3 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
DatasetSearchToolbar.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/DatasetSearchToolbar.js MD5: 4304e454d68fc4e95c20735bdf78cd55 SHA1: 7361f3829a6e8faf6b730b7d5e993ba0e1813145 SHA256:bd4664cd8a6410c9b7c66b205c5751b52780524af267bc751fedfebf0de8cd23 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
DiffExSearchAndVisualize.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/diff/DiffExSearchAndVisualize.js MD5: 1c55f0dba3fe67e24c7ff2f0d0967b82 SHA1: 7a6b6caeefe60be19e98793901a473602ffb9db4 SHA256:19eaa4000d4ebaac5e62060ed8f4dc90fd1889890a48e3ce5e0d6d617756d04a Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
DifferentialExpressionAnalysesSummaryTree.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/analysis/differentialExpression/DifferentialExpressionAnalysesSummaryTree.js MD5: bff751997abf71ff574927c16a4f6cdc SHA1: a275824de27df8dbeaa4ea747de59d7919473bb5 SHA256:b4ce931e9cfcec38378becd0f6dc9a70e320c4577cdce4f68f773ed68545895e Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
DownloadWindow.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/DownloadWindow.js MD5: e625013b8cc8fe116d9eeac35d35e768 SHA1: 3086449b3d0af6d8a4030538c51707f04d381614 SHA256:2653521e967bc0941e895ad7bc0c08316e2f03b9eca37c195f38cb531844e510 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
DwrProxy.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/ext/data/DwrProxy.js MD5: 9c0dab945118e24ac98de65aef0e5c1e SHA1: 5be1729bf9416ddc4a452e520794fc493623b908 SHA256:6d2e57d5acc093942fb895ed5c4105f5df8ea6326401df8e602bc918f824c739 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
DwrTreeLoader.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/ext/DwrTreeLoader.js MD5: 647dba6601c42e88dcf48121f224d1e5 SHA1: e55c9db6818b74e387066f8579893d4462597498 SHA256:8b5c1e247e2e6efceb1bee4d34b030dc24da4d76a6da76b67905c39bf90e28d0 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
EEDetailsVisualizationWidget.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/EEDetailsVisualizationWidget.js MD5: 51f56861338342fc88cf4735fbc8ccc5 SHA1: 1574c8296fbb19182606b151b145c0bed88a64eb SHA256:46c735150381e1133b54af47f13cc587110567f85d8c3aaebeb25ed1fb46d19f Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
EEManager.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/EEManager.js MD5: c70a3faed328e2d6aea525fe2400c4a5 SHA1: 444ed74bb248db01382f7bdab6dfc3ac149e6898 SHA256:ce4056188f249f454d5ba6b664a3e76f2e08a7b2ad6af05fc5c1860132ee6f1c Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
Error.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/Error.js MD5: cdc7bc660c6910458b72c7e326e02729 SHA1: 6bd337107c9b8f65ce5973adf20a33f2ce8de2dc SHA256:00251c782a7fae8bdf0bf34b9c87a9d9982c1fee3b2c495670ba517c818f7b71 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ErrorPanel.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/ErrorPanel.js MD5: b7aa2d9b00d0f21a140aa96b98b7344b SHA1: 3ce9db91b39b6e4367e6bc7871a5a58d548f0f9d SHA256:d0eaf8bbde64722d8869e2af356e82e4876e3da361f7cd08ee039701ea6cebc2 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
Eventbus.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/Eventbus.js MD5: fe3b40e6851e4f4154baecbb4245029f SHA1: 7ec45952b2453ead930dd8c2e0fa6f4847819d31 SHA256:3b98c9ff4120e73ae469790a1b7161b32fa20d4e60a77c7946f1291cd9f712cc Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
Evidence.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/Evidence.js MD5: 198811b2ca1abddd51b92b90f6938f63 SHA1: 0c48c2cdb24515509d999b306d955222427a1bcf SHA256:bfa1459c18e9a0d5c55e6ea440e86a2c3a7105bdd51af632786c92af0e5db9b0 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
EvidenceCodeCombo.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/EvidenceCodeCombo.js MD5: cf29bdf11dac914927b29fecbebd12ef SHA1: bcc28a9a6c21f2c2648e79c655f3bd7b306fa5b6 SHA256:316805940686559889318bc7165e3448b07c7bbc508837489bb8fc9e08553c55 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
EvidenceTypeComboBox.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/EvidenceTypeComboBox.js MD5: 6709520b8166b5e820a7005d47e45c98 SHA1: a2535d33e2525ece795a11048a037d542eccf548 SHA256:b437a82af287ee79823d859ae4d82b3ec5c43b976abc93767c43f735b34e46cf Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExperimentAndExperimentGroupCombo.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExperimentAndExperimentGroupCombo.js MD5: fb2f91c6ce47a9f3f60ce9ed0ffeda57 SHA1: 153ff457107c305f34451fc8cf35a493fed1ea3b SHA256:f71266ca2b47962efdb3573c7091008a584ce4610c941e6d9664390c7df07d06 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExperimentSearchAndPreview.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExperimentSearchAndPreview.js MD5: 33388c61450d32ca006a4afb18569f25 SHA1: 887e497777810947965d75a9acfdfac82c33910d SHA256:02931ea8de25853c485b3650e0d2c3b25497975c71485ac0e01135b85932f4d3 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExperimentSetPreview.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExperimentSetPreview.js MD5: 08632af57a46b7e32dabf7d0d41b4e65 SHA1: a4aae417b7bacad9c6789fa19c7974b195ca1c38 SHA256:0f31fc473a8d9aea9d00eefe9c62606045415ca4ce0afea0920c7146586dfaa1 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExperimentTagCategoryComboBox.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/ExperimentTagCategoryComboBox.js MD5: 722b96e4a0b9ae84cc3ddd776d4935f7 SHA1: 54d92136923ee4edd794ed9c92c87f5f1cc5014a SHA256:2b0965b73142d8819eabcb50c0180c4219dbc9f7f969210db798e651b371243c Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExperimentTagValueComboBox.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/ExperimentTagValueComboBox.js MD5: 1486ee0c18b820e91d982cb033fb6609 SHA1: 44d6278b2aca2134248715bf7be9e9a05a1c8308 SHA256:d6ecfa4a4d48a5fc5bb8d0c1e3d4748b7b3442869680954dabdf4cda43448945 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExperimentTagsPanel.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/ExperimentTagsPanel.js MD5: 0704927454541a88f1c42c42e697cb44 SHA1: 053d6aa487d9f9d0b20f3499e891a7c1824f894c SHA256:4709952e60fb34746797acefe80f8331d1937550f6a605411051dfcaacca7531 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExperimentalDesign.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/ExperimentalDesign.js MD5: 6ac59387a5c98a33f4583dc1a0e61a7d SHA1: 427acbbc41544f4247a01e85c987e4d24da7a5b1 SHA256:0eba3e45304b1171f0b7b8aaba9f794f5be1bbfae47f839ea9078656db57af35 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExperimentalFactorCombo.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/ExperimentalFactorCombo.js MD5: 14a21cd98f2258b77a677f4b0476c361 SHA1: c729fbc78b21879a9875f0306beab0ba01cf64f0 SHA256:072bbc5c33d003f184a88cd82ed92c01b5ccbbdcb54903444e99fd6bd91b2d95 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExperimentalFactorEditor.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/ExperimentalFactorEditor.js MD5: 857d892aa0660387358e1a85c8f927c4 SHA1: e04509afb042a0b2eeeba59ece5742d27543060c SHA256:3757ee03b3ab80db8cd0265fc4026b94e2c6742beff0e3cac30259d345e88ff7 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExperimentalPanel.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/ExperimentalPanel.js MD5: cafecf000d04628b431b0a13498cdb4e SHA1: 78548c6e6a8f1d45f8041d1b0895af60c07bc045 SHA256:bfb20632a65286088cafd9c94d083b2136e2de55720e48634d50737f49ce334d Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExpressionExperimentDetails.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentDetails.js MD5: b4676d072fed1990e4f0ceea08468d7d SHA1: 7f08286bb310ebea5520bffec71c34aac6eaf318 SHA256:67e7f219e562255471b943b84e9d3b53a635d8ffa2f0ece65c0f7220cf14afcf Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExpressionExperimentExperimentalFactorGrid.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentExperimentalFactorGrid.js MD5: f1ec776e3afdedc0bdbee4771812b96f SHA1: d1097870bf105ef8ad369a84807825eab89e6fe3 SHA256:e7146817900c66798994e6b989f809cf4e676db377340b3e38ae92c394a22ff2 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExpressionExperimentGrid.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentGrid.js MD5: 992b6ad8a4f1c68d14e64a51b6a941cb SHA1: 7d8d3e7851518148246003a5b2c4df54ab09558f SHA256:8a352bcccfc8722219eed5d61f0f748cc101485b2d9632fa033cf88d90f4c4b7 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExpressionExperimentManage.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentManage.js MD5: d045b8127369937e5c8ed8ababaea174 SHA1: a6d32b35a20ba97ff1f40a43d6d7b3cd32e23279 SHA256:3788d8cc057e00b76290d4d9ebb4bc90c034b7204dbe546f14aa3dd86243a150 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExpressionExperimentMembersGrid.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentMembersGrid.js MD5: 1f5465bba36549d8c2c78072f74c8a4a SHA1: 50ddf1b5052cf62bbd3e027e36418b392b95b711 SHA256:e25e1d285692e10862f6b22135d4a353330b5398b375ae8cb16468ab902bf4af Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExpressionExperimentPage.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentPage.js MD5: 3220c952b33377e1f0f2e31d94130e41 SHA1: 1e74e0b389c5f5384b347a922ed366e5e9d8b5e2 SHA256:ef69d078bec1929516a485fca1fb821423a45e1b168d57bdf60b175ee5faf608 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExpressionExperimentPagingGrid.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentPagingGrid.js MD5: 1ae77655955bdfdeaf9f1226ef3bda7b SHA1: 70a00c13309db333abdf9f1a2b094b7a49442986 SHA256:50c56af2c39a177ede0b42b795b3f806508af3672e002c6289e6ea6bce612e54 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExpressionExperimentQuantitationTypeGrid.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentQuantitationTypeGrid.js MD5: 09248ead301bb704280a49e10cbbc43f SHA1: ad4fe0910d995d6c0d21a3c69487a5d6b3285568 SHA256:d5cec9082a072264b4969830f1d12e2a5abe2fbebcc4e69748003a34c1c6f782 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExpressionExperimentSetPage.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentSetPage.js MD5: bc8ed60776be06a0fc6b1016867ca691 SHA1: 68ffae9e137f7e11baf529d264615b1d1c33cf07 SHA256:b96b886a029651bc345055a90817ecf006ce5b219bd6460f3bdb6203c8204854 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExpressionExperimentSetSummary.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentSetSummary.js MD5: efc3dd2b702320cb9944ed361eba5361 SHA1: f30e2aac01ff1ee68a9cd543e5d6d9a588856bcf SHA256:aadd10e21213c914764feac32251b58cc211301e837a8d58be340c73d618aede Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExpressionExperimentTools.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentTools.js MD5: 2bddd675c14e2d7551719ff108925268 SHA1: 40fe6400f194e6d75289e3c9af14f34908278215 SHA256:5e120da29a0f4f1065dcf391c869310223443b9c11d449800a2ca39bba68c709 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExpressionExperimentsSummaryPanel.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/experiment/ExpressionExperimentsSummaryPanel.js MD5: 31ac7aa8dedf78b8bdaec6846ba9253c SHA1: 19f5c940a5ede64ce5fcd7d21b18bdce4389168a SHA256:37b0cf6b00627a6c30148f46f958fde22344f49fefd3bc971aad2b22cab678c7 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
Ext.ux.tot2ivn.AccordionVboxLayout.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/Ext.ux.tot2ivn.AccordionVboxLayout.js MD5: 150c316153afdba92f76d65fa1bab4fe SHA1: b591059c2181cb468f115a14dce53e26fafdd3b7 SHA256:bb56ca1fc693598e238d74bb903dae9e7a50d66757b9947b8eb4d9a2cd9783bc Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ExternalDatabaseGrid.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/ExternalDatabaseGrid.js MD5: 0415b53babece871297be885d127f227 SHA1: de25543027bf28990a88298e9e027cdd7bc19509 SHA256:255eee314ce3db6e28b0eaa0b8450ad92eba558fc9b3fd31d03da2d53794f100 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
FactorValueCombo.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/FactorValueCombo.js MD5: 6e8115379158b098018b39f91b6aba8b SHA1: baa594aa6fd5b36879978a5dcd2b20d71eab9f80 SHA256:534dcc18a6c94b8c8087cfaa4a4c9e37ffa20c6801746d6db31bddfa947d6569 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
FactorValueEditor.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/FactorValueEditor.js MD5: 7cb5e8083a22da635cd19dfd2b0aff9f SHA1: c453d8fb080fcc823687f8d4ef8cb738f3af484d SHA256:03aee6b35b708191c6ba02b8073ddf18507cd401767e227dd9b6a4d0e6c15463 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
FileUploadField.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/FileUploadField.js MD5: 69a510fd47c4fdd85a4dfb083f61502b SHA1: 7e6b23f40f5b22885cde2d9041ff65ae9a3a8abb SHA256:15a77019c830bb470e3d471de53f497f85e69ae8f4ca3d0132eedc92da251f40 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
FileUploadForm.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/FileUploadForm.js MD5: a454a8b506142ec2d1f2c71d11621903 SHA1: d1898c5c0026b99ad5ad090f357634af5a04dbe4 SHA256:a8033d36dc71f8a927cb7af9c93b2b646cfaf9bf7d0f4a6ec70ba6cde7a826b3 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GemmaGridPanel.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/GemmaGridPanel.js MD5: aea15f55d2b9272bebaa87a02cc36e2e SHA1: 34a022786db0c21752699703d46fbbe50814df2a SHA256:6c149332072c714ec572fce0ddee003501b5e224d29daa3817c971806a857704 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GemmaLinkRoots.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/GemmaLinkRoots.js MD5: 71c3b0e19b835e13763f8b86ab6e3548 SHA1: a5420f221399fdcc882cced7d6b0203679e1a205 SHA256:255a5825c1b0e8d44fcc70d1387760c45a2322832e310ca94c234565a93a8781 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GemmaNavigationHeader.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/GemmaNavigationHeader.js MD5: 511b189c304139894790be5f1691dcb7 SHA1: 1d50dfceece76f2e05e6f638e1a33c050c4f0193 SHA256:f481fd1419e6261e32789f74599ecf8cffd430ffde3956a1b079b177c0eb43a2 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GemmaStatUtils.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/metaheatmap/GemmaStatUtils.js MD5: dd75ebe7815bbe911219d59b120cd7ff SHA1: 54066b58675952cf74d62c9293d2cb9130dbc54f SHA256:a918d33f4b23c6c667c6399246600bed74da7c23646bab7a88d4afb8358f05dc Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GemmaTemplates.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/GemmaTemplates.js MD5: 642d09e9aed4443ef028bdb26e65587c SHA1: 2e1e8fac10ff07994c80652ee2ad4e64fcec1346 SHA256:0ff89d56a2eb35b04aeaf038b39541862bd58202cb02abf3a72335569e00a57e Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GemmaViewPort.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/GemmaViewPort.js MD5: 05299715194621e30d3d20619992077c SHA1: 96d13dbf3441bf5d74d97744501c2efabccb8782 SHA256:a9371c294b918719f8e0421fd35de202ade0635457e3b02dcd0b4167d17f9504 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneAllenBrainAtlasImagesTab.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneAllenBrainAtlasImagesTab.js MD5: 162e6929af0f01bb413a7a3c40422814 SHA1: 00d56ace77a5cd1b9b28455bb3ee131a3b80d224 SHA256:586a27bbf20025d630096e7d24f6ab44212507509c60044f7f5b89b9b89c6951 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneAndGeneGroupCombo.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneAndGeneGroupCombo.js MD5: 528947e5abfaa5b8a8606fcc5d777566 SHA1: f79c329e7b739f277ae7dfdf152e2c6449cc4dd8 SHA256:96351c4dfa59c389069fe0666a5ba55d866dd85f91e7ba75c00b506e6f34fab8 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneChooserPanel.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneChooserPanel.js MD5: 772b308a955bdb297e8ab6f2e7d20684 SHA1: 17609d65f6a107dc4c64892723994d2d910dd29f SHA256:68a46f7a5b7a59c44faba72751039a10ed59a9f00b3913dbd6431101a4630a25 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneCombo.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneCombo.js MD5: fe0333395ebf3b570458742e1a1616ef SHA1: 31f889981bb7913bf1bcb4229a60d4bf5bd71269 SHA256:ef20324a8a1e7d5362d08db14639fa3ce5d16b5525c49734da7b1967b7721a16 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneDetailsTab.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneDetailsTab.js MD5: 2f57afdef6a376d79dd6be732c0cfe8e SHA1: 3d463de55cf7e664019e77603fa9dcce1707e65a SHA256:229c433ab5a76f2ebbcc91dce75b2a8d4d634d6f79dadb65cf14e70a209ddf46 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneElementsPanel.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneElementsPanel.js MD5: 77385a0ad1857b3a64c3d2e02b950ea4 SHA1: d805af155da800c3b2a441cc1dc0fa6299afbc57 SHA256:3e6d066e832822762e92264c950e56d3f9c8fae3ed1d7e611bb09effce44b2f0 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneGoGrid.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneGoGrid.js MD5: ed64e3c3f4a73ea17580834ee78c047e SHA1: 8818cb9f625dc87b4ce9c1140f4f7d0daca1ca2b SHA256:b290d277531863936a9773b5e731bdb89738b3f07c921feea31834079fe3424f Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneGroupCombo.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneGroupCombo.js MD5: 6340e10a959ff0173b84728e45562701 SHA1: 3752e1929ddac24499e89bb38a15d43711e74955 SHA256:752e55e9ef5b65c0c7ef0109834647e76367090d309dbd11b7a3fb222d04e843 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneGroupEditToolbar.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneGroupEditToolbar.js MD5: d9c79135e1d9ac6e00874267b310834f SHA1: 3223fad5c48bd66011980213730e659d4368be8b SHA256:e790248525245e8196ae8fb0f4cf1403e670961415d337ff5bb4f3cbcd30ef53 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneGroupGrid.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneGroupGrid.js MD5: 1149d312ff12e016397b3d0699a11d44 SHA1: 5110fdb3b7323f27f8a36b55d50903286f241ed2 SHA256:fca401171f8091755938773e970d89f63de6916e040344709fe45b6fd0879f2a Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneGroupManager.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneGroupManager.js MD5: 40fb54f4f5209e4e89ebba565d5e4cff SHA1: 63d09bada4bd27ef6a079ff6ede68a922ac68d57 SHA256:7c0e61b72fd9b190065882a9e37ae980841a1f968772d5a4f69372e3ff6d661f Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneMembersGrid.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneMembersGrid.js MD5: 783bf2aff3d2d6cc58e63460fb70ae86 SHA1: 4fd61a6558f2aa579b396e6afa085c6121428d08 SHA256:b44fb6425dab7171d2f987c2d7b4728cae57dc833ff9f525022472883129a4e7 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GenePage.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GenePage.js MD5: a0875d0a1e4f77cc7fa1fd66707bfff2 SHA1: c6183080f257dc51fb607fe7b9ac02097907ed11 SHA256:a886819651b0e9ebe67c5ec7c3dba052682b99a2498bdbd70e66eff9cbdaea86 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneSearchAndPreview.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneSearchAndPreview.js MD5: 785d7d63754326350ba53c40325e0000 SHA1: 301f1770f0d836ac7578e2f914fbcb898beed3c9 SHA256:10d322ad1e5e66394e4c593d21503d539930788460ce64d528442ff6e8770311 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneSearchComboBox.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/phenotype/form/GeneSearchComboBox.js MD5: 749b3f894e3cc94ccb39eaab58ca2cdf SHA1: 40e87e2e89731076a6856d728cbb59a8e0a044c9 SHA256:4ea86d862b2045d490ca3376026c78e0dfc9f5dab4526c36feea6cbc7f9274f5 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneSetOverlayPicker.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/cytoscape/GeneSetOverlayPicker.js MD5: 99e7cdf7dec26678630116bc16449db3 SHA1: 12f6372ab45d940f21418af8acf15709453d766b SHA256:77cf94e09037cb80895c3a737aa71c9431701159671bd9cfdb76d32e9c02da5f Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneSetPage.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneSetPage.js MD5: 1f6e9f2c2e167a02d2f0e0dd1fad3ae4 SHA1: 843b7e4a21ba650733a969ef2a8850893c8c53c6 SHA256:96ef013efc6a7963992b0a79d14f0424ecf84c378eb1d14dd378dda00d8d6114 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneSetPreview.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneSetPreview.js MD5: 833620a2195c403c8d357a2a1fcff572 SHA1: 66b7d76a2f1393726df39da09a0fb3fb71b03ae6 SHA256:329b4c7da34e5a4e86f9d4e3a7b7bd1aef00475a4a8e5fd69156f8f30e125ac7 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GeneSetSummary.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/gene/GeneSetSummary.js MD5: a7d5c5d61b0d41562f32059209c5632b SHA1: b47d2cff2e08ed67ab8c673acfb405f42126582e SHA256:ba6092ad4903fa4db5012f9eebb4cce66f8709a70123b638d1fa123b56ae3d32 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
GenomeAlignmentsGrid.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/platform/GenomeAlignmentsGrid.js MD5: 6397cc9c40c8b56c12d241f79524e2a2 SHA1: d39fdb11aa9d8efbbf8ec3e974b143b935c584af SHA256:8848669b353aaa16a4beb5d9b62a54dd088bbacddb40e7fc4e0165f0f6858182 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
HdrHistogram-2.2.1.jar
Description:
HdrHistogram supports the recording and analyzing sampled data value
counts across a configurable integer value range with configurable value
precision within the range. Value precision is expressed as the number of
significant digits in the value recording, and provides control over value
quantization behavior across the value range and the subsequent value
resolution at any given level.
License:
Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/
BSD-2-Clause: https://opensource.org/licenses/BSD-2-Clause
File Path: /home/jenkins/.m2/repository/org/hdrhistogram/HdrHistogram/2.2.1/HdrHistogram-2.2.1.jar MD5: da024c845b9456beec00d8890fd8ef51 SHA1: 0eb1feb351f64176c377772a30174e582c0274d5 SHA256:df6afd38afcf79fc5c8e67087ea953c1b83b040176d5f573db4ce91a260fc07c Referenced In Project/Scope: Gemma Web:runtime HdrHistogram-2.2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.micrometer/micrometer-core@1.13.0
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/Heatmap.js MD5: 04a534c9c353d8e88e9ce2ea46b984dd SHA1: 1e41f28b24d681a6f110914fdb3b002deda2638d SHA256:ff7203853afde1b50b569847b588d5be395aec698af3968fac7c25cc9de07683 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
HikariCP-4.0.3.jar
Description:
Ultimate JDBC Connection Pool
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/zaxxer/HikariCP/4.0.3/HikariCP-4.0.3.jar MD5: e725642926105cd1bbf4ad7fdff5d5a9 SHA1: 107cbdf0db6780a065f895ae9d8fbf3bb0e1c21f SHA256:7c024aeff1c1063576d74453513f9de6447d8e624d17f8e27f30a2e97688c6c9 Referenced In Project/Scope: Gemma Web:compile HikariCP-4.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/HomePageAnalysisSearch.js MD5: cd4b01b2edbf680fc141898d32e5bc65 SHA1: e0db6428bd99f72e11e8b209246835c5ffb1c579 SHA256:490834d5cbc67f004041695a20673ae5a02dade853cdf893148d719f6a233fa7 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
InitialTextGridView.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/InitialTextGridView.js MD5: f2bb0a0fca5485004d1ab21ffc65bc72 SHA1: 540da50ac3b64c8c902797e0f3c059fa80f310a9 SHA256:e0bc76d52b74a14ef3eeb3bd5235a5a7acfe08ea7061d0322c6669ff12c20d11 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
InlineHelpFormLayout.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/InlineHelpFormLayout.js MD5: a2a8e1fa4c6ec3ca193698b5ed5fae74 SHA1: 056272e3684a6129d6afbf134af14fb9cd5e97be SHA256:80a8834398c0039963ad45c4c9a493f71fcbcc9607afdb25f6c1ca6e6560dd9e Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
InlineHelpIcon.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/InlineHelpIcon.js MD5: 6d1ac2989698f1653e4fcb4edb644c69 SHA1: 80aa83615203515fb9de2ae0c45d553abddfb359 SHA256:b003a9c96de8c44b9ee3b61e9f37943e23264da0e471d058a0784f3a6c2f085c Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
JRI-0.5-0.jar
File Path: /home/jenkins/.m2/repository/RoSuDA/JRI/0.5-0/JRI-0.5-0.jar MD5: da1c711f9748c288afc2f8574165405f SHA1: 2d9612a95065c291b2ae41fcac28446aa47a8410 SHA256:bcc4b8bd8edc28aa2fbaec6b441fe44e4ed51fb11a310477928460748cf69a04 Referenced In Project/Scope: Gemma Web:runtime JRI-0.5-0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/RoSuDA/JRIEngine/0.5-0/JRIEngine-0.5-0.jar MD5: b0cb089fab38efdc95b200ab931b2efb SHA1: 9751022a2938a4207e178f8c8142d098e4c549d7 SHA256:dd26c4bc37222635388ea5898fc78740f486a384bebcb5ea2fa7e2f4ad453750 Referenced In Project/Scope: Gemma Web:compile JRIEngine-0.5-0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The bit array data structure is implemented in Java as the BitSet class. Unfortunately, this fails to scale without compression.
JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding (RLE) compression scheme.
The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at the expense of storage. However, the EWAH scheme we implemented is always more efficient storage-wise than an uncompressed bitmap (implemented in Java as the BitSet class). Unlike some alternatives, javaewah does not rely on a patented scheme.
File Path: /home/jenkins/.m2/repository/com/googlecode/javaewah/JavaEWAH/0.7.9/JavaEWAH-0.7.9.jar MD5: 3186322b6558b126cef0e00bdbd2466c SHA1: eceaf316a8faf0e794296ebe158ae110c7d72a5a SHA256:fc499deb9153610f735f75817f1c177978d27a95a18e03d7d3849cfcb35abfc4 Referenced In Project/Scope: Gemma Web:compile JavaEWAH-0.7.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
LatencyUtils is a package that provides latency recording and reporting utilities.
License:
Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/
File Path: /home/jenkins/.m2/repository/org/latencyutils/LatencyUtils/2.0.3/LatencyUtils-2.0.3.jar MD5: 2ad12e1ef7614cecfb0483fa9ac6da73 SHA1: 769c0b82cb2421c8256300e907298a9410a2a3d3 SHA256:a32a9ffa06b2f4e01c5360f8f9df7bc5d9454a5d373cd8f361347fa5a57165ec Referenced In Project/Scope: Gemma Web:runtime LatencyUtils-2.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.micrometer/micrometer-core@1.13.0
File Path: /home/jenkins/.m2/repository/org/rosuda/REngine/REngine/2.1.0/REngine-2.1.0.jar MD5: 9377ddb81ad3e37d94926367b410c9fc SHA1: 73c31209d4ac42d669ccf731e8a1d845f601adac SHA256:a268b4d1e0aa0c5ab3a79153764beca2d90087904c7d087b33110fa188fe5c04 Referenced In Project/Scope: Gemma Web:compile REngine-2.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/RadioFieldSet.js MD5: 355640cc02121fa73805f43ad1e2abf8 SHA1: 064023a56cdc6dc79d77cf768b2e213daa0800ac SHA256:ec218ecb86db3fe97e9c4a5493f3615398864f2c30672c7702535f0711acf337 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
RelationCombo.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/annotation/RelationCombo.js MD5: 2c009d6972b75b4a60d1e246b75d9f28 SHA1: f12f18dbb2abc52a7bfdb301a639c17e9d7f0ff5 SHA256:d4a85d50e7a441d78760c1592145e6595220b53e1888be39b9f093cd0e205470 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
Renderers.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/Renderers.js MD5: a88dab506bd6c340d82711e2a7fd6680 SHA1: 1cc946ce4a7048edf85a3041fc52866053964cd6 SHA256:736d40648ebf504e82becf7454da63854ef2a6be07a8ad3c0db98b4b01f77002 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
RowActions.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/RowActions.js MD5: d504180c7f78439725e2dfec52ef82e5 SHA1: 005a4768ebd3e26b7a02c20f26da29a30e3741a2 SHA256:80fdfe4c8b9343255aebfb21b66def6054f1238165f46076e8b7a065bffce7a9 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
RowExpander.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/RowExpander.js MD5: 95aef6ba8076867670a89d1f3eeaf6aa SHA1: 03f1c7163c26b8be443930b250c3a57626b70c33 SHA256:6ccba7f20891cf1e1b66bf5f10ec1380a71fc6ea51a8fd3e02b864387bc44b3e Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
SearchField.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/SearchField.js MD5: fc417876b52ebed5ad9032de9d083fe7 SHA1: c7de05a82e52468aba9d70c34731872745b08fa4 SHA256:05180c72e18c2304ef09c9075c8999ce674e532358066f1d2113f19d2d03d1ae Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
SecurityManager.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/security/SecurityManager.js MD5: f58879834bca54c03619d4ec5154e825 SHA1: 6da96c39a1f8ce9342e4c3094d3c3d6e359adbd3 SHA256:6d11fad880e2055b7cd4af74f4c20676870542a3ff7c582791c01faa59f10798 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
SequenceDetailsPanel.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/platform/SequenceDetailsPanel.js MD5: 1e9d55a4750bb62363e03d2209152b12 SHA1: 4b7ee80884055172d08b030e678d67b834738b4a SHA256:5f6e919be27d96fbbce55757c4108eceacf81b0c22fffebe5b98e99cb7f0af2b Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
SessionBoundSetRegistrationUtils.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/analysisSearch/SessionBoundSetRegistrationUtils.js MD5: e755889ca1ce24a52ed81a77ea96f85f SHA1: 71548b44b082f289b93cb815e34972a6576c9b65 SHA256:d1b9b9ede8221ae6464056a4311a7784e1bf91625e31072d8e9019f7a30f485b Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
SetPreview.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/SetPreview.js MD5: ad317ecad88fef6bc7b2e4267502a662 SHA1: 60480875367da6c67e7948f3fa9c07d5e1e94409 SHA256:dac678edd625fccf1b4f1da5762405237d5f0e1105e424eaa271453bb1a065f8 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
SparseBitSet-1.3.jar
Description:
An efficient sparse bitset implementation for Java
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/zaxxer/SparseBitSet/1.3/SparseBitSet-1.3.jar MD5: fbe27bb4c05e8719b7fff5aa71a57364 SHA1: 533eac055afe3d5f614ea95e333afd6c2bde8f26 SHA256:f76b85adb0c00721ae267b7cfde4da7f71d3121cc2160c9fc00c0c89f8c53c8a Referenced In Project/Scope: Gemma Web:compile SparseBitSet-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/Spinner.js MD5: 5c098879cac2ac5017384d04c0d54244 SHA1: 9c3271bcec8dcd2b1021fd3cfe8e10e5adde001c SHA256:a8387b3d2c6e8c536b42a409517e09f65193c5423378e8180bdc7c743a2b6bf3 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
SpinnerField.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/SpinnerField.js MD5: 0580f6b45db64bf9e6b623baec246671 SHA1: 934f845b823ef4170190c371c57fc0f864478529 SHA256:e90a11e23abc9122648c07ce4cdc4c306c58d7de791c690aa224e7c24021c113 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
StatefulRemoteCombo.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/StatefulRemoteCombo.js MD5: 05c93f5bacb846dcfd30992a6d7aa0ef SHA1: 9fed1d65bb6075d7e84fa71e08f41a49f9101012 SHA256:b99a7744abd81a1477e63aae1fec080dc6b91429a7425bcad8c3242833ce436b Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
StatusBar.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/StatusBar.js MD5: 70719cb2ed60b4ec1f9928e7e47aa4e4 SHA1: abfcbc9109c4f093b6a1a7f30240f32300942103 SHA256:f35ad4b989ec8fa9b3ae321f765e79005102a03f57779d79e3b91c3edc105fc3 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
TaxonCombo.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/TaxonCombo.js MD5: 15a3cf9d2aab9fa551ef490b5f75b288 SHA1: 7b20bed043fa2cfdd43f6ce227dbdfa057aabf25 SHA256:32e99103bad6f8261f16fe3c2080be6ee4ad32058df7bd55ce58e6ca4b606911 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
TreeGrid.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/TreeGrid.js MD5: 46d0204bbbe3c50656a3214151d3c5a7 SHA1: 9530b6170dbe1e0c4ec15087905154bfa6e81497 SHA256:4dca3112c80d4c13c3622bd9ad4b5077a56065da8d15257a221e407c1e9b0f3e Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
TutorialQtips.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/TutorialQtips.js MD5: 55831bb63854deafba123b3cd14897e4 SHA1: c1f10836de76537ce060073771ba104ec1afbe04 SHA256:e1ce14641e8eb619d7cd3c5fd77e1cdb6c1e79219fc9098cbd3df1dd524fa53d Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
UserExpressionDataUpload.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/UserExpressionDataUpload.js MD5: 11a7cbe9cecf943659b5218c7119a16a SHA1: e139ea814f918c392d1fcab6b8dcad1c00367742 SHA256:fd57b0be1cff16fd05c4f0ad3252f40aa37c47dba1a0164307e0510d8d722f9a Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
VisualizationWidget.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/visualization/VisualizationWidget.js MD5: c09132609e6c522edaf9f226c6b7469c SHA1: 60e7cb69f5ad7b6e0cf163b9779c887f577b320c SHA256:15439bd700867c2f9b53443e0ad49cf07e7409ce1330403edecf76eaa4978d86 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
WizardTabPanel.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/WizardTabPanel.js MD5: 3d724e3ed37bad46960aeeac1687822f SHA1: 5e764ee0511ab022fe3368343a5414f45dbde5b0 SHA256:ba9f259f7baeb75c2aafd5b4a989c620af4d7b1b1e839b488bf50e8949d7af00 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
WizardTabPanelItemPanel.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/util/WizardTabPanelItemPanel.js MD5: 755b9a0695869fafde4057aeffab4500 SHA1: de68841c691ca6cf3bddf63c928bf979707711d9 SHA256:16cb4704568fa0317b610be4877a343d6b2de2dc2978c047150586f7ecf7f362 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
activation-1.1.jar
Description:
JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).
License:
Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/jenkins/.m2/repository/javax/activation/activation/1.1/activation-1.1.jar MD5: 8ae38e87cd4f86059c0294a8fe3e0b18 SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50 SHA256:2881c79c9d6ef01c58e62beea13e9d1ac8b8baa16f2fc198ad6e6776defdcdd3 Referenced In Project/Scope: Gemma Web:runtime activation-1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/all/1.1.2/all-1.1.2.pom MD5: b60dd3450b3a8d030f4799dcb273f846 SHA1: f235011206ac009adad2d6607f222649aba5ca9e SHA256:cced6c7973b2f43c84944f21e45f292c94af566f1d6b45915264acb080dd6b67 all-1.1.2.pom is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
A set of annotations used for code inspection support and code documentation.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/jetbrains/annotations/13.0/annotations-13.0.jar MD5: f4fb462172517b46b6cd90003508515a SHA1: 919f0dfe192fb4e063e7dacadee7f8bb9a2672a9 SHA256:ace2a10dc8e2d5fd34925ecac03e4988b2c0f851650c94b8cef49ba1bd111478 Referenced In Project/Scope: Gemma Web:compile annotations-13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2
File Path: /home/jenkins/.m2/repository/org/apache/ant/ant/1.10.14/ant-1.10.14.jar MD5: 263e00d844d0e4efa54440ec5ed6362a SHA1: 1edce9bbfa60dfd51f010879c78f4421dafae7a7 SHA256:4cbbd9243de4c1042d61d9a15db4c43c90ff93b16d78b39481da1c956c8e9671 Referenced In Project/Scope: Gemma Web:compile ant-1.10.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.html
File Path: /home/jenkins/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar MD5: f8f1352c52a4c6a500b597596501fc64 SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0 SHA256:88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c Referenced In Project/Scope: Gemma Web:compile antlr-2.7.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
File Path: /home/jenkins/.m2/repository/org/antlr/antlr4-runtime/4.9.3/antlr4-runtime-4.9.3.jar MD5: 718f199bafa6574ffa1111fa3e10276a SHA1: 81befc16ebedb8b8aea3e4c0835dd5ca7e8523a8 SHA256:131a6594969bc4f321d652ea2a33bc0e378ca312685ef87791b2c60b29d01ea5 Referenced In Project/Scope: Gemma Web:compile antlr4-runtime-4.9.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar MD5: 04177054e180d09e3998808efa0401c7 SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8 SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08 Referenced In Project/Scope: Gemma Web:compile aopalliance-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.security/spring-security-web@3.2.10.RELEASE
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/external/aopalliance-repackaged/2.5.0-b32/aopalliance-repackaged-2.5.0-b32.jar MD5: 99809f55109881865ce8b47f03522fb6 SHA1: 6af37c3f8ec6f9e9653ec837eb508da28ce443cd SHA256:32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6 Referenced In Project/Scope: Gemma Web:compile aopalliance-repackaged-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
aopalliance-repackaged
High
Vendor
jar
package name
aopalliance
Highest
Vendor
Manifest
bundle-docurl
http://www.oracle.com
Low
Vendor
Manifest
bundle-symbolicname
org.glassfish.hk2.external.aopalliance-repackaged
Medium
Vendor
pom
artifactid
aopalliance-repackaged
Highest
Vendor
pom
artifactid
aopalliance-repackaged
Low
Vendor
pom
groupid
org.glassfish.hk2.external
Highest
Vendor
pom
name
aopalliance version repackaged as a module
High
Vendor
pom
name
aopalliance version ${aopalliance.version} repackaged as a module
High
Vendor
pom
parent-artifactid
external
Low
Vendor
pom
parent-groupid
org.glassfish.hk2
Medium
Product
file
name
aopalliance-repackaged
High
Product
jar
package name
aopalliance
Highest
Product
Manifest
bundle-docurl
http://www.oracle.com
Low
Product
Manifest
Bundle-Name
aopalliance version 1.0 repackaged as a module
Medium
Product
Manifest
bundle-symbolicname
org.glassfish.hk2.external.aopalliance-repackaged
Medium
Product
pom
artifactid
aopalliance-repackaged
Highest
Product
pom
groupid
org.glassfish.hk2.external
Highest
Product
pom
name
aopalliance version repackaged as a module
High
Product
pom
name
aopalliance version ${aopalliance.version} repackaged as a module
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/scriptsnonjawr/arbor.js MD5: cbc3d8f56ca5f506253729e079d41814 SHA1: 55105233417b8dbe5834c4dbb9b7cf441c4fc78d SHA256:73dec7a9cf90ba345b5d7eaf5977cac5d840f75ecc96fa25bf1b3717a55daf5e Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
arpack_combined_all-0.1.jar
Description:
Java APIs for the BLAS, LAPACK, and ARPACK Fortran libraries as translated through F2J.
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /home/jenkins/.m2/repository/net/sourceforge/f2j/arpack_combined_all/0.1/arpack_combined_all-0.1.jar MD5: 83d82dd480da2aeba6429e746453ec0b SHA1: 225619a060b42605b4d9fd4af11815664abf26eb SHA256:9964fb948ef213548a79b23dd480af9d72f1450824fa006bbfea211ac1ffa6dc Referenced In Project/Scope: Gemma Web:compile arpack_combined_all-0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/entities/platform/arrayDesign.js MD5: fe07fa83e948c48058c2c8e7cdc6f9e2 SHA1: 82d014c7acd27de5012aadf5add09236a4926157 SHA256:6ee84b0b12f90c3630722add4b16d83f391f59949b57c972ec993f231e5087e0 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
asm-all-repackaged-2.5.0-b32.jar
Description:
org.objectweb.asm.all version repackaged as a module
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/external/asm-all-repackaged/2.5.0-b32/asm-all-repackaged-2.5.0-b32.jar MD5: b7710f0109a9aca153b48fa5474b8a9d SHA1: dc705f1d54cd5a96cbc5a473525e75ef1cb59a9e SHA256:83bd18063fefc7a6352539fde4e3fc7a0ec13734e17f8b787dc1bff5d426820c Referenced In Project/Scope: Gemma Web:compile asm-all-repackaged-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
weaving (LTW) during class-loading and also contains the AspectJ runtime classes.
License:
Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /home/jenkins/.m2/repository/org/aspectj/aspectjweaver/1.9.22.1/aspectjweaver-1.9.22.1.jar MD5: f2edbc088126174a11b68279bd26c6eb SHA1: bca243d0af0db4758fbae45c5f4995cb5dabb612 SHA256:cd2dd01ec2424c05669df4d557f6c6cd7ed87b05257ee3c866b4c5b116b18a78 Referenced In Project/Scope: Gemma Web:compile aspectjweaver-1.9.22.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
Data structures, math and statistics tools, and utilities that are often needed across projects.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/baseCode/baseCode/1.1.23/baseCode-1.1.23.jar MD5: 209fa8b43a8f35843c2dd2657508a350 SHA1: 3d762955f197c680df14a7189201e979bbfa1a59 SHA256:26ac5054f781f5666e96c056f88ccd1e227e90f163bc36b04b48d32ba9ff9fbd Referenced In Project/Scope: Gemma Web:compile baseCode-1.1.23.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/class-model/2.5.0-b32/class-model-2.5.0-b32.jar MD5: b995e20985e420e7bce29be5a35d7aeb SHA1: 017f054f3e91898c0c0fc52163ad904b13c24e8b SHA256:9a4d6e54e48bf71f7669cae5e10277b3dbc438d29c48730c778725a121df8d64 Referenced In Project/Scope: Gemma Web:compile class-model-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
The uber-fast, ultra-lightweight classpath and module scanner for JVM languages.
License:
The MIT License (MIT): http://opensource.org/licenses/MIT
File Path: /home/jenkins/.m2/repository/io/github/classgraph/classgraph/4.8.165/classgraph-4.8.165.jar MD5: 184a77ae08192b53063aa42e540d2d4a SHA1: d7237a1fc235030b7b548eb3d671f714da01e50b SHA256:5258d9218fc6413f4d14218a5a6e784528e349f60f48883b77de74bb478ebafd Referenced In Project/Scope: Gemma Web:compile classgraph-4.8.165.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/color.js MD5: 8053f2b455f4e152c7beb931ed277c0a SHA1: d549d71752f82f5d019ba9c36d34ee31d89cb567 SHA256:f8d34601628fca74fbc9d14f14dd61d80a792e1e40b0abe318ebcd86b16fc96a Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
colt-1.2.0.jar
File Path: /home/jenkins/.m2/repository/colt/colt/1.2.0/colt-1.2.0.jar MD5: f6be558e44de25df08b9f515b2a7ffee SHA1: 0abc984f3adc760684d49e0f11ddf167ba516d4f SHA256:e1fcbfbdd0d0caedadfb59febace5a62812db3b9425f3a03ef4c4cbba3ed0ee3 Referenced In Project/Scope: Gemma Web:compile colt-1.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
The Apache Commons Codec component contains encoder and decoders for
various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
File Path: /home/jenkins/.m2/repository/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.jar MD5: 6c5be822d8d3fa61c3b54c4c8978dfdc SHA1: 47bd4d333fba53406f6c6c51884ddbca435c8862 SHA256:ec87bfb55f22cbd1b21e2190eeda28b2b312ed2a431ee49fbdcc01812d04a5e4 Referenced In Project/Scope: Gemma Web:compile commons-codec-1.16.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar MD5: 4a37023740719b391f10030362c86be6 SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8 SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1 Referenced In Project/Scope: Gemma Web:compile commons-collections4-4.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-configuration2/2.8.0/commons-configuration2-2.8.0.jar MD5: 4bb1f1ad26727cf5966554cb6b9eb073 SHA1: 6a76acbe14d2c01d4758a57171f3f6a150dbd462 SHA256:e5c46e4b0b1acddbc96651838c19d3df70da92dfb5107a6e4c42cb92d3a300bd Referenced In Project/Scope: Gemma Web:compile commons-configuration2-2.8.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-29131 for details
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-29133 for details
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-csv/1.11.0/commons-csv-1.11.0.jar MD5: 670327702ca6f22103531d20d140bc9e SHA1: 8f2dc805097da534612128b7cdf491a5a76752bf SHA256:b697fe3f94cfc4f7e2a87bddf78d15cd10d8c86cbe56ae9196a62d6edbf6b76d Referenced In Project/Scope: Gemma Web:compile commons-csv-1.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
File Path: /home/jenkins/.m2/repository/commons-fileupload/commons-fileupload/1.5/commons-fileupload-1.5.jar MD5: e57ac8a1a6412886a133a2fa08b89735 SHA1: ad4ad2ab2961b4e1891472bd1a33fabefb0385f3 SHA256:51f7b3dcb4e50c7662994da2f47231519ff99707a5c7fb7b05f4c4d3a1728c14 Referenced In Project/Scope: Gemma Web:compile commons-fileupload-1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.
File Path: /home/jenkins/.m2/repository/commons-httpclient/commons-httpclient/3.0.1/commons-httpclient-3.0.1.jar MD5: 456245a3b1b49eb51c57d037acebfefc SHA1: d6364bcc1b2b2aa69d008602d36a700453648560 SHA256:310c8ad76748ee7af743465304533406dc2e70464ce04c7cd410caddd2747bf9 Referenced In Project/Scope: Gemma Web:compile commons-httpclient-3.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/rome/rome-fetcher@1.0
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
File Path: /home/jenkins/.m2/repository/commons-io/commons-io/2.16.1/commons-io-2.16.1.jar MD5: ed8191a5a217940140001b0acfed18d9 SHA1: 377d592e740dc77124e0901291dbfaa6810a200e SHA256:f41f7baacd716896447ace9758621f62c1c6b0a91d89acee488da26fc477c84f Referenced In Project/Scope: Gemma Web:compile commons-io-2.16.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
File Path: /home/jenkins/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar MD5: 4d5c1693079575b362edf41500630bbd SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2 SHA256:50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c Referenced In Project/Scope: Gemma Web:compile commons-lang-2.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.jayway.jsonpath/json-path@0.8.1
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.jar MD5: 4e5c3f5e6b0b965ef241d7d72ac8971f SHA1: 1ed471194b02f2c6cb734a0cd6f6f107c673afae SHA256:7b96bf3ee68949abb5bc465559ac270e0551596fa34523fddf890ec418dde13c Referenced In Project/Scope: Gemma Web:compile commons-lang3-3.14.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/commons-logging/commons-logging/1.3.2/commons-logging-1.3.2.jar MD5: 4b970f3b14a5e53d8e8edff1cf2ecd91 SHA1: 3dc966156ef19d23c839715165435e582fafa753 SHA256:6b858424f518015f32bfcd1183a373f4a827d72d026b6031da0c91cf0e8f3489 Referenced In Project/Scope: Gemma Web:compile commons-logging-1.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.
License:
The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /home/jenkins/.m2/repository/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar MD5: 4374238076ab08e60e0d296234480837 SHA1: 7d4cf5231d46c8524f9b9ed75bb2d1c69ab93322 SHA256:33a4dd47bb4764e4eb3692d86386d17a0d9827f4f4bb0f70121efab6bc03ba35 Referenced In Project/Scope: Gemma Web:compile commons-logging-api-1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar MD5: 5b730d97e4e6368069de1983937c508e SHA1: e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf SHA256:1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308 Referenced In Project/Scope: Gemma Web:compile commons-math3-3.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/commons-net/commons-net/3.10.0/commons-net-3.10.0.jar MD5: 84511bcbcbd37725fd1a53360e0c3fd6 SHA1: 86762ea0ac98fd41c91745a32d496a985e2bd5e7 SHA256:2230eec44ef4b8112ea09cbeb6de826977abe792e627cee2770e35ca8c39dce1 Referenced In Project/Scope: Gemma Web:compile commons-net-3.10.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
Apache Commons Text is a set of utility functions and reusable components for the purpose of processing
and manipulating text that should be of use in a Java environment.
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-text/1.12.0/commons-text-1.12.0.jar MD5: 544add6fbc8d4b100b07c3692d08099e SHA1: 66aa90dc099701c4d3b14bd256c328f592ccf0d6 SHA256:de023257ff166044a56bd1aa9124e843cd05dac5806cc705a9311f3556d5a15f Referenced In Project/Scope: Gemma Web:compile commons-text-1.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
Public domain, Sun Microsoystems: >http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.html
File Path: /home/jenkins/.m2/repository/concurrent/concurrent/1.3.4/concurrent-1.3.4.jar MD5: f29b9d930d3426ebc56919eba10fbd4d SHA1: 1cf394c2a388199db550cda311174a4c6a7d117c SHA256:12639def9a5b5ebf56040ab764bd42b7e662523d3b983e5d5da04bf37be152f9 Referenced In Project/Scope: Gemma Web:compile concurrent-1.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/colt/colt@1.2.0
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/config-types/2.5.0-b32/config-types-2.5.0-b32.jar MD5: 6ad3a1e788c84830ffc2f3a4454ce5ee SHA1: 686bbe7f80b1b879d64c06bc6606c97721a795f2 SHA256:21b4c91cfe7f3a78802fe1c63fbe738a664e1ba21ee29177442ff2c75b798d7b Referenced In Project/Scope: Gemma Web:compile config-types-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/core/1.1.2/core-1.1.2.jar MD5: ab845840ad73fa2ec1a5025a7c48b97e SHA1: 574b480eca62f535fad6d259e144fee3ef24b66e SHA256:5ffaddee0a3f8d09a56064aa05feb95837ddad9d42d9dcc37479c66e869aa139 Referenced In Project/Scope: Gemma Web:compile core-1.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/org/dom4j/dom4j/2.1.4/dom4j-2.1.4.jar MD5: 8246840e53db2781ca941e4d3f9ad715 SHA1: 35c16721b88cf17b8279fcb134c0abb161cc0e9b SHA256:235a9167a8a199be04b5326d92927ca0adeb90d11f69fe2e821b34ce8433b591 Referenced In Project/Scope: Gemma Web:runtime dom4j-2.1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
DWR is easy Ajax for Java. It makes it simple to call Java code directly from Javascript.
It gets rid of almost all the boiler plate code between the web browser and your Java code.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/directwebremoting/dwr/2.0.11-RELEASE/dwr-2.0.11-RELEASE.jar MD5: 9c4f14c69b863e43632f8db41cbb71c3 SHA1: 4b8d5615d93c575909f5936098c5a7bd3c7b17bb SHA256:3edaf099cabe669b994d54fe2ade38028c60bbb87e88530ebbfccecc3acbd741 Referenced In Project/Scope: Gemma Web:compile dwr-2.0.11-RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/dwrServices.js MD5: b60c638ea7b4e60d5fe2a76a74961fe7 SHA1: 7bd76fe792d1cf3551b45115f718aa525bcab055 SHA256:d5cf0e76ed46ceba2e0a1fb1f8a0fc558573a8cbd3b5e4160c4255a40717c48c Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
editUser.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/editUser.js MD5: 2a7304609a58dcc17cf6b5334ed555bf SHA1: 30023f3d49d21d980815e88c9a848798b9c05f84 SHA256:ef52ebeaf242022df29b3357b7551077d3bf0ce68167cac7917d9e9b09725112 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
eeDataFetch.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/eeDataFetch.js MD5: 0b934b860d52e2147f619f687d7461a0 SHA1: bdaa1780ace60bbc2c9ff3c411106cfaeb65e387 SHA256:b9aeee41e23739c52ce3a5177dc6a811ffc3e7c78736dd28396a88a5b474314e Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
eeDesignMatrix.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/eeDesignMatrix.js MD5: a2ce64392117742ef610051ba961f212 SHA1: 2cad43a8714c169985fd1e9351ce2aafacb70281 SHA256:8076fb91554d39ce3554a687055065cc925c1b90015cbe14af63dccfe8ee3072 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
ehcache-core-2.4.3.jar
Description:
This is the ehcache core module. Pair it with other modules for added
functionality.
License:
The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt
File Path: /home/jenkins/.m2/repository/net/sf/ehcache/ehcache-core/2.4.3/ehcache-core-2.4.3.jar MD5: 9d4b1464a2fcbc16ae46740669a0dab8 SHA1: fd258ef6959f27fb678b04f90139ded4588e2d15 SHA256:9b93a12cda08e7ad4d567d2027d292e67ee726da0cbb330f5de0e90aeb1d3fd1 Referenced In Project/Scope: Gemma Web:compile ehcache-core-2.4.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 (Ext JS) allows remote attackers to read arbitrary files via a .. (dot dot) in the feed parameter. NOTE: analysis by third party researchers indicates that this issue might be platform dependent.
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/ext/extensions/extjs_fontawesome.js MD5: 34272480b735be0e8021aa81c9fb76f4 SHA1: 9f9f62ab8d753bf3a4c1e90095c0496e14cff05f SHA256:2798f1dff23a461616c46bdfdc8b75bbf5a645dcc8c3938fa959da9c7c705d75 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
flotr2.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/flotr2.js MD5: 506699edf51625bf90e639e766ad42a7 SHA1: c0a3c0ff56745f907bf63300e93576ee9d359816 SHA256:149d4c691d28a3fdffd30aa5f19e2b23fde7f097f0a5cca629c8dd244d9c4016 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
gemma-gsec-0.0.16.jar
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/pavlab/gemma-gsec/0.0.16/gemma-gsec-0.0.16.jar MD5: f28b6a8bd682b7e4806493f9e2328f7c SHA1: 40e5cd542c29de0474c151076c9f604c866a3a9f SHA256:4ff346e56a7de22605181eb5b05c2445840b62644b376d0ace3adc081f13e650 Referenced In Project/Scope: Gemma Web:compile gemma-gsec-0.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/com/google/code/gson/gson/2.10.1/gson-2.10.1.jar MD5: df6097815738cb31fc56391553210843 SHA1: b3add478d4382b78ea20b1671390a858002feb6c SHA256:4241c14a7727c34feea6507ec801318a3d4a90f070e4525681079fb94ee4c593 Referenced In Project/Scope: Gemma Web:compile gson-2.10.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/faces/helvetiker-normal-normal.js MD5: 40013a32b6b084c2e5c477d4c6ad26bf SHA1: 265615d33fb3f2ef7a7920e7fc7e647be865161a SHA256:0020f8eb7a35548916af97759ead2ba529c59fb0daec4706376d539f4a6e3031 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
hibernate-commons-annotations-4.0.2.Final.jar
Description:
Common reflection code used in support of annotation processing
License:
GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/jenkins/.m2/repository/org/hibernate/common/hibernate-commons-annotations/4.0.2.Final/hibernate-commons-annotations-4.0.2.Final.jar MD5: 916d4ddfb26db16da75ee8f973fd08ad SHA1: 0094edcc5572efb02e123cc9ef7ad7d0fa5f76cf SHA256:ae6b6708a03a144265ac7bf1def64b18def3b6576a8a52d7a6787d9cf00aa0ec Referenced In Project/Scope: Gemma Web:compile hibernate-commons-annotations-4.0.2.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/jenkins/.m2/repository/org/hibernate/hibernate-core/4.2.21.Final/hibernate-core-4.2.21.Final.jar MD5: 492567c1f36fb3a5968ca2d3c452edaf SHA1: bb587d00287c13d9e4324bc76c13abbd493efa81 SHA256:7c33583de97e42b95c530e7e4752efbdbd46a566f7708ff0e8cf490203db74e3 Referenced In Project/Scope: Gemma Web:compile hibernate-core-4.2.21.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Hibernate definition of the Java Persistence 2.0 (JSR 317) API.
License:
license.txt
File Path: /home/jenkins/.m2/repository/org/hibernate/javax/persistence/hibernate-jpa-2.0-api/1.0.1.Final/hibernate-jpa-2.0-api-1.0.1.Final.jar MD5: d7e7d8f60fc44a127ba702d43e71abec SHA1: 3306a165afa81938fc3d8a0948e891de9f6b192b SHA256:bacfb6460317d421aa2906d9e63c293b69dc1a5dac480d0f6416df50796a4bb3 Referenced In Project/Scope: Gemma Web:compile hibernate-jpa-2.0-api-1.0.1.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
the core of the Object/Lucene mapper, query engine and index management
File Path: /home/jenkins/.m2/repository/org/hibernate/hibernate-search-engine/4.4.6.Final/hibernate-search-engine-4.4.6.Final.jar MD5: 9e9d56601b801f8d22a95f93aa14b599 SHA1: b3395324b7a3ff069ceae3f929805859b6f78cd4 SHA256:c4b6df8b2045f512f65559ad0a0ad370f8dc2a41a1854142c0a826cd3f30d86c Referenced In Project/Scope: Gemma Web:compile hibernate-search-engine-4.4.6.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
File Path: /home/jenkins/.m2/repository/org/hibernate/hibernate-search-orm/4.4.6.Final/hibernate-search-orm-4.4.6.Final.jar MD5: 211a4877ef941c8f754e22f049076b27 SHA1: 306bbf61e5c9d5e807cf178f20de09ce65bf088d SHA256:62703d15aa0d11376b263e0d25abdbc25242975c62260f1795d0eae8ba6990b0 Referenced In Project/Scope: Gemma Web:compile hibernate-search-orm-4.4.6.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2/2.5.0-b32/hk2-2.5.0-b32.jar MD5: 31e1db921be02e0d5af049306502e730 SHA1: 0c3accae585955e49c771d464899e906ecc9ffb4 SHA256:544704ba09f01b7079b4280c9f45c73221693e37f3f3de77953d53cbe8c3b4dc Referenced In Project/Scope: Gemma Web:compile hk2-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-api/2.5.0-b32/hk2-api-2.5.0-b32.jar MD5: 93322931c4ec277c5190c7cddf7ad155 SHA1: 6a576c9653832ce610b80a2f389374ef19d96171 SHA256:b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2 Referenced In Project/Scope: Gemma Web:compile hk2-api-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-config/2.5.0-b32/hk2-config-2.5.0-b32.jar MD5: 6ea901d4ede7a568fda9c3b91bebc648 SHA1: dce05ac4225dbc0c1c382ad02e3b5bee51f0168a SHA256:7aa82ea0bfbfe68959473414a5cb12b3a3a288795f18b1187043ae9b953e81c3 Referenced In Project/Scope: Gemma Web:compile hk2-config-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-core/2.5.0-b32/hk2-core-2.5.0-b32.jar MD5: 9b0ee99635dcb6e04100698d4f805c90 SHA1: 8cb6a8a9522ec523b7740d29f555bdbe9d936af2 SHA256:ad86f38c17d4c0d2d4b7972ef64ae92383beb5751f05ddf8fe98da574f8412e1 Referenced In Project/Scope: Gemma Web:compile hk2-core-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-locator/2.5.0-b32/hk2-locator-2.5.0-b32.jar MD5: 5baf0f144cf8552a9fe476b096fc18a7 SHA1: 195474f8ad0a8d130e9ea949a771bcf1215fc33b SHA256:27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492 Referenced In Project/Scope: Gemma Web:compile hk2-locator-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/hk2-utils/2.5.0-b32/hk2-utils-2.5.0-b32.jar MD5: acc873aece4f8e89814ac0300b549e3e SHA1: 5108a926988c4ceda7f1e681dddfe3101454a002 SHA256:3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e Referenced In Project/Scope: Gemma Web:compile hk2-utils-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/httpcomponents/httpclient/4.5.14/httpclient-4.5.14.jar MD5: 2cb357c4b763f47e58af6cad47df6ba3 SHA1: 1194890e6f56ec29177673f2f12d0b8e627dec98 SHA256:c8bc7e1c51a6d4ce72f40d2ebbabf1c4b68bfe76e732104b04381b493478e9d6 Referenced In Project/Scope: Gemma Web:compile httpclient-4.5.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/org/apache/httpcomponents/httpcore/4.4.16/httpcore-4.4.16.jar MD5: 28d2cd9bf8789fd2ec774fb88436ebd1 SHA1: 51cf043c87253c9f58b539c9f7e44c8894223850 SHA256:6c9b3dd142a09dc468e23ad39aad6f75a0f2b85125104469f026e52a474e464f Referenced In Project/Scope: Gemma Web:compile httpcore-4.4.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/indexer.js MD5: aa46495eb50f856ea75dd9dc9d6b5f06 SHA1: 4d19636b27bb87f29566f89e7fae303aa16ed93a SHA256:a6fecbf5e9c99da2e5026de23a249419d5d63728e438c233e48936557b01c61a Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
jackson-core-2.17.1.jar
Description:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.17.1/jackson-core-2.17.1.jar MD5: 9363584821290882417f1c3ceab784df SHA1: 5e52a11644cd59a28ef79f02bddc2cc3bab45edb SHA256:ddb26c8a1f1a84535e8213c48b35b253370434e3287b3cf15777856fc4e58ce6 Referenced In Project/Scope: Gemma Web:compile jackson-core-2.17.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
General data-binding functionality for Jackson: works on core streaming API
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.17.1/jackson-databind-2.17.1.jar MD5: f0a1c37dc7d937f14e183d84f15c0f83 SHA1: 0524dcbcccdde7d45a679dfc333e4763feb09079 SHA256:b6ca2f7d5b1ab245cec5495ec339773d2d90554c48592590673fb18f4400a948 Referenced In Project/Scope: Gemma Web:compile jackson-databind-2.17.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.16.2/jackson-dataformat-yaml-2.16.2.jar MD5: 195173d37b475172610d4830fb66e506 SHA1: 13088f6762211f264bc0ebf5467be96d8e9e3ebf SHA256:df33f4dd29f975600d3ac2e7c891ef7a9bce33f0715680df479c63a44ddc8fa9 Referenced In Project/Scope: Gemma Web:compile jackson-dataformat-yaml-2.16.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.16.2/jackson-datatype-jsr310-2.16.2.jar MD5: 17b881ce122838518321585edd2e8586 SHA1: 58e86108e4b1b1e893e7a69b1bbca880acfca143 SHA256:9d03ad6d47b5f9951b75fb0cae0760156fa827794730cd5ef6cd79d3785cc9c0 Referenced In Project/Scope: Gemma Web:compile jackson-datatype-jsr310-2.16.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.8.4/jackson-jaxrs-base-2.8.4.jar MD5: a4f28b06972a3a1228f00d391a78c528 SHA1: 6c0ceb3c9fed2e225b0cc2a45533574df393f606 SHA256:f33eebc483f6f23a3afb160a5d0199aa9e932f0bd554a2f04ad0e26b3d80e2dc Referenced In Project/Scope: Gemma Web:compile jackson-jaxrs-base-2.8.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.8.4/jackson-jaxrs-json-provider-2.8.4.jar MD5: 1d6803bb4c746d7dc561805d31e831b1 SHA1: 839366ece31829a19cb15719b2b54a3f9f91148d SHA256:27e4110361836b62e3fdb8909e058518ef2f0e208ee744b4daf4ce2d644726c7 Referenced In Project/Scope: Gemma Web:compile jackson-jaxrs-json-provider-2.8.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.8.4/jackson-module-jaxb-annotations-2.8.4.jar MD5: 2f72f2cfedb7f9db842ca4b3cdd4a97a SHA1: d2eec7cf6c4284f7d5f0b1a72dc7cfa9d6bb579d SHA256:07fa24560b69913166d584eb4806e09515e6dd5f2a6858defa1239119466c790 Referenced In Project/Scope: Gemma Web:compile jackson-module-jaxb-annotations-2.8.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/com/sun/activation/jakarta.activation/1.2.2/jakarta.activation-1.2.2.jar MD5: 0b8bee3bf29b9a015f8b992035581a7c SHA1: 74548703f9851017ce2f556066659438019e7eb5 SHA256:02156773e4ae9d048d14a56ad35d644bee9f1052a791d072df3ded3c656e6e1a Referenced In Project/Scope: Gemma Web:runtime jakarta.activation-1.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.sun.xml.messaging.saaj/saaj-impl@1.5.3
Provides the API for creating and building SOAP messages.
License:
Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/jenkins/.m2/repository/jakarta/xml/soap/jakarta.xml.soap-api/1.4.2/jakarta.xml.soap-api-1.4.2.jar MD5: d19eb8a4a5401296985db733868425e0 SHA1: 4f71fa8ca30be4d04ba658339df3c927fa21209a SHA256:0b2e9db574869c09b18e7fe87482be2e4e14b3f3cc8207646595806eede77706 Referenced In Project/Scope: Gemma Web:runtime jakarta.xml.soap-api-1.4.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.sun.xml.messaging.saaj/saaj-impl@1.5.3
File Path: /home/jenkins/.m2/repository/org/javassist/javassist/3.30.2-GA/javassist-3.30.2-GA.jar MD5: f5b827b8ddec0629cc7a6d7dafc45999 SHA1: 284580b5e42dfa1b8267058566435d9e93fae7f7 SHA256:eba37290994b5e4868f3af98ff113f6244a6b099385d9ad46881307d3cb01aaf Referenced In Project/Scope: Gemma Web:runtime javassist-3.30.2-GA.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
File Path: /home/jenkins/.m2/repository/javax/activation/javax.activation-api/1.2.0/javax.activation-api-1.2.0.jar MD5: 5e50e56bcf4a3ef3bc758f69f7643c3b SHA1: 85262acf3ca9816f9537ca47d5adeabaead7cb16 SHA256:43fdef0b5b6ceb31b0424b208b930c74ab58fac2ceeb7b3f6fd3aeb8b5ca4393 Referenced In Project/Scope: Gemma Web:compile javax.activation-api-1.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/jenkins/.m2/repository/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar MD5: 75fe320d2b3763bd6883ae1ede35e987 SHA1: 479c1e06db31c432330183f5cae684163f186146 SHA256:5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04 Referenced In Project/Scope: Gemma Web:compile javax.annotation-api-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/external/javax.inject/2.5.0-b32/javax.inject-2.5.0-b32.jar MD5: b7e8633eb1e5aad9f44a37a3f3bfa8f5 SHA1: b2fa50c8186a38728c35fe6a9da57ce4cc806923 SHA256:437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed Referenced In Project/Scope: Gemma Web:compile javax.inject-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
javax.inject
High
Vendor
jar
package name
inject
Highest
Vendor
jar
package name
javax
Highest
Vendor
Manifest
bundle-docurl
http://www.oracle.com
Low
Vendor
Manifest
bundle-symbolicname
org.glassfish.hk2.external.javax.inject
Medium
Vendor
pom
artifactid
javax.inject
Highest
Vendor
pom
artifactid
javax.inject
Low
Vendor
pom
groupid
org.glassfish.hk2.external
Highest
Vendor
pom
name
javax.inject: as OSGi bundle
High
Vendor
pom
name
javax.inject:${javax-inject.version} as OSGi bundle
High
Vendor
pom
parent-artifactid
external
Low
Vendor
pom
parent-groupid
org.glassfish.hk2
Medium
Product
file
name
javax.inject
High
Product
jar
package name
inject
Highest
Product
jar
package name
javax
Highest
Product
Manifest
bundle-docurl
http://www.oracle.com
Low
Product
Manifest
Bundle-Name
javax.inject:1 as OSGi bundle
Medium
Product
Manifest
bundle-symbolicname
org.glassfish.hk2.external.javax.inject
Medium
Product
pom
artifactid
javax.inject
Highest
Product
pom
groupid
org.glassfish.hk2.external
Highest
Product
pom
name
javax.inject: as OSGi bundle
High
Product
pom
name
javax.inject:${javax-inject.version} as OSGi bundle
File Path: /home/jenkins/.m2/repository/com/sun/mail/javax.mail/1.6.2/javax.mail-1.6.2.jar MD5: 0b81d022797740d72d21620781841374 SHA1: 935151eb71beff17a2ffac15dd80184a99a0514f SHA256:45b515e7104944c09e45b9c7bb1ce5dff640486374852dd2b2e80cc3752dfa11 Referenced In Project/Scope: Gemma Web:runtime javax.mail-1.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
CDDL + GPLv2 with classpath exception: https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /home/jenkins/.m2/repository/javax/resource/javax.resource-api/1.7.1/javax.resource-api-1.7.1.jar MD5: 41f26638ff807ef37845d6d89ef0e694 SHA1: f86b4d697ecd992ec6c4c6053736db16d41dc57f SHA256:c75bd698263abd9c8c773e3b433a4da2c983fbc92a0a4ef5fc3286e62f41e411 Referenced In Project/Scope: Gemma Web:compile javax.resource-api-1.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.transaction/blob/master/LICENSE
File Path: /home/jenkins/.m2/repository/javax/transaction/javax.transaction-api/1.3/javax.transaction-api-1.3.jar MD5: 6e9cb1684621821248b6823143ae26c0 SHA1: e006adf5cf3cca2181d16bd640ecb80148ec0fce SHA256:603df5e4fc1eeae8f5e5d363a8be6c1fa47d0df1df8739a05cbcb9fafd6df2da Referenced In Project/Scope: Gemma Web:compile javax.transaction-api-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/javax.resource/javax.resource-api@1.7.1
File Path: /home/jenkins/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.0.1/javax.ws.rs-api-2.0.1.jar MD5: edcd111cf4d3ba8ac8e1f326efc37a17 SHA1: 104e9c2b5583cfcfeac0402316221648d6d8ea6b SHA256:38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d Referenced In Project/Scope: Gemma Web:compile javax.ws.rs-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
Javascript/CSS bundling and compressing tool for java web apps.
By using jawr resources are automatically bundled together and optionally minified and gzipped.
Jawr provides tag libraries to reference a generated bundle either by id or by using the name of any of its members.
File Path: /home/jenkins/.m2/repository/net/jawr/jawr-core/3.9/jawr-core-3.9.jar MD5: f7615f9921db47ae876992bc36dc9c08 SHA1: ec6f341cf39fca76a16b4bfde3a0afe3ff434490 SHA256:a81958004d12f4f2d68aa5594ba9a0415e808e3e2b85695eeddaacfdb03ff60a Referenced In Project/Scope: Gemma Web:compile jawr-core-3.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/net/jawr/extensions/jawr-dwr2.x-extension/3.9/jawr-dwr2.x-extension-3.9.jar MD5: dba4f13687996017c0b5b3ea081d1f73 SHA1: 189505de6950cf9b6d7c6a9ab396e7b9539ea82e SHA256:5b42e2ce185b283a2a3c8e7b97822e535c75e292af37f85fb83c6f88d8ddd0d3 Referenced In Project/Scope: Gemma Web:runtime jawr-dwr2.x-extension-3.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/javax/xml/bind/jaxb-api/2.3.1/jaxb-api-2.3.1.jar MD5: bcf270d320f645ad19f5edb60091e87f SHA1: 8531ad5ac454cc2deb9d4d32c40c4d7451939b5d SHA256:88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06 Referenced In Project/Scope: Gemma Web:compile jaxb-api-2.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/jboss/jboss-ejb3x/4.2.2.GA/jboss-ejb3x-4.2.2.GA.jar MD5: d16f3d4ae032297b792b42f54879eeb0 SHA1: b11f499d19a6346b1446146307131ec901081bfd SHA256:17a8db82cd60b9336adc3d13eacc5cf2aaf85f821338503cecad1875e0f6e64c Referenced In Project/Scope: Gemma Web:compile jboss-ejb3x-4.2.2.GA.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
GNU Lesser General Public License, version 2.1: http://www.gnu.org/licenses/lgpl-2.1.txt
File Path: /home/jenkins/.m2/repository/org/jboss/logging/jboss-logging/3.1.0.GA/jboss-logging-3.1.0.GA.jar MD5: 735bcea3e47fd715900cfb95ec68b50f SHA1: c71f2856e7b60efe485db39b37a31811e6c84365 SHA256:dea2fe7895033bdbbe2c1688ad08a0588d9d9b0f17d53349081cc20dda31353e Referenced In Project/Scope: Gemma Web:compile jboss-logging-3.1.0.GA.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
Common Development and Distribution License: http://repository.jboss.org/licenses/cddl.txt
GNU General Public License, Version 2 with the Classpath Exception: http://repository.jboss.org/licenses/gpl-2.0-ce.txt
File Path: /home/jenkins/.m2/repository/org/jboss/spec/javax/transaction/jboss-transaction-api_1.1_spec/1.0.1.Final/jboss-transaction-api_1.1_spec-1.0.1.Final.jar MD5: 679cd909d6130e6bf467b291031e1e2d SHA1: 18f0e1d42f010a8b53aa447bf274a706d5148852 SHA256:d9ccc72cdcf5450fcb8cc614b4930261d5cc5b40da6b3be783308cebcd100723 Referenced In Project/Scope: Gemma Web:compile jboss-transaction-api_1.1_spec-1.0.1.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.hibernate/hibernate-core@4.2.21.Final
File Path: /home/jenkins/.m2/repository/jdom/jdom/1.0/jdom-1.0.jar MD5: 0b8f97de82fc9529b1028a77125ce4f8 SHA1: a2ac1cd690ab4c80defe7f9bce14d35934c35cec SHA256:3b23bc3979aec14a952a12aafc483010dc57579775f2ffcacef5256a90eeda02 Referenced In Project/Scope: Gemma Web:compile jdom-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/rome/rome@1.0
Jena is a Java framework for building Semantic Web applications. It provides a programmatic environment for RDF, RDFS and OWL, SPARQL and includes a rule-based inference engine.
File Path: /home/jenkins/.m2/repository/org/apache/jena/jena-core/2.13.0/jena-core-2.13.0.jar MD5: 21d03d936cee3e62c22978cb73115a28 SHA1: 74f2536cd41a23892acd1ef4c016bed29c81994c SHA256:5423ddf5ca2541311aadad2301743522e52bf86645fbaacc47e3a992aa9bef59 Referenced In Project/Scope: Gemma Web:compile jena-core-2.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
CWE-611 Improper Restriction of XML External Entity Reference
The IRI module provides an implementation of the IRI and URI specifications (RFC 3987 and 3986) which are used across Jena in order to comply with relevant W3C specifications for RDF and SPARQL which require conformance to these specifications.
File Path: /home/jenkins/.m2/repository/org/apache/jena/jena-iri/1.1.2/jena-iri-1.1.2.jar MD5: eca2119771d9114c440014045cbe216b SHA1: 533fb3ae5e839c84227688e7c92c946131d6886e SHA256:6ecb4f137f9495cedf6ac5ea799905106955092905996c5674989958c12d6d94 Referenced In Project/Scope: Gemma Web:compile jena-iri-1.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
CWE-611 Improper Restriction of XML External Entity Reference
File Path: /home/jenkins/.m2/repository/org/glassfish/jersey/core/jersey-common/2.25.1/jersey-common-2.25.1.jar MD5: d1f25f421cafb38efb49e2fef0799339 SHA1: 2438ce68d4907046095ab54aa83a6092951b4bbb SHA256:4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f Referenced In Project/Scope: Gemma Web:compile jersey-common-2.25.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.
CWE-378 Creation of Temporary File With Insecure Permissions
File Path: /home/jenkins/.m2/repository/org/glassfish/jersey/core/jersey-server/2.25.1/jersey-server-2.25.1.jar MD5: 92dad916eab7a19c5398838a78ee9cab SHA1: 276e2ee0fd1cdabf99357fce560c5baab675b1a2 SHA256:4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae Referenced In Project/Scope: Gemma Web:compile jersey-server-2.25.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
JFreeChart is a class library, written in Java, for generating charts.
Utilising the Java2D API, it supports a wide range of chart types including
bar charts, pie charts, line charts, XY-plots, time series plots, Sankey charts
and more.
License:
GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txt
File Path: /home/jenkins/.m2/repository/org/jfree/jfreechart/1.5.4/jfreechart-1.5.4.jar MD5: 36e760314d688997c7e5ad135a3efc44 SHA1: 9a5edddb05a3ca4fbc0628c594e6641a6f36a3b4 SHA256:cd0649b04b64f2638b55c7c3ac24788ff064b777bbbaf1b952f82ee078ed8b81 Referenced In Project/Scope: Gemma Web:compile jfreechart-1.5.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
File Path: /home/jenkins/.m2/repository/com/github/fommil/jniloader/1.1/jniloader-1.1.jar MD5: a9f5b7619b4329c6b6588a5d25164949 SHA1: 4840f897eeb54d67ee14e478f8a45cc9937f3ce1 SHA256:2f1def54f30e1db5f1e7f2fd600fe2ab331bd6b52037e9a21505c237020b5573 Referenced In Project/Scope: Gemma Web:compile jniloader-1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/cytoscapejs/cytoscape.js-cxtmenu/jquery.cytoscape.js-cxtmenu.js MD5: 0876a6218b07b8ee459cc8bed54a85ca SHA1: 5c7ea2fdc1a94ef50afe204fcaf981bd94c07c48 SHA256:28448d439ef8de38dbf91526e4877b4818a01a3d23235d5f682afde3a7ac9607 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
jquery.cytoscape.js-panzoom.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/cytoscapejs/cytoscape.js-panzoom/jquery.cytoscape.js-panzoom.js MD5: e557936bdee55d04703298f8d048b481 SHA1: 7a3f399fa1cfb840067f561cc488180063137560 SHA256:93332a91fc3eaf6ba89e5d0b2b6e409a1fbb0473fef93cb7fb28da811145422c Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
jquery.jshowoff.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/jquery.jshowoff.js MD5: 3f8b169be1571502e5e2fdaa3fc7ff1c SHA1: a7ed3c3f753a702546a38b59b8c0df654589647c SHA256:4efe2348651fc25f191fec24f7e41bab9821e5c5e59e4154a7fe64f6e9dc5fdf Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
jquery.qtip.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/jquery.qtip.js MD5: c2063fb73e8498b14d98b7ed1ebbfba9 SHA1: c7135dbde869c2f1a8b904e997ea6e131d9c7d7c SHA256:7268b880abe4387cf6a93889b643ed3578a1683babb5116ecd7a5f48cdb27194 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
jquery.sparkline.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/jquery.sparkline.js MD5: 928592f222218fff51ad5020b4a7f69d SHA1: 8b43e4a7f7116a00146dc18eec06947bb62ac1c1 SHA256:fac66d92386c229eaf21e7a29d7c1cd949eac8d339e31112fae7e650bfaecbe5 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
json-20231013.jar
Description:
JSON is a light-weight, language independent, data interchange format.
See http://www.JSON.org/
The files in this package implement JSON encoders/decoders in Java.
It also includes the capability to convert between JSON and XML, HTTP
headers, Cookies, and CDL.
This is a reference implementation. There are a large number of JSON packages
in Java. Perhaps someday the Java community will standardize on one. Until
then, choose carefully.
License:
Public Domain: https://github.com/stleary/JSON-java/blob/master/LICENSE
File Path: /home/jenkins/.m2/repository/org/json/json/20231013/json-20231013.jar MD5: 1a0702c57783ce9e948252c34644f328 SHA1: e22e0c040fe16f04ffdb85d851d77b07fc05ea52 SHA256:0f18192df289114e17aa1a0d0a7f8372cc9f5c7e4f7e39adcf8906fe714fa7d3 Referenced In Project/Scope: Gemma Web:compile json-20231013.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar MD5: dd83accb899363c32b07d7a1b2e4ce40 SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7 Referenced In Project/Scope: Gemma Web:compile jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib/1.8.21/kotlin-stdlib-1.8.21.jar MD5: e4424cf44b4f8f7cd1517eafdda2f6a7 SHA1: 43d50ab85bc7587adfe3dda3dbe579e5f8d51265 SHA256:042a1cd1ac976cdcfe5eb63f1d8e0b0b892c9248e15a69c8cfba495d546ea52a Referenced In Project/Scope: Gemma Web:compile kotlin-stdlib-1.8.21.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-common/1.9.10/kotlin-stdlib-common-1.9.10.jar MD5: de4024a53c843e959f2d50ecd1f0e951 SHA1: dafaf2c27f27c09220cee312df10917d9a5d97ce SHA256:cde3341ba18a2ba262b0b7cf6c55b20c90e8d434e42c9a13e6a3f770db965a88 Referenced In Project/Scope: Gemma Web:compile kotlin-stdlib-common-1.9.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2
File Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-core/2.23.1/log4j-core-2.23.1.jar MD5: 34fad2df975cf874a2fdf4b797122f16 SHA1: 905802940e2c78042d75b837c136ac477d2b4e4d SHA256:7079368005fc34f56248f57f8a8a53361c3a53e9007d556dbc66fc669df081b5 Referenced In Project/Scope: Gemma Web:compile log4j-core-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-slf4j-impl/2.23.1/log4j-slf4j-impl-2.23.1.jar MD5: c5a27e08e18600d379d0ca72d71838b8 SHA1: 9ef67909a1b4eae999af4c7a211ab2379e4b86c2 SHA256:210742c8fb85b0dcc26a9d74a32fbc828e0429087dee3d2920d4a76b1eb96d91 Referenced In Project/Scope: Gemma Web:runtime log4j-slf4j-impl-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!
License:
The MIT License: https://projectlombok.org/LICENSE
File Path: /home/jenkins/.m2/repository/org/projectlombok/lombok/1.18.32/lombok-1.18.32.jar MD5: 56e9be7b9a26802ac0c784ad824f3a29 SHA1: 17d46b3e205515e1e8efd3ee4d57ce8018914163 SHA256:97574674e2a25f567a313736ace00df8787d443de316407d57fc877d9f19a65d Referenced In Project/Scope: Gemma Web:compile lombok-1.18.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-analyzers/3.6.2/lucene-analyzers-3.6.2.jar MD5: 13f8241b6991bd1349c05369a7c0f002 SHA1: 3a083510dcb0d0fc67f8456cdac6f48aa0da2993 SHA256:82f9f78ff2143f1895ac04500aa47fdac3c52632a08522dde7dbb0f0c082801f Referenced In Project/Scope: Gemma Web:compile lucene-analyzers-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-core/3.6.2/lucene-core-3.6.2.jar MD5: ee396d04f5a35557b424025f5382c815 SHA1: 9ec77e2507f9cc01756964c71d91efd8154a8c47 SHA256:cef4436bae85c31417443284f736e321511cd1615268103378a9bf00b1df036d Referenced In Project/Scope: Gemma Web:compile lucene-core-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-facet/3.6.2/lucene-facet-3.6.2.jar MD5: c14d30cca1f61cfcc16678db730516f1 SHA1: 72ae9f9115c4beb5f3e32b71966723a10cf4c083 SHA256:62ad5faecbf0f2da93ce495395d432e02e7715accaa0c074c94ec760e9de60fa Referenced In Project/Scope: Gemma Web:compile lucene-facet-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-grouping/3.6.2/lucene-grouping-3.6.2.jar MD5: 14598baf52660d5a1f282791ce09cc70 SHA1: 77c16722fc1ab2a42634dde6478ed2662c0a061a SHA256:b1ac49babb6d325105b6646807d9abec97f3007a9bff581870e8f2b882d6dc10 Referenced In Project/Scope: Gemma Web:compile lucene-grouping-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-highlighter/3.6.2/lucene-highlighter-3.6.2.jar MD5: f75c4869b55c060e2a313f6416ee68cf SHA1: a90682c6bc0b9e105bd260c9a041fefea9579e46 SHA256:377b2ddcb7c902daf5dd3d22a1ff5b8da4ad6f7fd6c5e5da4731d17a8d935534 Referenced In Project/Scope: Gemma Web:compile lucene-highlighter-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-kuromoji/3.6.2/lucene-kuromoji-3.6.2.jar MD5: d8d1afc4ab28eee2f775e01b39808e78 SHA1: f117e4b867987406b26069bb0fbd889ace21badd SHA256:63f249909f29cf7b796a47a3816a72b30b2062ee37d2ce97942dfbc96e409bda Referenced In Project/Scope: Gemma Web:compile lucene-kuromoji-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
High-performance single-document index to compare against Query
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-memory/3.6.2/lucene-memory-3.6.2.jar MD5: 765143db9e68cf91ac1c2070a2db6769 SHA1: 11846819b2f661b229d6ce861bc857774c0c4cdb SHA256:d99058d68f4853457f47957a84b7a41078c3afd5a377735d82eaf4fc99f23415 Referenced In Project/Scope: Gemma Web:compile lucene-memory-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-misc/3.6.2/lucene-misc-3.6.2.jar MD5: eecbfe3cf5b047a9dab6933ee44f24d9 SHA1: 2e64f8dc9cc1df63f98426aa46aae0f5fe8cee13 SHA256:4f957c6489be9337178167c874074742e39e3b8ea10d8b83de79704415db1642 Referenced In Project/Scope: Gemma Web:compile lucene-misc-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-phonetic/3.6.2/lucene-phonetic-3.6.2.jar MD5: 9bca3c6ca60efa9cbeb097c9fc3f6d30 SHA1: 89268de870916789e041e676a2888c8a7d6e0ea2 SHA256:cc987497e66ba8c12970c080671247f029dadeb2d9ab7dae10363a6bb5430845 Referenced In Project/Scope: Gemma Web:compile lucene-phonetic-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-smartcn/3.6.2/lucene-smartcn-3.6.2.jar MD5: 3935444a27b519b8e11b411f81b53446 SHA1: e86dfea83d8fa5062145025c1f06ca27f9a49cab SHA256:e4f24de68ac692c11fa6c906653599f0c50445f65b8af84d44d27afeeb909735 Referenced In Project/Scope: Gemma Web:compile lucene-smartcn-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-spatial/3.6.2/lucene-spatial-3.6.2.jar MD5: 85f76ee4b163cc6d13b36e225add5603 SHA1: 52e29032cfadec88dfe604257106ac038260b53b SHA256:53139893aec0b576f3816592dda7051595759b1848e776d93e5b6efdd8c6f14e Referenced In Project/Scope: Gemma Web:compile lucene-spatial-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-spellchecker/3.6.2/lucene-spellchecker-3.6.2.jar MD5: a4b684913f93aea76f5dbd7e479f19c5 SHA1: 15db0c0cfee44e275f15ad046e46b9a05910ad24 SHA256:307bb7da7f19b30326ea0163d470597854964796cbfef56b8fc7f9b3241dc609 Referenced In Project/Scope: Gemma Web:compile lucene-spellchecker-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/lucene/lucene-stempel/3.6.2/lucene-stempel-3.6.2.jar MD5: 0c87d87198b314ff4afdb8a63c1a702e SHA1: a0b8b2e20fd04724fbbd6a67037f5a1a98feed72 SHA256:0b9dd990e3515e3f253eae4a6e614bf9c980c2e04211f6529a34b6c6d95b1dc8 Referenced In Project/Scope: Gemma Web:compile lucene-stempel-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/manageGroups.js MD5: c6824f670be28d880b178f8083994112 SHA1: f646fddf0f71df098e651541c2527995198b2cba SHA256:670d4c343a6780091589edf867b1f82262b7434f00b1afcebbd203501b17766a Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
metrics-core-4.2.25.jar
Description:
Metrics is a Java library which gives you unparalleled insight into what your code does in
production. Metrics provides a powerful toolkit of ways to measure the behavior of critical
components in your production environment.
File Path: /home/jenkins/.m2/repository/io/dropwizard/metrics/metrics-core/4.2.25/metrics-core-4.2.25.jar MD5: f9476a4f1a8287f7a4a2af759c33e44a SHA1: 76162cb1f7a6f902da4f80e5bcf472078e8cd7e1 SHA256:8bc7de609a2816b78a7a5009bddf11be560ba527d44db74a0a31a6f44fdb5b5f Referenced In Project/Scope: Gemma Web:compile metrics-core-4.2.25.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0
File Path: /home/jenkins/.m2/repository/io/dropwizard/metrics/metrics-jmx/4.2.25/metrics-jmx-4.2.25.jar MD5: b8ec52ac806adc0f8dcd3cbc855b9f42 SHA1: 8d57d9f33530fef4ed3489dc8d1351deb18d1f15 SHA256:6b6956f8eecc18b3712e266fccde58bc0844169e79214cea9d0f6dcc822ec714 Referenced In Project/Scope: Gemma Web:compile metrics-jmx-4.2.25.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.micrometer/micrometer-registry-jmx@1.13.0
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/io/micrometer/micrometer-commons/1.13.0/micrometer-commons-1.13.0.jar MD5: 92e95856a39f7b1319d1cb9131f1bfc5 SHA1: 156a59aff8d72c5e631eb4a2d739373ed5881609 SHA256:039aef255b5092561fdf649367fd0ff9af8da00aadb25f0c60cf30ebad8dceb8 Referenced In Project/Scope: Gemma Web:compile micrometer-commons-1.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.micrometer/micrometer-core@1.13.0
Core module of Micrometer containing instrumentation API and implementation
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/io/micrometer/micrometer-core/1.13.0/micrometer-core-1.13.0.jar MD5: cc5834ef064a952d17392cbc0216d8c8 SHA1: d7ed656fbc54fde5a03d978fc0d66f270cc4a997 SHA256:1ced414878f151d08617b47732fa67a5d06b47b63903e2722f40e2294e883643 Referenced In Project/Scope: Gemma Web:compile micrometer-core-1.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/io/micrometer/micrometer-observation/1.13.0/micrometer-observation-1.13.0.jar MD5: 9a5c0482f47a2fb1b1f9812ae2e251d4 SHA1: 5aa75fbb4367dc3b28e557d14535d21335dc8985 SHA256:33e7c9de55ef34ae502a2ad6c4c9786563b6d44eca2cbd2b832911594b378858 Referenced In Project/Scope: Gemma Web:compile micrometer-observation-1.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.micrometer/micrometer-core@1.13.0
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/io/micrometer/micrometer-registry-jmx/1.13.0/micrometer-registry-jmx-1.13.0.jar MD5: ee24c9ffae39c0984582c5e68edba3ae SHA1: 61e1dfeafa02d4b057d8bdfd48092d44a9835f2c SHA256:521334321adb38bf27e2f818b7d02d34b6737930b186e186594873bf2c346299 Referenced In Project/Scope: Gemma Web:compile micrometer-registry-jmx-1.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/monitoring.js MD5: af5bcb015f11c02eb4742f63189a6f9c SHA1: 622a96320ac642e842cbeeddfbcdffb0432a639f SHA256:d049db88db5ac929a734a2dc4a9fba00f134013cd2222fe834409136691fb057 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
mtj-1.0.4.jar
Description:
A comprehensive collection of matrix data structures, linear solvers, least squares methods,
eigenvalue, and singular value decompositions.
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl.html
File Path: /home/jenkins/.m2/repository/com/googlecode/matrix-toolkits-java/mtj/1.0.4/mtj-1.0.4.jar MD5: 846c7a7311d492c6102afd23647f46cc SHA1: e14ed840ff5e15de92dba2d1af29201fa70a0f35 SHA256:27a53db335bc6af524b30f97ec3fb4b6df65e7648d70e752447c7dd9bc4697c8 Referenced In Project/Scope: Gemma Web:compile mtj-1.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
The GNU General Public License, v2 with Universal FOSS Exception, v1.0
File Path: /home/jenkins/.m2/repository/com/mysql/mysql-connector-j/8.4.0/mysql-connector-j-8.4.0.jar MD5: 2607d710106276083d26e6a1505948d7 SHA1: b1bc0f47bcad26ad5f9bceefb63fcb920d868fca SHA256:d77962877d010777cff997015da90ee689f0f4bb76848340e1488f2b83332af5 Referenced In Project/Scope: Gemma Web:compile mysql-connector-j-8.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
mysql-connector-j
High
Vendor
hint analyzer
vendor
oracle
Highest
Vendor
hint analyzer (hint)
vendor
sun
Highest
Vendor
jar
package name
cj
Highest
Vendor
jar
package name
driver
Highest
Vendor
jar
package name
jdbc
Highest
Vendor
jar
package name
mysql
Highest
Vendor
jar
package name
type
Highest
Vendor
Manifest
bundle-symbolicname
com.mysql.cj
Medium
Vendor
Manifest
Implementation-Vendor
Oracle
High
Vendor
Manifest
Implementation-Vendor-Id
com.mysql
Medium
Vendor
Manifest
specification-vendor
Oracle Corporation
Low
Vendor
Manifest (hint)
Implementation-Vendor
sun
High
Vendor
pom
artifactid
mysql-connector-j
Highest
Vendor
pom
artifactid
mysql-connector-j
Low
Vendor
pom
developer email
filipe.silva@oracle.com
Low
Vendor
pom
developer name
Filipe Silva
Medium
Vendor
pom
developer org
Oracle Corporation
Medium
Vendor
pom
developer org URL
https://www.oracle.com/
Medium
Vendor
pom
groupid
com.mysql
Highest
Vendor
pom
name
MySQL Connector/J
High
Vendor
pom
organization name
Oracle Corporation
High
Vendor
pom
organization url
https://www.oracle.com/
Medium
Vendor
pom
url
http://dev.mysql.com/doc/connector-j/en/
Highest
Product
file
name
mysql-connector-j
High
Product
hint analyzer
product
mysql_connector/j
Highest
Product
hint analyzer
product
mysql_connector_j
Highest
Product
hint analyzer
product
mysql_connectors
Highest
Product
jar
package name
cj
Highest
Product
jar
package name
driver
Highest
Product
jar
package name
jdbc
Highest
Product
jar
package name
mysql
Highest
Product
jar
package name
type
Highest
Product
jar
package name
xdevapi
Highest
Product
Manifest
Bundle-Name
Oracle Corporation's JDBC and XDevAPI Driver for MySQL
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/native_ref-java/1.1/native_ref-java-1.1.jar MD5: 1aac8a554c0a9b36340e8eba1c8a8ba9 SHA1: 408c71ffbc3646dda7bee1e22bf19101e5e9ee90 SHA256:120ca95d3a7b4646f44c3bcebdf7a149ec4f8cccf731a13bd84da103b836e236 Referenced In Project/Scope: Gemma Web:compile native_ref-java-1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/native_system-java/1.1/native_system-java-1.1.jar MD5: 7244aab504c9fdce6c320498459b9432 SHA1: 3c6a2455f96b354a6940dce1393abb35ed7641da SHA256:2414fc6e29b73ba40e0df21ab9618e4f5dc5ac66aab32bd81ee213a68796155d Referenced In Project/Scope: Gemma Web:compile native_system-java-1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-linux-armhf/1.1/netlib-native_ref-linux-armhf-1.1-natives.jar MD5: e2ff3e665c6eea38eb975e2ecf1abaa7 SHA1: ec467162f74710fd8897cff6888534ceaf297d9a SHA256:1d9ff5c35a542f598bd8d01c12d838ac4f457beae528f0b1930f21c0bff3eaae Referenced In Project/Scope: Gemma Web:compile netlib-native_ref-linux-armhf-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-linux-i686/1.1/netlib-native_ref-linux-i686-1.1-natives.jar MD5: 101fb0618fbf80d1392d9e6bf2eaa8e1 SHA1: eedd845b214aea560bce317d778ebb52f8f46038 SHA256:bf1dcc3b32a32bde8bd897b8c7da21cbd75b9febb89321a11b4f9a254aeb92ec Referenced In Project/Scope: Gemma Web:compile netlib-native_ref-linux-i686-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-linux-x86_64/1.1/netlib-native_ref-linux-x86_64-1.1-natives.jar MD5: 950476b98b61793f045aab84f471fb96 SHA1: 05a3e5787d03c39790d5ae08cce189dd1ccc4a38 SHA256:f9034b22e89352ea1ba0c1edfb7529057c6b6acd651babb58839af19897e8ac0 Referenced In Project/Scope: Gemma Web:compile netlib-native_ref-linux-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-osx-x86_64/1.1/netlib-native_ref-osx-x86_64-1.1-natives.jar MD5: 38b6cb1ce53e3793c48e1d99848d1600 SHA1: 80da53ec862f283dc3b191b9dbd3166ea6671831 SHA256:fbe45f80be86fb809eb159b75ba45433cbba2b5fb6814758d1f15823b2b17438 Referenced In Project/Scope: Gemma Web:compile netlib-native_ref-osx-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-win-i686/1.1/netlib-native_ref-win-i686-1.1-natives.jar MD5: 5f94993d3cffa7a46fb3ac1f5c28afd8 SHA1: 167fb794a26cb0bfc74890c704c7137b1d5b50fd SHA256:0dcdc8348430365f7d912dcffb13d4c133810fbc3f3334123edb7c7f88990c5f Referenced In Project/Scope: Gemma Web:compile netlib-native_ref-win-i686-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_ref-win-x86_64/1.1/netlib-native_ref-win-x86_64-1.1-natives.jar MD5: d310ba2205a98b5d3219dbe1a66a0301 SHA1: 4ab54511c2844546279d9f8e427c73953b794686 SHA256:322a4d1a9cdfa284b1025b3d85c9ece18605be2caf795abfbaa366eb403fbf32 Referenced In Project/Scope: Gemma Web:compile netlib-native_ref-win-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-linux-armhf/1.1/netlib-native_system-linux-armhf-1.1-natives.jar MD5: 09def97e97d35ff4be5692b3d33d4bfc SHA1: 27ae9f6a9c88b3f8d12ffa52d62941615f8ed416 SHA256:aab65e3a3f3f664496dc512bea38d5ece0723799770f2aa608a4f1410342cb96 Referenced In Project/Scope: Gemma Web:compile netlib-native_system-linux-armhf-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-linux-i686/1.1/netlib-native_system-linux-i686-1.1-natives.jar MD5: 93769919423f7fd54ee2347784d2c9d3 SHA1: dd43225560dbd9115d306f9be3ca195aed236b78 SHA256:ecfd3c4e442411be9bc9aa74ea1b28b0fdf201dda00fe4559c68cde6e311520f Referenced In Project/Scope: Gemma Web:compile netlib-native_system-linux-i686-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-linux-x86_64/1.1/netlib-native_system-linux-x86_64-1.1-natives.jar MD5: 39de4e1383f61881098e2e66cbb2b475 SHA1: 163e88facabe7fa29952890dc2d3429e28501120 SHA256:9a929390c8c4845a2bff01e7bc0d8381fcc89ebc147c037f877f02b19806d013 Referenced In Project/Scope: Gemma Web:compile netlib-native_system-linux-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-osx-x86_64/1.1/netlib-native_system-osx-x86_64-1.1-natives.jar MD5: ab50d62f2ffd44c4623d915ae11e0f37 SHA1: d724e33675dc8eaa5c8fcb05a3aaca6f3339afa7 SHA256:07230441e6d7985e30e13b4c6844c6388324a971e1d3c5d46880a213b37a4dd1 Referenced In Project/Scope: Gemma Web:compile netlib-native_system-osx-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-win-i686/1.1/netlib-native_system-win-i686-1.1-natives.jar MD5: c83df62ee7516fb876c499921d2da434 SHA1: c25fd1881cf93f7716f47b7deec859f6b6b7be50 SHA256:65b4900fd4fdc6715d3d48cfac2a7809cab5ed626f20e212a747f579bb60a40a Referenced In Project/Scope: Gemma Web:compile netlib-native_system-win-i686-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/com/github/fommil/netlib/netlib-native_system-win-x86_64/1.1/netlib-native_system-win-x86_64-1.1-natives.jar MD5: 2de500c3ad6bde324f59977f67dc33cc SHA1: 222c7915be1daf1c26a4206f375d4957ae5f9d81 SHA256:d855c2fc7d70ffddaac504b556c6cc7c33288d85c173386e47921f44bbb34202 Referenced In Project/Scope: Gemma Web:compile netlib-native_system-win-x86_64-1.1-natives.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
Square’s meticulous HTTP client for Java and Kotlin.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/squareup/okhttp3/okhttp/4.12.0/okhttp-4.12.0.jar MD5: 6acba053af88fed87e710c6c29911d7c SHA1: 2f4525d4a200e97e1b87449c2cd9bd2e25b7e8cd SHA256:b1050081b14bb7a3a7e55a4d3ef01b5dcfabc453b4573a4fc019767191d5f4e0 Referenced In Project/Scope: Gemma Web:compile okhttp-4.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2
A modern I/O library for Android, Java, and Kotlin Multiplatform.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/squareup/okio/okio/3.6.0/okio-3.6.0.jar MD5: 990f7b25bbd4fee8787ffabf89aa229f SHA1: 8bf9683c80762d7dd47db12b68e99abea2a7ae05 SHA256:8e63292e5c53bb93c4a6b0c213e79f15990fed250c1340f1c343880e1c9c39b5 Referenced In Project/Scope: Gemma Web:compile okio-3.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.slack.api/slack-api-client@1.39.2
File Path: /home/jenkins/.m2/repository/com/opencsv/opencsv/5.9/opencsv-5.9.jar MD5: 8cee3b4e9ebeba7bd2834831a969d97c SHA1: 284ea0b60a24b71a530100783185e7d547ab5339 SHA256:2023969b86ce968ad8ae549648ac587d141c19ae684a9a5c67c9105f37ab0d1c Referenced In Project/Scope: Gemma Web:compile opencsv-5.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/obo/org.geneontology/1.002/org.geneontology-1.002.jar MD5: fd0489a45e4d8c8ea83b2ec5ba86a59c SHA1: 831ea4bc937235c49cb1b7fac5d612041aff29f3 SHA256:5d50f3b29d7b023e0716c06d5a6c48a754f80306856b407596a6823cbd066bae Referenced In Project/Scope: Gemma Web:compile org.geneontology-1.002.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/osgi-resource-locator/1.0.1/osgi-resource-locator-1.0.1.jar MD5: 51e70ad8fc9d1e9fb19debeb55555b75 SHA1: 4ed2b2d4738aed5786cfa64cba5a332779c4c708 SHA256:775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843 Referenced In Project/Scope: Gemma Web:compile osgi-resource-locator-1.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
osgi-resource-locator
High
Vendor
jar
package name
glassfish
Highest
Vendor
jar
package name
hk2
Highest
Vendor
Manifest
bundle-activationpolicy
lazy
Low
Vendor
Manifest
bundle-docurl
https://glassfish.dev.java.net
Low
Vendor
Manifest
bundle-symbolicname
org.glassfish.hk2.osgi-resource-locator
Medium
Vendor
pom
artifactid
osgi-resource-locator
Highest
Vendor
pom
artifactid
osgi-resource-locator
Low
Vendor
pom
developer id
ss141213
Medium
Vendor
pom
developer name
Sahoo
Medium
Vendor
pom
developer org
Sun Microsystems, Inc.
Medium
Vendor
pom
groupid
org.glassfish.hk2
Highest
Vendor
pom
name
OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers.
High
Vendor
pom
parent-artifactid
pom
Low
Vendor
pom
parent-groupid
org.glassfish
Medium
Product
file
name
osgi-resource-locator
High
Product
jar
package name
glassfish
Highest
Product
jar
package name
hk2
Highest
Product
Manifest
bundle-activationpolicy
lazy
Low
Product
Manifest
bundle-docurl
https://glassfish.dev.java.net
Low
Product
Manifest
Bundle-Name
OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers.
Medium
Product
Manifest
bundle-symbolicname
org.glassfish.hk2.osgi-resource-locator
Medium
Product
pom
artifactid
osgi-resource-locator
Highest
Product
pom
developer id
ss141213
Low
Product
pom
developer name
Sahoo
Low
Product
pom
developer org
Sun Microsystems, Inc.
Low
Product
pom
groupid
org.glassfish.hk2
Highest
Product
pom
name
OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers.
Apache POI - Java API To Access Microsoft Format Files
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/poi/poi/5.2.5/poi-5.2.5.jar MD5: c7725f44e62223d1f37e7a4883f01425 SHA1: 7e00f6b2f76375fe89022d5a7db8acb71cbd55f5 SHA256:352e1b44a5777af2df3d7dc408cda9f75f932d0e0125fa1a7d336a13c0a663a7 Referenced In Project/Scope: Gemma Web:compile poi-5.2.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/baseCode/baseCode@1.1.23
File Path: /home/jenkins/.m2/repository/com/google/protobuf/protobuf-java/3.25.1/protobuf-java-3.25.1.jar MD5: 7dc81d3c2187ce5627d134a37df88cc0 SHA1: 2933a5c3f022456d8842323fe0d7fb2d25a7e3c7 SHA256:48a8e58a1a8f82eff141a7a388d38dfe77d7a48d5e57c9066ee37f19147e20df Referenced In Project/Scope: Gemma Web:compile protobuf-java-3.25.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.mysql/mysql-connector-j@8.4.0
File Path: /home/jenkins/.m2/repository/org/quartz-scheduler/quartz/1.8.6/quartz-1.8.6.jar MD5: fff6d47071fce5e1b36cc943aa118b65 SHA1: 552019e55385a5fdbc6b594fabc4c03ea45a99bc SHA256:056dadf9988fdf0f4493673d41d2b1a2b12ed056aa645d94e602a87face57d78 Referenced In Project/Scope: Gemma Web:compile quartz-1.8.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
CWE-94 Improper Control of Generation of Code ('Code Injection')
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/resetPassword.js MD5: 9226b310eb03c000866fcf7b6e810eea SHA1: 48985b0713fdbceab111676303490dbf6c957efb SHA256:c16bc39c5a9c511e795565c1ff02d06f91bcedfa74eb64ae113c7b282715cbcd Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
rome-1.0.jar
Description:
All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it
easy to work in Java with most syndication formats. Today it accepts all flavors of RSS
(0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes
a set of parsers and generators for the various flavors of feeds, as well as converters
to convert from one format to another. The parsers can give you back Java objects that
are either specific for the format you want to work with, or a generic normalized
SyndFeed object that lets you work on with the data without bothering about the
underlying format.
File Path: /home/jenkins/.m2/repository/rome/rome/1.0/rome-1.0.jar MD5: 53d38c030287b939f4e6d745ba1269a7 SHA1: 022b33347f315833e9348cec2751af1a5d5656e4 SHA256:cd2cfd3b4e2af9eb8fb09d6a2384328e5b9cf1138bccaf7e31f971e5f7678c6c Referenced In Project/Scope: Gemma Web:compile rome-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/rome/rome-fetcher/1.0/rome-fetcher-1.0.jar MD5: 8b38fab84e677d4121ca0ed8e12e50b1 SHA1: 6044bcd5d6f793fa3a38843e774e58c0737a7125 SHA256:b860e75b4596b756b7cfb351182eeba9544d8251bf8c3551b7abafbbfd23387f Referenced In Project/Scope: Gemma Web:compile rome-fetcher-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/com/sun/xml/messaging/saaj/saaj-impl/1.5.3/saaj-impl-1.5.3.jar MD5: 9c3bd20b7350f99f18f8c38fbed90199 SHA1: 1cd4aa51ea7a8987fe930083e3cd05e2ac72505b SHA256:21d451aa7dbe1254388ecc4e5ea71aabbc519c7d7344c9d93e9f79954f38b32b Referenced In Project/Scope: Gemma Web:runtime saaj-impl-1.5.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/search/search.js MD5: 7d8ca881e1ad4541cfc5f370896f6b8c SHA1: c75b6177ca5954591e14d7caa8a811f9cfe0ed11 SHA256:f2d8e39b443bdc1f15a109f50cd90010b342b6cba34c31cae4ca62acd6d867b0 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
signup.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/signup.js MD5: 2cfff14b81eec24de4dc0830c17c13c0 SHA1: db61e86b34523392824834d9d3590229674931a7 SHA256:078d4fb1d1811fd8c4d136158464bee1e7be0d85c5ed4a858ca7c02afa84621c Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
sitemesh-2.5.0.jar
Description:
SiteMesh is a web-page layout and decoration framework and web- application integration framework to aid in creating large sites consisting of many pages for which a consistent look/feel, navigation and layout scheme is required.
License:
The Apache Software License, Version 1.1: https://raw.githubusercontent.com/sitemesh/sitemesh2/master/LICENSE.txt
File Path: /home/jenkins/.m2/repository/opensymphony/sitemesh/2.5.0/sitemesh-2.5.0.jar MD5: b5440899b65cf71abec65951d0390910 SHA1: 3a68a575d04e46c0aebab8f8348a0584a3c341c2 SHA256:2ff69371a6af9016965dd78d19dc63286c512c53ec76aa7d53e1250e3f349c84 Referenced In Project/Scope: Gemma Web:runtime sitemesh-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/com/slack/api/slack-api-client/1.39.2/slack-api-client-1.39.2.jar MD5: 2110ed1a270873a0303b366205ddc3c4 SHA1: 1fef9798893464bc1fc8ce2767d7af808a598b27 SHA256:bdbcd8f06737232078ab83cf6bb2b90f270fb3650b228ee2753c35089ccb43d9 Referenced In Project/Scope: Gemma Web:compile slack-api-client-1.39.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/com/slack/api/slack-api-model/1.39.2/slack-api-model-1.39.2.jar MD5: e8f65040a716d1ae942c00cbf1965790 SHA1: 52d66fb21b762c1d52c7a18cc9314638aaadf33b SHA256:714c13445c855d67ef5676272ce62e4ccd82630015887413253c60dc9d65315e Referenced In Project/Scope: Gemma Web:compile slack-api-model-1.39.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar MD5: 872da51f5de7f3923da4de871d57fd85 SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14 SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0 Referenced In Project/Scope: Gemma Web:compile slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.quartz-scheduler/quartz@1.8.6
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/yaml/snakeyaml/2.2/snakeyaml-2.2.jar MD5: d78aacf5f2de5b52f1a327470efd1ad7 SHA1: 3af797a25458550a16bf89acc8e4ab2b7f2bfce0 SHA256:1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b Referenced In Project/Scope: Gemma Web:compile snakeyaml-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/solr/solr-core/3.6.2/solr-core-3.6.2.jar MD5: 5c1ed4b8c48a422451f4566bc1a60d3a SHA1: 6a7fd7092ba403e9002dd935bbf6a42141a80c8c SHA256:4369b38e5f600c81653f221776d7087aa7428084795d5fe7bf9896fd3ac83377 Referenced In Project/Scope: Gemma Web:compile solr-core-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.
An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-20 Improper Input Validation, CWE-40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
CWE-611 Improper Restriction of XML External Entity Reference
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it���s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Description: The optional Apache Solr module DataImportHandler contains a code injection vulnerability.
Required Action: Apply updates per vendor instructions.
Due Date: 2022-06-10
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
CWE-94 Improper Control of Generation of Code ('Code Injection')
The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability.
CWE-611 Improper Restriction of XML External Entity Reference
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
File Path: /home/jenkins/.m2/repository/org/apache/solr/solr-solrj/3.6.2/solr-solrj-3.6.2.jar MD5: 34df7ce752a336588fc80f4f67926e46 SHA1: 7f7e4dc77f72b86eb198fb9199f8e1eebf800ba8 SHA256:135f76fb0c12ef41fad818b7a4be6595400e1481258c460e809079bc2393819b Referenced In Project/Scope: Gemma Web:compile solr-solrj-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.
An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-20 Improper Input Validation, CWE-40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
CWE-611 Improper Restriction of XML External Entity Reference
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it���s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Description: The optional Apache Solr module DataImportHandler contains a code injection vulnerability.
Required Action: Apply updates per vendor instructions.
Due Date: 2022-06-10
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
CWE-94 Improper Control of Generation of Code ('Code Injection')
The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
File Path: /home/jenkins/.m2/repository/org/glassfish/hk2/spring-bridge/2.5.0-b32/spring-bridge-2.5.0-b32.jar MD5: 6ae9e7388f599d06bb76539c4a5e2755 SHA1: f38ecef23edc769942a95c062efd63541044de42 SHA256:44f5a5f44d1b52e8cd252ee160b900b079d4ec273cfaffb329e8a986a65d3b70 Referenced In Project/Scope: Gemma Web:compile spring-bridge-2.5.0-b32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/springframework/spring-core/3.2.18.RELEASE/spring-core-3.2.18.RELEASE.jar MD5: 635537b54653d8155b107630ae41599e SHA1: 0e2bd9c162280cd79c2ea0f67f174ee5d7b84ddd SHA256:5c7ab868509a6b1214ebe557bfcf489cfac6e1ae4c4a39181b0fe66621fbe32e Referenced In Project/Scope: Gemma Web:compile spring-core-3.2.18.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CWE-358 Improperly Implemented Security Check for Standard, CWE-94 Improper Control of Generation of Code ('Code Injection')
Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
Date Added: 2022-04-04
Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
Required Action: Apply updates per vendor instructions.
Due Date: 2022-04-25
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CWE-94 Improper Control of Generation of Code ('Code Injection')
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
CWE-264 Permissions, Privileges, and Access Controls
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
CWE-829 Inclusion of Functionality from Untrusted Control Sphere
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CWE-770 Allocation of Resources Without Limits or Throttling
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CWE-770 Allocation of Resources Without Limits or Throttling
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/springframework/spring-expression/3.2.18.RELEASE/spring-expression-3.2.18.RELEASE.jar MD5: 7e5fbe8696a4e71dc310c1ff9f8286e1 SHA1: 070c1fb9f2111601193e01a8d0c3ccbca1bf3706 SHA256:cde7eda6cc2270ab726f963aeb546c3f4db76746c661c247fbfb5d2a4d2f4411 Referenced In Project/Scope: Gemma Web:runtime spring-expression-3.2.18.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CWE-358 Improperly Implemented Security Check for Standard, CWE-94 Improper Control of Generation of Code ('Code Injection')
Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
Date Added: 2022-04-04
Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
Required Action: Apply updates per vendor instructions.
Due Date: 2022-04-25
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CWE-94 Improper Control of Generation of Code ('Code Injection')
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
CWE-264 Permissions, Privileges, and Access Controls
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
CWE-829 Inclusion of Functionality from Untrusted Control Sphere
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CWE-770 Allocation of Resources Without Limits or Throttling
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CWE-770 Allocation of Resources Without Limits or Throttling
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/springframework/spring-oxm/3.2.4.RELEASE/spring-oxm-3.2.4.RELEASE.jar MD5: 2abb980787ce24a67a9496172cef65cf SHA1: 1de9e0537d7ea233668540577e72d86ff6df6d8b SHA256:fc259b1b0946c862527c5714dca66f6e884ce8249b35d146bed0fa66d553b1e8 Referenced In Project/Scope: Gemma Web:compile spring-oxm-3.2.4.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ws/spring-ws-core@2.1.4.RELEASE
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CWE-358 Improperly Implemented Security Check for Standard, CWE-94 Improper Control of Generation of Code ('Code Injection')
Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
Date Added: 2022-04-04
Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
Required Action: Apply updates per vendor instructions.
Due Date: 2022-04-25
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CWE-94 Improper Control of Generation of Code ('Code Injection')
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.
CWE-552 Files or Directories Accessible to External Parties
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
CWE-611 Improper Restriction of XML External Entity Reference
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
CWE-264 Permissions, Privileges, and Access Controls
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
CWE-829 Inclusion of Functionality from Untrusted Control Sphere
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-352 Cross-Site Request Forgery (CSRF)
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CWE-770 Allocation of Resources Without Limits or Throttling
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CWE-770 Allocation of Resources Without Limits or Throttling
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Spring Retry provides an abstraction around retrying failed operations, with an emphasis on declarative control of the process and policy-based bahaviour that is easy to extend and customize. For instance, you can configure a plain POJO operation to retry if it fails, based on the type of exception, and with a fixed or exponential backoff.
File Path: /home/jenkins/.m2/repository/org/springframework/retry/spring-retry/1.0.3.RELEASE/spring-retry-1.0.3.RELEASE.jar MD5: 5d5f5046b698320b27d4f86285928a34 SHA1: 33b967f6abaa0a496318bff2ce96e6da6285a54d SHA256:d8f2fd2339e794f4dd78e29d44b33f1f0b5fa687525abee8e7246f61d9cd9fca Referenced In Project/Scope: Gemma Web:compile spring-retry-1.0.3.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/springframework/security/spring-security-acl/3.2.10.RELEASE/spring-security-acl-3.2.10.RELEASE.jar MD5: f87a9ef5d7952bc6f8096b3223d67e19 SHA1: 0417714b1b6c7f11cb6c2a5ee4c3738d43353928 SHA256:7916014dbd3c61585d92aeb14e4c74584c60b7858bfb8e63b2af4560d1955315 Referenced In Project/Scope: Gemma Web:compile spring-security-acl-3.2.10.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
CWE-264 Permissions, Privileges, and Access Controls
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/springframework/security/spring-security-config/3.2.10.RELEASE/spring-security-config-3.2.10.RELEASE.jar MD5: 8c8534526c1ed31e3cdc65523e782e3c SHA1: c8c9c742067d5a4879bf8db289cb48b60262056a SHA256:f8849bb9e245423924ccdaee6693d497f1b4d2dd2069e7695d4fdd2b82a2f5b3 Referenced In Project/Scope: Gemma Web:runtime spring-security-config-3.2.10.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
CWE-264 Permissions, Privileges, and Access Controls
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-20862 for details
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/springframework/security/spring-security-core/3.2.10.RELEASE/spring-security-core-3.2.10.RELEASE.jar MD5: 86427a3f1e565f975b48cb8b9be4649d SHA1: e8018fab2ada266288d1db83cc4e452de1e2ed1c SHA256:10443ef19e3cbe2b82197983d7fa0dec5bebd40dc3ca2c0cf02864359cdc2c93 Referenced In Project/Scope: Gemma Web:compile spring-security-core-3.2.10.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to
5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8,
versions 6.2.x prior to 6.2.3, an application is possible vulnerable to
broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
CWE-264 Permissions, Privileges, and Access Controls
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2019-3795 for details
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/springframework/security/spring-security-web/3.2.10.RELEASE/spring-security-web-3.2.10.RELEASE.jar MD5: 22b94b4f676727805952091f92cd60f5 SHA1: b925996ca5a7310e3315705cd2b69a15214ee3e1 SHA256:84b59931956693916e744977cec02db88fcd17eb11f47081d46b7fdc5196b1dd Referenced In Project/Scope: Gemma Web:compile spring-security-web-3.2.10.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
CWE-264 Permissions, Privileges, and Access Controls
An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-20862 for details
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
Foundational module containing the ServiceProvider Connect Framework and Service API invocation support.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/springframework/social/spring-social-core/1.0.3.RELEASE/spring-social-core-1.0.3.RELEASE.jar MD5: 5e3390fe11574f09c63be485eea284c7 SHA1: 44e648f23b45162c698e255a16759832dfcfc004 SHA256:07729c0ba458698cd1047a017894c5084d79aaf5cf1ccafb75710ad6e0c230c1 Referenced In Project/Scope: Gemma Web:runtime spring-social-core-1.0.3.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
spring-social-core
High
Vendor
hint analyzer
vendor
pivotal software
Highest
Vendor
hint analyzer
vendor
SpringSource
Highest
Vendor
hint analyzer
vendor
vmware
Highest
Vendor
jar
package name
connect
Highest
Vendor
jar
package name
serviceprovider
Highest
Vendor
jar
package name
social
Highest
Vendor
jar
package name
springframework
Highest
Vendor
jar
package name
support
Highest
Vendor
pom
artifactid
spring-social-core
Highest
Vendor
pom
artifactid
spring-social-core
Low
Vendor
pom
developer email
cwalls@vmware.com
Low
Vendor
pom
developer id
cwalls
Medium
Vendor
pom
developer name
Craig Walls
Medium
Vendor
pom
groupid
org.springframework.social
Highest
Vendor
pom
name
Foundational module containing the ServiceProvider Connect Framework and Service API invocation support.
High
Vendor
pom
organization name
SpringSource
High
Vendor
pom
organization url
http://springsource.org/spring-social
Medium
Vendor
pom
url
SpringSource/spring-social
Highest
Product
file
name
spring-social-core
High
Product
jar
package name
connect
Highest
Product
jar
package name
serviceprovider
Highest
Product
jar
package name
social
Highest
Product
jar
package name
springframework
Highest
Product
jar
package name
support
Highest
Product
Manifest
Implementation-Title
spring-social-core
High
Product
pom
artifactid
spring-social-core
Highest
Product
pom
developer email
cwalls@vmware.com
Low
Product
pom
developer id
cwalls
Low
Product
pom
developer name
Craig Walls
Low
Product
pom
groupid
org.springframework.social
Highest
Product
pom
name
Foundational module containing the ServiceProvider Connect Framework and Service API invocation support.
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/springframework/spring-web/3.2.18.RELEASE/spring-web-3.2.18.RELEASE.jar MD5: c3435c31fea5f1e479b4bb5eba32133d SHA1: bc0bdade0a7a52b8fae88e1febc8479383a2acad SHA256:0aa220d3703eaf6eff670423978566a2af506fb9ea8bb728fa05bb16bdc74e9c Referenced In Project/Scope: Gemma Web:compile spring-web-3.2.18.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CWE-358 Improperly Implemented Security Check for Standard, CWE-94 Improper Control of Generation of Code ('Code Injection')
Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
Date Added: 2022-04-04
Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
Required Action: Apply updates per vendor instructions.
Due Date: 2022-04-25
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CWE-94 Improper Control of Generation of Code ('Code Injection')
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-22243 for details
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
CWE-264 Permissions, Privileges, and Access Controls
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
CWE-829 Inclusion of Functionality from Untrusted Control Sphere
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
CWE-264 Permissions, Privileges, and Access Controls
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CWE-770 Allocation of Resources Without Limits or Throttling
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CWE-770 Allocation of Resources Without Limits or Throttling
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/springframework/spring-webmvc/3.2.18.RELEASE/spring-webmvc-3.2.18.RELEASE.jar MD5: 2cb8a9569b95a76a0485d71c913c1819 SHA1: 60e5bb3dc9cb83d6cc53628082ec89a57d4832b2 SHA256:effcce98fd4e9fa95c9a53e49db801f1e2d011ee6dcbb7a7eb1a3ca3bcb2cfd5 Referenced In Project/Scope: Gemma Web:compile spring-webmvc-3.2.18.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CWE-358 Improperly Implemented Security Check for Standard, CWE-94 Improper Control of Generation of Code ('Code Injection')
Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
Date Added: 2022-04-04
Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
Required Action: Apply updates per vendor instructions.
Due Date: 2022-04-25
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CWE-94 Improper Control of Generation of Code ('Code Injection')
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
CWE-264 Permissions, Privileges, and Access Controls
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
CWE-829 Inclusion of Functionality from Untrusted Control Sphere
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CWE-770 Allocation of Resources Without Limits or Throttling
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CWE-770 Allocation of Resources Without Limits or Throttling
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
File Path: /home/jenkins/.m2/repository/org/springframework/ws/spring-ws-core/2.1.4.RELEASE/spring-ws-core-2.1.4.RELEASE.jar MD5: 3af5370615b2816ef898934d4d666039 SHA1: 136d082e0aa7f43edee019f0779a2555b1c72fd4 SHA256:8782c0b394ada40448ad5ace1914f4a88d3ebe79c92fa79bd3d816fd86222365 Referenced In Project/Scope: Gemma Web:compile spring-ws-core-2.1.4.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
CWE-611 Improper Restriction of XML External Entity Reference
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/lib/sprintf.js MD5: 0c3e73c7b1e5cca8a023069e95a425f7 SHA1: a6cbfbb143b37bc96018ba2f30c5cb9726365968 SHA256:43f65740b06335358f30a556015d0116778974813b8d9060f9a5b775e9a1f9ce Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
stax-api-1.0-2.jar
Description:
StAX is a standard XML processing API that allows you to stream XML data from and to your application.
License:
GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html
File Path: /home/jenkins/.m2/repository/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar MD5: 7d18b63063580284c3f5734081fdc99f SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b SHA256:e8c70ebd76f982c9582a82ef82cf6ce14a7d58a4a4dca5cb7b7fc988c80089b7 Referenced In Project/Scope: Gemma Web:compile stax-api-1.0-2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ws/spring-ws-core@2.1.4.RELEASE
Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/jenkins/.m2/repository/org/jvnet/staxex/stax-ex/1.8.3/stax-ex-1.8.3.jar MD5: f6d943e74064cc1e7986236699d6cd04 SHA1: 4d69b68ee007aa15238cd4477392068b32747df3 SHA256:bee08da10bbc481418a1af70b9e9a80321b745bfb4dbdebbe98c1aa17c45caf8 Referenced In Project/Scope: Gemma Web:runtime stax-ex-1.8.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.sun.xml.messaging.saaj/saaj-impl@1.5.3
File Path: /home/jenkins/.m2/repository/io/swagger/core/v3/swagger-core/2.2.22/swagger-core-2.2.22.jar MD5: 03ddcaa6a062b05e648920c5349325bb SHA1: bda27a7291d01e96eb4b33bab33ca44f323becaf SHA256:8a8753f2425304fa7001eb79064bbba5949a2ab3c096c48096c07a5acea95b9f Referenced In Project/Scope: Gemma Web:compile swagger-core-2.2.22.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /home/jenkins/.m2/repository/io/swagger/core/v3/swagger-jaxrs2-servlet-initializer-v2/2.2.22/swagger-jaxrs2-servlet-initializer-v2-2.2.22.jar MD5: 3d281b49e5133881a0dbc19caefd29e6 SHA1: 0aa29d99663edc8e6b370be19dbe1d1c99d6a081 SHA256:92883aab52b4631dcbbc0c43fe50de3f5e4ac65ef9ea7d1df50534c98070b125 Referenced In Project/Scope: Gemma Web:runtime swagger-jaxrs2-servlet-initializer-v2-2.2.22.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-rest/target/classes/restapidocs/swagger-ui-bundle.js MD5: 56af2cfa879107ba286dc4b47cd3aac7 SHA1: 4bce1f94eaf4e61f4ea48d884a0e8a3bcbe01166 SHA256:a973bd4c447fcc6cc1210dae81b7ec6001048fa59a0a24c231ff316728ff1255 Referenced In Project/Scope: Gemma Web:compile swagger-ui-bundle.js is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/org/apache/taglibs/taglibs-standard-impl/1.2.5/taglibs-standard-impl-1.2.5.jar MD5: 8e5c8db242fbef3db1acfcbb3bc8ec8b SHA1: 9b9783ccb2a323383e6e20e36d368f8997b71967 SHA256:d075cb77d94e2d115b4d90a897b57d65cc31ed8e1b95d65361da324642705728 Referenced In Project/Scope: Gemma Web:runtime taglibs-standard-impl-1.2.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /home/jenkins/.m2/repository/org/jvnet/tiger-types/1.4/tiger-types-1.4.jar MD5: 51f3d145cf8ff9ee5af99f58c1cc7930 SHA1: 09f75db7dea926f497e76eae2cea36eca74ea508 SHA256:0dd463a62f6417d7da60dad0613f2e14d598aa2fa93fe535de7142ae19cdfbe5 Referenced In Project/Scope: Gemma Web:compile tiger-types-1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/tomcat/tomcat-el-api/8.5.100/tomcat-el-api-8.5.100.jar MD5: 3772bab0c4b0f526a4899fce6ff1180b SHA1: 6b68b9ab1ba410470b3c736a5308bfe0ee1a343e SHA256:b0ad398943452ec46044a7f56f47e2804c20b4c77ab1ea2045b075058b2f91ed Referenced In Project/Scope: Gemma Web:provided tomcat-el-api-8.5.100.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-jsp-api@8.5.100
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/tomcat/tomcat-jsp-api/8.5.100/tomcat-jsp-api-8.5.100.jar MD5: 51aba47f8aa48dace992786794e25424 SHA1: 0a3faf3871fe08dbc21e4bd822e081d3e091d502 SHA256:2db4a0aef16c947cef0b07f55526d5d5fca78501ab0218e9473face754dbfd9f Referenced In Project/Scope: Gemma Web:provided tomcat-jsp-api-8.5.100.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
Apache License, Version 2.0 and
Common Development And Distribution License (CDDL) Version 1.0
:
http://www.apache.org/licenses/LICENSE-2.0.txt and
http://www.opensource.org/licenses/cddl1.txt
File Path: /home/jenkins/.m2/repository/org/apache/tomcat/tomcat-servlet-api/8.5.100/tomcat-servlet-api-8.5.100.jar MD5: 99277a4e6c494366b9727ede06a026fa SHA1: 22cd16d8a163746c340b6dda941a921781c87492 SHA256:e7b1f8ea8081d2ae1da52c082a993b840fdcda9774264565818a5cf27b9a4f08 Referenced In Project/Scope: Gemma Web:provided tomcat-servlet-api-8.5.100.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/api/userHelpMessages.js MD5: a40f8b83106fd753b79e3788bf6c9599 SHA1: 110b84c00cadb1f6f8e662c74cbe5030b7da92f6 SHA256:a0e97a60cca412a8e6302edb1353d12d3afce09fb8d57c16bc8e3a3c13a95a13 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
userManager.js
File Path: /space/jenkins/.jenkins/workspace/Gemma_master/gemma-web/src/main/webapp/scripts/app/userManager.js MD5: 19df7363d048b40fe6c4a2717aca001d SHA1: 3fcbd9f5765fb0e4d44b07c7d47137650a84ab85 SHA256:e68358d02fa480e739df86637fd43375d9df794607d922a90200fe1f60210ae9 Referenced In Project/Scope: Gemma Web
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
validation-api-1.1.0.Final.jar
Description:
Bean Validation API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar MD5: 4c257f52462860b62ab3cdab45f53082 SHA1: 8613ae82954779d518631e05daa73a6a954817d5 SHA256:f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed Referenced In Project/Scope: Gemma Web:compile validation-api-1.1.0.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-rest@1.31.6
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
File Path: /home/jenkins/.m2/repository/org/apache/velocity/velocity-engine-core/2.3/velocity-engine-core-2.3.jar MD5: e761e6088b946b42289c5d676a515581 SHA1: e2133b723d0e42be74880d34de6bf6538ea7f915 SHA256:b086cee8fd8183e240b4afcf54fe38ec33dd8eb0da414636e5bf7aa4d9856629 Referenced In Project/Scope: Gemma Web:compile velocity-engine-core-2.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-core@1.31.6
File Path: /home/jenkins/.m2/repository/wsdl4j/wsdl4j/1.6.1/wsdl4j-1.6.1.jar MD5: 333331aee2e0f65e846b9ef0e20432e5 SHA1: 9e9cee064ec2c9c01e0cd6b8bffd1a7013d81f65 SHA256:0d712ccfd0f0edbf9b0e6793c9562d8c2037bfd8878e9d46f476a68d6f83c11e Referenced In Project/Scope: Gemma Web:compile wsdl4j-1.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ws/spring-ws-core@2.1.4.RELEASE
File Path: /home/jenkins/.m2/repository/xalan/xalan/2.7.3/xalan-2.7.3.jar MD5: e384223db0825925765f2bf66839d26d SHA1: 5095bedf29e73756fb5729f2241fd5ffa33d87e0 SHA256:febd48bb133a96c447282213951a6b74ea7fb45c0d896121296c014316bda6b0 Referenced In Project/Scope: Gemma Web:runtime xalan-2.7.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
Xerces2 provides high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces continues to build upon the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.
The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.
Xerces2 provides fully conforming XML Schema 1.0 and 1.1 processors. An experimental implementation of the "XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010)" is also provided for evaluation. For more information, refer to the XML Schema page.
Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.
Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/xerces/xercesImpl/2.12.2/xercesImpl-2.12.2.jar MD5: 40e4f2d5aacfbf51a9a1572d77a0e5e9 SHA1: f051f988aa2c9b4d25d05f95742ab0cc3ed789e2 SHA256:6fc991829af1708d15aea50c66f0beadcd2cfeb6968e0b2f55c1b0909883fe16 Referenced In Project/Scope: Gemma Web:compile xercesImpl-2.12.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6
sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS)
The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.
xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
The SAX License: http://www.saxproject.org/copying.html
The W3C License: http://www.w3.org/TR/2004/REC-DOM-Level-3-Core-20040407/java-binding.zip
File Path: /home/jenkins/.m2/repository/xml-apis/xml-apis/1.4.01/xml-apis-1.4.01.jar MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3 SHA256:a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad Referenced In Project/Scope: Gemma Web:compile xml-apis-1.4.01.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/gemma/gemma-web@1.31.6