0% found this document useful (0 votes)

34 views110 pages

Dependency-Check Report-7-DIC-23

Dependency-Check is an open-source tool that analyzes third-party dependencies, but it may produce false positives and negatives, and users accept its use at their own risk without warranties. The latest scan reported 424 dependencies, with 69 identified as vulnerable and 91 vulnerabilities found in total. Users can access guidance on reading reports, suppressing false positives, and obtaining help through GitHub issues.

Uploaded by

Marco Ustarroz

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

34 views110 pages

Dependency-Check Report-7-DIC-23

Uploaded by

Marco Ustarroz

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 110

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false

negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS
condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in
connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor

Project: root project 'unified-authentication'

com.apple.ap.services.authentication:unified-authentication:1.2.8-SNAPSHOT

Scan Information (show all):

dependency-check version: 9.0.2
Report Generated On: Thu, 7 Dec 2023 00:34:52 GMT
Dependencies Scanned: 424 (422 unique)
Vulnerable Dependencies: 69
Vulnerabilities Found: 91
Vulnerabilities Suppressed: 10 (show)
...

Summary
Display: Showing Vulnerable Dependencies (click to show all)

Dependency Vulnerability IDs Package

aws-java-sdk-core-1.11.921.jar cpe:2.3:a:amazon:aws-sdk-java:1.11.921:::::::* pkg:maven/com.amazonaws/aws-java-sdk-

[email protected]

aws-java-sdk-kms-1.11.921.jar cpe:2.3:a:amazon:aws-sdk-java:1.11.921:::::::* pkg:maven/com.amazonaws/aws-java-sdk-

[email protected]

aws-java-sdk-s3-1.11.921.jar cpe:2.3:a:amazon:aws-sdk-java:1.11.921:::::::* pkg:maven/com.amazonaws/[email protected]

aws-java-sdk-sts-1.11.921.jar cpe:2.3:a:amazon:aws-sdk-java:1.11.921:::::::* pkg:maven/com.amazonaws/aws-java-sdk-

[email protected]

bcprov-jdk15on-1.68.jar cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.68:::::::* pkg:maven/org.bouncycastle/[email protected]

cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.68:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.68:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.68:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-
api:1.68:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.68:*:*:*:*:*:*:*

brave-instrumentation-mongodb-5.13.9.jar cpe:2.3:a:brave:brave:5.13.9:::::::* pkg:maven/io.zipkin.brave/brave-instrumentation-

cpe:2.3:a:mongodb:mongodb:5.13.9:*:*:*:*:*:*:* [email protected]

brave-opentracing-0.37.4.jar cpe:2.3:a:brave:brave:0.37.4:::::::* pkg:maven/io.opentracing.brave/brave-

[email protected]

commons-io-2.5.jar cpe:2.3:a:apache:commons_io:2.5:::::::* pkg:maven/commons-io/[email protected]

guava-25.1-jre.jar cpe:2.3:a:google:guava:25.1:::::::* pkg:maven/com.google.guava/[email protected]

jackson-databind-2.13.5.jar cpe:2.3:a:fasterxml:jackson-databind:2.13.5:::::::* pkg:maven/com.fasterxml.jackson.core/jackson-

[email protected]

javax.el-3.0.1-b12.jar pkg:maven/org.glassfish/[email protected]

jmespath-java-1.11.921.jar cpe:2.3:a:amazon:aws-sdk-java:1.11.921:::::::* pkg:maven/com.amazonaws/[email protected]

json-20220320.jar cpe:2.3:a:json-java_project:json-java:20220320:::::::* pkg:maven/org.json/json@20220320

massilia-client-shadowed-1.6.0.21.8- cpe:2.3:a:amazon:aws-sdk-java:1.11.615:::::::* pkg:maven/com.amazonaws/aws-java-sdk-

shadow.jar (shaded: com.amazonaws:aws- [email protected]
java-sdk-kms:1.11.615)

massilia-client-shadowed-1.6.0.21.8- cpe:2.3:a:amazon:aws-sdk-java:1.11.615:::::::* pkg:maven/com.amazonaws/[email protected]

shadow.jar (shaded:
com.amazonaws:jmespath-java:1.11.615)

massilia-client-shadowed-1.6.0.21.8- cpe:2.3:a:fasterxml:jackson-databind:2.14.1:::::::* pkg:maven/com.fasterxml.jackson.core/jackson-

shadow.jar (shaded: cpe:2.3:a:fasterxml:jackson-modules-java8:2.14.1:*:*:*:*:*:*:* [email protected]
com.fasterxml.jackson.core:jackson-
databind:2.14.1)

massilia-client-shadowed-1.6.0.21.8- cpe:2.3:a:google:protobuf-java:2.5.0:::::::* pkg:maven/com.google.protobuf/[email protected]

shadow.jar (shaded: cpe:2.3:a:protobuf:protobuf:2.5.0:*:*:*:*:*:*:*
com.google.protobuf:protobuf-java:2.5.0)

massilia-client-shadowed-1.6.0.21.8- cpe:2.3:a:apache:httpclient:4.4.1:::::::* pkg:maven/org.apache.httpcomponents/[email protected]

shadow.jar (shaded:
org.apache.httpcomponents:httpclient:4.4.1)

netty-all-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-buffer-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-dns-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-codec-haproxy-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-http-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-http2-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-memcache-4.1.94.Final.jar cpe:2.3:a:memcache_project:memcache:4.1.94:::::::* pkg:maven/io.netty/netty-codec-

cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* [email protected]

netty-codec-mqtt-4.1.94.Final.jar cpe:2.3:a:mqtt:mqtt:4.1.94:::::::* pkg:maven/io.netty/[email protected]

cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:*

netty-codec-redis-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-smtp-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-socks-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-stomp-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-xml-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-common-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-handler-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-handler-proxy-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-handler-ssl-ocsp-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-resolver-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-resolver-dns-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-resolver-dns-classes-macos- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-resolver-dns-classes-

4.1.94.Final.jar [email protected]

netty-resolver-dns-native-macos- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-resolver-dns-native-

4.1.94.Final-osx-aarch_64.jar [email protected]

netty-resolver-dns-native-macos- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-resolver-dns-native-

4.1.94.Final-osx-x86_64.jar [email protected]

netty-transport-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-transport-classes-epoll-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-transport-classes-

[email protected]

netty-transport-classes-kqueue- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-transport-classes-

4.1.94.Final.jar [email protected]

netty-transport-native-epoll-4.1.94.Final- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-transport-native-

linux-aarch_64.jar [email protected]

netty-transport-native-epoll-4.1.94.Final- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-transport-native-

linux-x86_64.jar [email protected]

netty-transport-native-kqueue-4.1.94.Final- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-transport-native-

osx-aarch_64.jar [email protected]

netty-transport-native-kqueue-4.1.94.Final- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-transport-native-

osx-x86_64.jar [email protected]

netty-transport-native-unix-common- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-transport-native-unix-

4.1.94.Final.jar [email protected]

netty-transport-rxtx-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-transport-sctp-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-transport-udt-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

okio-jvm-2.8.0.jar cpe:2.3:a:squareup:okio:2.8.0:::::::* pkg:maven/com.squareup.okio/[email protected]

protobuf-java-3.13.0.jar cpe:2.3:a:google:protobuf-java:3.13.0:::::::* pkg:maven/com.google.protobuf/[email protected]

cpe:2.3:a:protobuf:protobuf:3.13.0:*:*:*:*:*:*:*

reactor-netty-core-1.0.34.jar pkg:maven/io.projectreactor.netty/reactor-netty-
[email protected]

reactor-netty-http-1.0.34.jar pkg:maven/io.projectreactor.netty/reactor-netty-
[email protected]

reactor-netty-http-brave-1.0.34.jar cpe:2.3:a:brave:brave:1.0.34:::::::* pkg:maven/io.projectreactor.netty/reactor-netty-http-

[email protected]

snakeyaml-1.26.jar cpe:2.3:a:snakeyaml_project:snakeyaml:1.26:::::::* pkg:maven/org.yaml/[email protected]

spring-boot-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-

[email protected]

spring-boot-actuator-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

[email protected]

spring-boot-actuator-autoconfigure- cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

2.7.14.jar [email protected]

spring-boot-autoconfigure-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

[email protected]

spring-boot-starter-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

[email protected]
spring-boot-starter-actuator-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* pkg:maven/org.springframework.boot/spring-boot-
[email protected]

spring-boot-starter-aop-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

[email protected]

spring-boot-starter-data-redis-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

[email protected]

spring-boot-starter-data-redis-reactive- cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

2.7.14.jar [email protected]

spring-boot-starter-security-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

[email protected]

spring-security-config-5.8.5.jar cpe:2.3:a:pivotal_software:spring_security:5.8.5:::::::* pkg:maven/org.springframework.security/spring-

cpe:2.3:a:vmware:spring_security:5.8.5:*:*:*:*:*:*:* [email protected]

* indicates the dependency has a known exploited vulnerability

Dependencies (vulnerable)

aws-java-sdk-core-1.11.921.jar

Description:

The AWS SDK for Java - Core module holds the classes that are used by the individual service clients to interact with Amazon Web Services. Users need to depend on aws-java-
sdk artifact for accessing individual client classes.

File Path: /root/.gradle/caches/modules-2/files-2.1/com.amazonaws/aws-java-sdk-core/1.11.921/fa040675a9a2d1ea78dcce8b24ed4ba7219765b8/aws-java-sdk-core-1.11.921.jar

MD5: d48c1d4c7ba524dc976ae64cf4fd09f5
SHA1: fa040675a9a2d1ea78dcce8b24ed4ba7219765b8
SHA256:831f80a0591f5646400a318e83a762ba7ad8b5e03b36aa558be36617b41b0e5b
Referenced In Projects/Scopes:

authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.ap.config/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.config/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]

Evidence

Identifiers

pkg:maven/com.amazonaws/[email protected] (Confidence:High)
cpe:2.3:a:amazon:aws-sdk-java:1.11.921:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2022-31159 suppress

The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the `downloadDirectory` method in the
AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the `destinationDirectory` argument, but
S3 object keys are determined by the application that uploaded the objects. The `downloadDirectory` method allows the caller to pass a filesystem object in the object key
but contained an issue in the validation logic for the key name. A knowledgeable actor could bypass the validation logic by including a UNIX double-dot in the bucket key.
Under certain conditions, this could permit them to retrieve a directory from their S3 bucket that is one level up in the filesystem from their working directory. This
issue��s scope is limited to directories whose name prefix matches the destinationDirectory. E.g. for destination directory`/tmp/foo`, the actor can cause a download
to `/tmp/foo-bar`, but not `/tmp/bar`. If `com.amazonaws.services.s3.transfer.TransferManager::downloadDirectory` is used to download an untrusted buckets contents,
the contents of that bucket can be written outside of the intended destination directory. Version 1.12.261 contains a patch for this issue. As a workaround, when calling
`com.amazonaws.services.s3.transfer.TransferManager::downloadDirectory`, pass a `KeyFilter` that forbids `S3ObjectSummary` objects that `getKey` method return a
string containing the substring `..` .

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A

References:
[email protected] - Exploit

Vulnerable Software & Versions:

cpe:2.3:a:amazon:aws-sdk-java:::::::: versions up to (including) 1.12.260

aws-java-sdk-kms-1.11.921.jar

Description:

The AWS Java SDK for AWS KMS module holds the client classes that are used for communicating with AWS Key Management Service

File Path: /root/.gradle/caches/modules-2/files-2.1/com.amazonaws/aws-java-sdk-kms/1.11.921/5aa22c983fddf7274127006c614a4ca35a643b59/aws-java-sdk-kms-1.11.921.jar

MD5: 4c5878eace8aeccd70d3e55ced7b94df
SHA1: 5aa22c983fddf7274127006c614a4ca35a643b59
SHA256:7262767472a01a50232535409f866c7eda85fef26c6c5f6b7fdc10c948e7fb7a
Referenced In Projects/Scopes:

Evidence

Identifiers

pkg:maven/com.amazonaws/[email protected] (Confidence:High)
cpe:2.3:a:amazon:aws-sdk-java:1.11.921:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2022-31159 suppress

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A

References:
[email protected] - Exploit

Vulnerable Software & Versions:

cpe:2.3:a:amazon:aws-sdk-java:::::::: versions up to (including) 1.12.260

aws-java-sdk-s3-1.11.921.jar

Description:

The AWS Java SDK for Amazon S3 module holds the client classes that are used for communicating with Amazon Simple Storage Service

File Path: /root/.gradle/caches/modules-2/files-2.1/com.amazonaws/aws-java-sdk-s3/1.11.921/6c28c0cb3edd823b10c0289e791aa63a12faf6e0/aws-java-sdk-s3-1.11.921.jar

MD5: c405b1675222fc3f7d11b145686be528
SHA1: 6c28c0cb3edd823b10c0289e791aa63a12faf6e0
SHA256:7f4c81cea9f90ddf1ee3159ae70ee6efb0d88be28629da81eecce39ae00c8339
Referenced In Projects/Scopes:

Evidence

Identifiers

pkg:maven/com.amazonaws/[email protected] (Confidence:High)
cpe:2.3:a:amazon:aws-sdk-java:1.11.921:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2022-31159 suppress

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A

References:
OSSINDEX - [CVE-2022-31159] CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31159
OSSIndex - https://github.com/aws/aws-sdk-java/security/advisories/GHSA-c28r-hw5m-5gv3
[email protected] - Exploit

Vulnerable Software & Versions:

cpe:2.3:a:amazon:aws-sdk-java:::::::: versions up to (including) 1.12.260

aws-java-sdk-sts-1.11.921.jar

Description:

The AWS Java SDK for AWS STS module holds the client classes that are used for communicating with AWS Security Token Service

File Path: /root/.gradle/caches/modules-2/files-2.1/com.amazonaws/aws-java-sdk-sts/1.11.921/bc9a1fdf5cbeaeeb0b5d0f14499922f5309b10a1/aws-java-sdk-sts-1.11.921.jar

MD5: 83394d9cc1c32d8e9efe9d46b577f2e4
SHA1: bc9a1fdf5cbeaeeb0b5d0f14499922f5309b10a1
SHA256:b78d5eb7cf0095840f217e1218b10e4b5785a133b2a4aae7f62846bf969ed7b9
Referenced In Projects/Scopes:

Evidence

Identifiers
pkg:maven/com.amazonaws/[email protected] (Confidence:High)
cpe:2.3:a:amazon:aws-sdk-java:1.11.921:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2022-31159 suppress

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A

References:
[email protected] - Exploit

Vulnerable Software & Versions:

cpe:2.3:a:amazon:aws-sdk-java:::::::: versions up to (including) 1.12.260

bcprov-jdk15on-1.68.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.68/46a080368d38b428d237a59458f9bc915222894d/bcprov-jdk15on-1.68.jar

MD5: f34043ac8be2793843364b4406a15543
SHA1: 46a080368d38b428d237a59458f9bc915222894d
SHA256:f732a46c8de7e2232f2007c682a21d1f4cc8a8a0149b6b7bd6aa1afdc65a0f8d
Referenced In Projects/Scopes:

Included by:
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.config/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]

Evidence

Identifiers

pkg:maven/org.bouncycastle/[email protected] (Confidence:Highest)
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.68:*:*:*:*:*:*:* (Confidence:Highest) suppress
cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.68:*:*:*:*:*:*:* (Confidence:Highest) suppress
cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.68:*:*:*:*:*:*:* (Confidence:Highest) suppress
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.68:*:*:*:*:*:*:* (Confidence:Highest) suppress
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.68:*:*:*:*:*:*:* (Confidence:Highest) suppress
cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.68:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-33202 suppress

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class
parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the
PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA
1.0.2.4 is fixed.)

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:
[email protected] - Exploit
[email protected] - Product

Vulnerable Software & Versions:

cpe:2.3:a:bouncycastle:bouncy_castle_for_java:::::::: versions up to (excluding) 1.73

CVE-2023-33201 (OSSINDEX) suppress

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy
Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any
escaping, which leads to an LDAP injection vulnerability.

CWE-295 Improper Certificate Validation

CVSSv3:
Base Score: MEDIUM (5.300000190734863)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:
OSSINDEX - [CVE-2023-33201] CWE-295: Improper Certificate Validation
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33201
OSSIndex - https://github.com/bcgit/bc-java/wiki/CVE-2023-33201

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.68:*:*:*:*:*:*:*

brave-instrumentation-mongodb-5.13.9.jar

Description:

Java distributed tracing implementation compatible with Zipkin backend services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.gradle/caches/modules-2/files-2.1/io.zipkin.brave/brave-instrumentation-mongodb/5.13.9/2b9f24b46c8fcab0d38a47703a4bfe90dbed3f61/brave-instrumentation-

mongodb-5.13.9.jar
MD5: 922aa7956b6b36621badb4964b6eb77e
SHA1: 2b9f24b46c8fcab0d38a47703a4bfe90dbed3f61
SHA256:288f7058f52b1c50d58cddf721f46184db4881238f4d36874aa11436b81625b9
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/io.zipkin.brave/[email protected] (Confidence:Highest)
cpe:2.3:a:brave:brave:5.13.9:*:*:*:*:*:*:* (Confidence:Low) suppress
cpe:2.3:a:mongodb:mongodb:5.13.9:*:*:*:*:*:*:* (Confidence:Low) suppress

Published Vulnerabilities

CVE-2014-8180 suppress

MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of
Service.

CWE-287 Improper Authentication

CVSSv2:
Base Score: LOW (2.1)
Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
Base Score: MEDIUM (5.5)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
References:
[email protected] - Issue Tracking
[email protected] - Product

Vulnerable Software & Versions: (show all)

cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
...

brave-opentracing-0.37.4.jar

Description:

Zipkin OpenTracing Brave bridge

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.gradle/caches/modules-2/files-2.1/io.opentracing.brave/brave-opentracing/0.37.4/91beb0c2dd58896408e9cc4372ed61b9ff63fb6/brave-opentracing-0.37.4.jar

MD5: 1cf350c1a8265771e7543ab7c1e692a4
SHA1: 091beb0c2dd58896408e9cc4372ed61b9ff63fb6
SHA256:78882e5be003592492724f050367f2e46afebfa7ad499e0b3ac85103d40f74fc
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-service:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/io.opentracing.brave/[email protected] (Confidence:High)
cpe:2.3:a:brave:brave:0.37.4:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2022-47932 suppress

Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is
caused by an incomplete fix for CVE-2022-47933.

NVD-CWE-Other

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
[email protected] - Exploit
[email protected] - Patch
[email protected] - Patch
[email protected] - Permissions Required

Vulnerable Software & Versions:

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.42.51

CVE-2022-47933 suppress

Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused
by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc.

CWE-755 Improper Handling of Exceptional Conditions

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
[email protected] - Exploit
[email protected] - Issue Tracking
[email protected] - Patch
[email protected] - Patch
[email protected] - Permissions Required

Vulnerable Software & Versions:

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.42.51

CVE-2022-47934 suppress

Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or
ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934.

NVD-CWE-Other

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
[email protected] - Exploit
[email protected] - Issue Tracking
[email protected] - Patch
[email protected] - Patch
[email protected] - Permissions Required

Vulnerable Software & Versions:

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.43.88

CVE-2021-22929 suppress

An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion
domains in tor.log.

CWE-532 Insertion of Sensitive Information into Log File, CWE-312 Cleartext Storage of Sensitive Information

CVSSv2:
Base Score: LOW (3.6)
Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:1.8/RC:R/MAV:A

References:
[email protected] - Exploit

Vulnerable Software & Versions:

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.28.62

CVE-2022-30334 suppress

Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the
Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT
implement most of the privacy protections from Tor Browser."

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv2:
Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

References:
[email protected] - Exploit
[email protected] - Exploit
[email protected] - Issue Tracking
[email protected] - Vendor Advisory

Vulnerable Software & Versions:

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.34

CVE-2023-28360 suppress

An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety
check dialog presented to the user.

NVD-CWE-Other, CWE-223 Omission of Security-relevant Information

CVSSv3:
Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A

References:
[email protected] - Third Party Advisory

Vulnerable Software & Versions:

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.48.171

commons-io-2.5.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:
http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.gradle/caches/modules-2/files-2.1/commons-io/commons-io/2.5/2852e6e05fbb95076fc091f6d1780f1f8fe35e0f/commons-io-2.5.jar

MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
SHA256:a10418348d234968600ccb1d988efcbbd08716e1d96936ccc1880e7d22513474
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-service:compileClasspath

Included by:
pkg:maven/com.apple.ap/[email protected]
pkg:maven/com.apple.ap/[email protected]

Evidence

Identifiers

pkg:maven/commons-io/[email protected] (Confidence:High)
cpe:2.3:a:apache:commons_io:2.5:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2021-29425 suppress

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the
same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to
construct a path value.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-20 Improper Input Validation

CVSSv2:
Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
Base Score: MEDIUM (4.8)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:2.2/RC:R/MAV:A

References:
OSSINDEX - [CVE-2021-29425] CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
OSSIndex - https://github.com/apache/commons-io/pull/52
OSSIndex - https://issues.apache.org/jira/browse/IO-556
OSSIndex - https://issues.apache.org/jira/browse/IO-559
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - Exploit
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory

Vulnerable Software & Versions: (show all)

cpe:2.3:a:apache:commons_io:2.5:-:*:*:*:*:*:*
...
guava-25.1-jre.jar

Description:

Guava is a suite of core and expanded libraries that include

utility classes, google's collections, io classes, and much
much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/25.1-jre/6c57e4b22b44e89e548b5c9f70f0c45fe10fb0b4/guava-25.1-jre.jar

MD5: da3838847d109ac435f0d3ed4ae1c794
SHA1: 6c57e4b22b44e89e548b5c9f70f0c45fe10fb0b4
SHA256:6db0c3a244c397429c2e362ea2837c3622d5b68bb95105d37c21c36e5bc70abf
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.ap.config/[email protected]
pkg:maven/com.apple.jvm.commons/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.config/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.jvm.commons/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.jvm.commons/[email protected]
pkg:maven/com.apple.jvm.commons/[email protected]

Evidence

Identifiers

pkg:maven/com.google.guava/[email protected] (Confidence:High)
cpe:2.3:a:google:guava:25.1:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-2976 suppress

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream
Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

CWE-552 Files or Directories Accessible to External Parties

CVSSv3:
Base Score: HIGH (7.1)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:1.8/RC:R/MAV:A

References:
OSSINDEX - [CVE-2023-2976] CWE-552: Files or Directories Accessible to External Parties
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2976
OSSIndex - https://github.com/google/guava/issues/2575
OSSIndex - https://github.com/google/guava/releases/tag/v32.0.0
[email protected] - $enc.html($ref.name)
[email protected] - Issue Tracking

Vulnerable Software & Versions:

cpe:2.3:a:google:guava:::::::: versions up to (excluding) 32.0.0

CVE-2020-8908 suppress

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory
created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an
attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers,
we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java
7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a
location whose permissions are appropriately configured.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:
Base Score: LOW (2.1)
Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
Base Score: LOW (3.3)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:1.8/RC:R/MAV:A

References:
OSSINDEX - [CVE-2020-8908] CWE-379: Creation of Temporary File in Directory with Incorrect Permissions
OSSIndex - https://github.com/google/guava/issues/4011
[email protected] - Exploit
[email protected] - Issue Tracking
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory

Vulnerable Software & Versions: (show all)

cpe:2.3:a:google:guava:::::::: versions up to (excluding) 32.0.0

...

jackson-databind-2.13.5.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.5/aa95e46dbc32454f3983221d420e78ef19ddf844/jackson-databind-2.13.5.jar

MD5: 1dbb98839964a6967a428d868b2d8714
SHA1: aa95e46dbc32454f3983221d420e78ef19ddf844
SHA256:5fedb24b2356491815d18267f65da9a21dd67413345ad7795f221afa25c78984
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.ap/[email protected]
pkg:maven/com.apple.ap.config/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap/[email protected]
pkg:maven/com.apple.ap/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.config/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]

Evidence

Identifiers

pkg:maven/com.fasterxml.jackson.core/[email protected] (Confidence:High)
cpe:2.3:a:fasterxml:jackson-databind:2.13.5:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-35116 suppress

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the
vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by
an external attacker.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
Base Score: MEDIUM (4.7)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A

References:
[email protected] - Issue Tracking

Vulnerable Software & Versions:

cpe:2.3:a:fasterxml:jackson-databind:::::::: versions up to (including) 2.15.2

javax.el-3.0.1-b12.jar

Description:

Expression Language 3.0 API and Implementation

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html

File Path: /root/.gradle/caches/modules-2/files-2.1/org.glassfish/javax.el/3.0.1-b12/2a54bfce52f758c27fa8e6dfd2ce5b4fcad2ebf6/javax.el-3.0.1-b12.jar

MD5: 31c52b0eaf189f6c99958f0c5f3882d6
SHA1: 2a54bfce52f758c27fa8e6dfd2ce5b4fcad2ebf6
SHA256:ca966f4501ac8790274146cafc943b08f67615afb668290e32bbbfe9f5317f99
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]

Evidence

Identifiers

pkg:maven/org.glassfish/[email protected] (Confidence:High)
Published Vulnerabilities

CVE-2021-28170 (OSSINDEX) suppress

jakarta.el - Improper Input Validation [CVE-2021-28170]

The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

CWE-20 Improper Input Validation

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:
OSSINDEX - [CVE-2021-28170] CWE-20: Improper Input Validation
OSSIndex - https://github.com/eclipse-ee4j/el-ri/issues/155
OSSIndex - https://github.com/eclipse-ee4j/el-ri/pull/160
OSSIndex - https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.glassfish:javax.el:3.0.1-b12:*:*:*:*:*:*:*

jmespath-java-1.11.921.jar

Description:

Implementation of the JMES Path JSON Query langauge for Java.

License:

Apache License, Version 2.0: https://aws.amazon.com/apache2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/com.amazonaws/jmespath-java/1.11.921/71fa29beaecd41d17bffb1ba74e42ee73364d11e/jmespath-java-1.11.921.jar

MD5: fea2a12d91be97687eee9e333f4d754b
SHA1: 71fa29beaecd41d17bffb1ba74e42ee73364d11e
SHA256:bd8e6d6d8836b588be9b702d773982a2205bbaafeee4258ac76297bb552e71b6
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/com.amazonaws/[email protected] (Confidence:High)
cpe:2.3:a:amazon:aws-sdk-java:1.11.921:*:*:*:*:*:*:* (Confidence:Low) suppress

Published Vulnerabilities

CVE-2022-31159 suppress

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A

References:
[email protected] - Exploit

Vulnerable Software & Versions:

cpe:2.3:a:amazon:aws-sdk-java:::::::: versions up to (including) 1.12.260

json-20220320.jar

Description:

JSON is a light-weight, language independent, data interchange format.

See http://www.JSON.org/

The files in this package implement JSON encoders/decoders in Java.

It also includes the capability to convert between JSON and XML, HTTP
headers, Cookies, and CDL.

This is a reference implementation. There is a large number of JSON packages

in Java. Perhaps someday the Java community will standardize on one. Until
then, choose carefully.

The license includes this restriction: "The software shall be used for good,
not evil." If your conscience cannot live with that, then choose a different
package.

License:

The JSON License: http://json.org/license.html

File Path: /root/.gradle/caches/modules-2/files-2.1/org.json/json/20220320/6df2c050972619466f6dcef7654ef9bcc01dfd0/json-20220320.jar

MD5: 86978058a0b60d816e8c48da84c547e4
SHA1: 06df2c050972619466f6dcef7654ef9bcc01dfd0
SHA256:1edf7fcea79a16b8dfdd3bc988ddec7f8908b1f7762fdf00d39acb037542747a
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/org.json/json@20220320 (Confidence:High)
cpe:2.3:a:json-java_project:json-java:20220320:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-5072 suppress

Denial of Service in JSON-Java versions up to and including 20230618. ��A bug in the parser means that an input string of modest size can lead to indefinite amounts
of memory being used.��

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:
OSSINDEX - [CVE-2023-5072] CWE-770: Allocation of Resources Without Limits or Throttling
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5072
OSSIndex - https://github.com/advisories/GHSA-rm7j-f5g5-27vv
[email protected] - Exploit
[email protected] - Issue Tracking

Vulnerable Software & Versions:

cpe:2.3:a:json-java_project:json-java:::::::: versions up to (including) 20230618

massilia-client-shadowed-1.6.0.21.8-shadow.jar (shaded: com.amazonaws:aws-java-sdk-kms:1.11.615)

Description:

The AWS Java SDK for AWS KMS module holds the client classes that are used for communicating with AWS Key Management Service

File Path: /root/.gradle/caches/modules-2/files-2.1/com.apple.cie.massilia/massilia-client-shadowed/1.6.0.21.8/c21b6ee78020cb87ace3b7f2fe632c0c555c036f/massilia-client-

shadowed-1.6.0.21.8-shadow.jar/META-INF/maven/com.amazonaws/aws-java-sdk-kms/pom.xml
MD5: c0fd3b5eb26b45f3cab08fe8c49812d5
SHA1: 068264cc351c4cc95d7ab4a0d93606e22a13bc73
SHA256:d6f7aa51ce6d076aa08bff06cc9518f601bf3c3e2c97059b034a7f44de13f733
Referenced In Projects/Scopes:

Evidence

Identifiers

pkg:maven/com.amazonaws/[email protected] (Confidence:High)
cpe:2.3:a:amazon:aws-sdk-java:1.11.615:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2022-31159 suppress

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A

References:
[email protected] - Exploit

Vulnerable Software & Versions:

cpe:2.3:a:amazon:aws-sdk-java:::::::: versions up to (including) 1.12.260

massilia-client-shadowed-1.6.0.21.8-shadow.jar (shaded: com.amazonaws:jmespath-java:1.11.615)

Description:

Implementation of the JMES Path JSON Query langauge for Java.

License:

Apache License, Version 2.0: https://aws.amazon.com/apache2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/com.apple.cie.massilia/massilia-client-shadowed/1.6.0.21.8/c21b6ee78020cb87ace3b7f2fe632c0c555c036f/massilia-client-

shadowed-1.6.0.21.8-shadow.jar/META-INF/maven/com.amazonaws/jmespath-java/pom.xml
MD5: e730f5bfe884390b8319c41a9f6a92a2
SHA1: 13b8c2d1d32abc867d740c40629babb475ae58eb
SHA256:e49cb92d8df44762b69806d906d42281d37cb18373a8d03249c904f8b167d717
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers
pkg:maven/com.amazonaws/[email protected] (Confidence:High)
cpe:2.3:a:amazon:aws-sdk-java:1.11.615:*:*:*:*:*:*:* (Confidence:Low) suppress

Published Vulnerabilities

CVE-2022-31159 suppress

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A

References:
[email protected] - Exploit

Vulnerable Software & Versions:

cpe:2.3:a:amazon:aws-sdk-java:::::::: versions up to (including) 1.12.260

massilia-client-shadowed-1.6.0.21.8-shadow.jar (shaded: com.fasterxml.jackson.core:jackson-databind:2.14.1)

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.gradle/caches/modules-2/files-2.1/com.apple.cie.massilia/massilia-client-shadowed/1.6.0.21.8/c21b6ee78020cb87ace3b7f2fe632c0c555c036f/massilia-client-

shadowed-1.6.0.21.8-shadow.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
MD5: b9d17530aa92b8b63f7b1fab039e5cef
SHA1: 8c3bdf0527603b7c543f55fb10cf4b9d77bf9182
SHA256:7adb23d6d746edcf946d1c062b198ff9a026c0e22b307b8d5d79c1e08538c635
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/com.fasterxml.jackson.core/[email protected] (Confidence:High)
cpe:2.3:a:fasterxml:jackson-databind:2.14.1:*:*:*:*:*:*:* (Confidence:Highest) suppress
cpe:2.3:a:fasterxml:jackson-modules-java8:2.14.1:*:*:*:*:*:*:* (Confidence:Low) suppress

Published Vulnerabilities

CVE-2023-35116 suppress

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
Base Score: MEDIUM (4.7)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A

References:
[email protected] - Issue Tracking

Vulnerable Software & Versions:

cpe:2.3:a:fasterxml:jackson-databind:::::::: versions up to (including) 2.15.2

massilia-client-shadowed-1.6.0.21.8-shadow.jar (shaded: com.google.protobuf:protobuf-java:2.5.0)

Description:

Protocol Buffers are a way of encoding structured data in an efficient yet

extensible format.

License:

New BSD license: http://www.opensource.org/licenses/bsd-license.php

File Path: /root/.gradle/caches/modules-2/files-2.1/com.apple.cie.massilia/massilia-client-shadowed/1.6.0.21.8/c21b6ee78020cb87ace3b7f2fe632c0c555c036f/massilia-client-

shadowed-1.6.0.21.8-shadow.jar/META-INF/maven/com.google.protobuf/protobuf-java/pom.xml
MD5: 8f761580cb2cdc4f13e82c1368f99e5e
SHA1: d0b411e81d63761989f1329e8650ef27f6f77d25
SHA256:9d837a52af87aa417ca14aeec39d0eae34f3fe58aae5e36397e6f0e12d5d4f47
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/com.google.protobuf/[email protected] (Confidence:High)
cpe:2.3:a:google:protobuf-java:2.5.0:*:*:*:*:*:*:* (Confidence:Highest) suppress
cpe:2.3:a:protobuf:protobuf:2.5.0:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2022-3171 suppress

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing
multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable
forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.

CWE-20 Improper Input Validation, NVD-CWE-noinfo

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory

Vulnerable Software & Versions: (show all)

cpe:2.3:a:google:protobuf-java:::::::: versions up to (excluding) 3.16.3

...

CVE-2022-3509 (OSSINDEX) suppress

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of
service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth
between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.

CWE-20 Improper Input Validation

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:
OSSINDEX - [CVE-2022-3509] CWE-20: Improper Input Validation
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3509
OSSIndex - https://github.com/protocolbuffers/protobuf/pull/10673
OSSIndex - https://security-tracker.debian.org/tracker/CVE-2022-3509

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.google.protobuf:protobuf-java:2.5.0:*:*:*:*:*:*:*

CVE-2021-22569 suppress

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious
payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading
libraries beyond the vulnerable versions.

NVD-CWE-noinfo, CWE-696 Incorrect Behavior Order

CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
Base Score: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:
OSSINDEX - [CVE-2021-22569] CWE-noinfo
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22569
OSSIndex - https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67
[email protected] - $enc.html($ref.name)
[email protected] - Exploit
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Patch
[email protected] - Vendor Advisory

Vulnerable Software & Versions: (show all)

cpe:2.3:a:google:protobuf-java:::::::: versions up to (excluding) 3.16.1

...

massilia-client-shadowed-1.6.0.21.8-shadow.jar (shaded: org.apache.httpcomponents:httpclient:4.4.1)

Description:

Apache HttpComponents Client

File Path: /root/.gradle/caches/modules-2/files-2.1/com.apple.cie.massilia/massilia-client-shadowed/1.6.0.21.8/c21b6ee78020cb87ace3b7f2fe632c0c555c036f/massilia-client-

shadowed-1.6.0.21.8-shadow.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
MD5: 61993ba0bda17b6e9fc6211fd8f6b3fc
SHA1: 268123e00ea95d60679497d089766478a75ea633
SHA256:752b31e724e5b601e64772c021e76c751a941d1cc27764921cbe949cd0e12756
Referenced In Projects/Scopes:

Evidence

Identifiers

pkg:maven/org.apache.httpcomponents/[email protected] (Confidence:High)
cpe:2.3:a:apache:httpclient:4.4.1:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2020-13956 suppress

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object
and pick the wrong target host for request execution.

NVD-CWE-noinfo

CVSSv2:
Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:
OSSINDEX - [CVE-2020-13956] CWE-noinfo
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13956
OSSIndex - https://bugzilla.redhat.com/show_bug.cgi?id=1886587
OSSIndex - https://www.openwall.com/lists/oss-security/2020/10/08/4
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - Mailing List
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory

Vulnerable Software & Versions: (show all)

cpe:2.3:a:apache:httpclient:::::::: versions up to (excluding) 4.5.13

...

netty-all-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for

rapid development of maintainable high performance protocol servers and
clients.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-all/4.1.94.Final/2a7df0424eed81818157f22613f36b72487ceb34/netty-all-4.1.94.Final.jar

MD5: ee774b4b445c121979447b344e003433
SHA1: 2a7df0424eed81818157f22613f36b72487ceb34
SHA256:1c82245904713835392e9cf22dce10f0a5fb4ef10d0db17ff4f48ca9ca97744c
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress
Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

Product: IETF HTTP/2
Name: HTTP/2 Rapid Reset Attack Vulnerability
Date Added: 2023-10-10
Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2023-10-31
Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:
[email protected] - $enc.html($ref.name)
[email protected] - Exploit
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mitigation
[email protected] - Mitigation
[email protected] - Mitigation
[email protected] - Mitigation
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Press/Media Coverage
[email protected] - Press/Media Coverage
[email protected] - Press/Media Coverage
[email protected] - Press/Media Coverage
[email protected] - Press/Media Coverage
[email protected] - Product
[email protected] - Product
[email protected] - Product
[email protected] - Product
[email protected] - Release Notes
[email protected] - Release Notes
[email protected] - Release Notes
[email protected] - Release Notes
[email protected] - Technical Description
[email protected] - Technical Description
[email protected] - Technical Description
[email protected] - Technical Description
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-buffer-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-buffer/4.1.94.Final/eec248b26f16e888688e5bb37b7eeda76b78d2f7/netty-buffer-4.1.94.Final.jar

MD5: 6cec7855a7c9138bf69c3be6c1da7bc1
SHA1: eec248b26f16e888688e5bb37b7eeda76b78d2f7
SHA256:8066ee7c49f9f29da96ee62f7cb13bee022cb4b68e51437b33da3b6d01398f13
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.config/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-codec-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec/4.1.94.Final/c70ef20ca338558147887df60f46341bc47f6900/netty-codec-4.1.94.Final.jar

MD5: af82f1a2a359af02df205f3e4d69ae37
SHA1: c70ef20ca338558147887df60f46341bc47f6900
SHA256:91243776ad68b4d8e39eafb9ec115e1b8fa9aecd147b12ef15bb691639498328
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:* versions up to (excluding) 4.1.100
...

netty-codec-dns-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-dns/4.1.94.Final/9180660dc8479e1594b60b02fc27404af0ea43a6/netty-codec-dns-4.1.94.Final.jar

MD5: 87060c553239f7de5339d4ec2874e0dc
SHA1: 9180660dc8479e1594b60b02fc27404af0ea43a6
SHA256:b345048b7692204803b49eb11f5203b52e18aa7647f8b77dd63118fd8d5fd2a2
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-codec-haproxy-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-haproxy/4.1.94.Final/e25371aeb89c64757fcb266c2ff71cb9db946342/netty-codec-haproxy-4.1.94.Final.jar

MD5: e612995bba3aca6abce4b4f6bca844c3
SHA1: e25371aeb89c64757fcb266c2ff71cb9db946342
SHA256:22339626db9f6c7c82481345556d97765073691e5eb7cfe90171120e71056a04
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-codec-http-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-http/4.1.94.Final/9e5404764092c1f6305ad5719078f46ab228d587/netty-codec-http-4.1.94.Final.jar

MD5: 8e489e379e468a542b9fd3b547461093
SHA1: 9e5404764092c1f6305ad5719078f46ab228d587
SHA256:1ada4580f68cd17a534fb3c0337087073223a76cb77304dbe5a1b19df3d53c2f
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.config/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-codec-http2-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-http2/4.1.94.Final/f651595784d6cca4cbca6a8ad74c48fceed6cea8/netty-codec-http2-4.1.94.Final.jar

MD5: 582a871415311117886a308f4810fc97
SHA1: f651595784d6cca4cbca6a8ad74c48fceed6cea8
SHA256:8fbd2e95abec6155b60ed3c9c1600ed4e17ffe3f053cd5a40677d879c0af961f
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers
pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-codec-memcache-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-memcache/4.1.94.Final/5a58235b715f3a0f7d53c332f849f86faa59416e/netty-codec-memcache-

4.1.94.Final.jar
MD5: cccb751452d0249a39c65dfbdbd0bb3a
SHA1: 5a58235b715f3a0f7d53c332f849f86faa59416e
SHA256:d1d06a9bb6ab23750403e6f674520ae3346114acec9a3cd7f38938e2749accb2
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:memcache_project:memcache:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-codec-mqtt-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-mqtt/4.1.94.Final/b398995b88fbd32bfca2b9b5febc102df5738a6b/netty-codec-mqtt-4.1.94.Final.jar

MD5: 61495bc15f4b9c233e49e60bf96348a0
SHA1: b398995b88fbd32bfca2b9b5febc102df5738a6b
SHA256:fcd5c85036a4d7b7104c35d9849476e891a2e5ca282bf9fff50501187f3718f7
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:mqtt:mqtt:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...
netty-codec-redis-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-redis/4.1.94.Final/dd82950d83cc30a222b92bf6377781fbe6ebe3ae/netty-codec-redis-4.1.94.Final.jar

MD5: ec0fb2a537abb77e959ca59cb79c0751
SHA1: dd82950d83cc30a222b92bf6377781fbe6ebe3ae
SHA256:27b3f9707ccd6aeb776cb8a519ec7878b0779c737d7862c11c9f4fdeb6e65950
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-codec-smtp-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-smtp/4.1.94.Final/f82f9b24ee0d35112d143f8b69a2f676454218f0/netty-codec-smtp-4.1.94.Final.jar

MD5: b43f3f0800a70725f360789a30caf3cc
SHA1: f82f9b24ee0d35112d143f8b69a2f676454218f0
SHA256:bcf2821c2560d610f9457c2d6df36626d9c821fa849b9be03df06b75a8892430
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-codec-socks-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-socks/4.1.94.Final/b9192c7cda295d75f236a13a0b1f5a008f05d516/netty-codec-socks-4.1.94.Final.jar

MD5: 2589891958e846e18148a35888ccc53c
SHA1: b9192c7cda295d75f236a13a0b1f5a008f05d516
SHA256:1c0b4ee0b623402dd5bb78fd4a69bf808da2510524f489a24b0f3cc58ded046e
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-codec-stomp-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-stomp/4.1.94.Final/40fecc7dda25e8b8f9c546adbf71a070b53e7d14/netty-codec-stomp-4.1.94.Final.jar

MD5: abf307f6e8e5e5de8e0fe53e4da6af69
SHA1: 40fecc7dda25e8b8f9c546adbf71a070b53e7d14
SHA256:7fcc34e747ab753d7a842d6bf24f45c11852260ff181a60030a751f8b7d73865
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-codec-xml-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-xml/4.1.94.Final/cfbb786c8b4f9abfbe7212e978925211e3d486de/netty-codec-xml-4.1.94.Final.jar

MD5: 7697781321d9e8fd558341379febeea2
SHA1: cfbb786c8b4f9abfbe7212e978925211e3d486de
SHA256:affa829a13c7ae4a39d4ca52ba126c71d577319c7b38fa09a4cec24187415f5b
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress
Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-common-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-common/4.1.94.Final/ad4ecf779ebc794cd351f57792f56ea01387b868/netty-common-4.1.94.Final.jar

MD5: d526d21e0aff6c31fbc49bc08b0a9648
SHA1: ad4ecf779ebc794cd351f57792f56ea01387b868
SHA256:cb8d84a3e63aea90d0d7a333a02e50ac751d2b05db55745d981b5eff893f647b
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-handler-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-handler/4.1.94.Final/cd9121ce24d6d3f2898946d04b0ef3ec548b00b4/netty-handler-4.1.94.Final.jar

MD5: a14971bf68e4a755bc3abd954973c7ad
SHA1: cd9121ce24d6d3f2898946d04b0ef3ec548b00b4
SHA256:8e50719a9ab89e33ef85c5f36d780e0d7056b3f768b07d261d87baed7094eb3c
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:* versions up to (excluding) 4.1.100
...

netty-handler-proxy-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-handler-proxy/4.1.94.Final/26ba9d30b8f7b095155b9ac63378d6d9386d85c3/netty-handler-proxy-4.1.94.Final.jar

MD5: 85b024ad255ae6399632f892f6a7b8f8
SHA1: 26ba9d30b8f7b095155b9ac63378d6d9386d85c3
SHA256:378738bfeb84c81228ae5de209f964ca87849f9a720c916c77f7cba6494bb1ec
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-handler-ssl-ocsp-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-handler-ssl-ocsp/4.1.94.Final/543779c4e4e2a0126cb73b8b01d999ebca25e431/netty-handler-ssl-ocsp-

4.1.94.Final.jar
MD5: 81dbec7cf249d9b8adba47b5fa0bf05f
SHA1: 543779c4e4e2a0126cb73b8b01d999ebca25e431
SHA256:470036b8c69c4d31ccae0a549b3071728cfe05d2959c9b97e111d1ac93ca2f2b
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-resolver-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-resolver/4.1.94.Final/e96f649e8e9dcb29a1f8e95328b99c9eb6cf76c2/netty-resolver-4.1.94.Final.jar

MD5: 54c962d5f603415a4db185525699b52b
SHA1: e96f649e8e9dcb29a1f8e95328b99c9eb6cf76c2
SHA256:bd26e9bc5e94e2d3974a93fdf921658eff4f033bfd4c5208607760ab54298617
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-resolver-dns-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-resolver-dns/4.1.94.Final/25bbe90e10685ce63c32bd0db56574cffffa28de/netty-resolver-dns-4.1.94.Final.jar

MD5: ea91fa9558a8a5888c3089c57f9813f7
SHA1: 25bbe90e10685ce63c32bd0db56574cffffa28de
SHA256:d6a0871adbc47ce4b08ab7c23c6e32047bd197641f5f3fd35d165faed79a89e8
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence
Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-resolver-dns-classes-macos-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-resolver-dns-classes-macos/4.1.94.Final/a4a7e28d172b56f21626b739c30133a19ba61556/netty-resolver-dns-

classes-macos-4.1.94.Final.jar
MD5: 105c06e6ef2d6e4d9d5e165e14481c19
SHA1: a4a7e28d172b56f21626b739c30133a19ba61556
SHA256:494f50adb7e0962753ff06949f052adf369453f688428f2a7657d7e81df136a5
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-resolver-dns-native-macos-4.1.94.Final-osx-aarch_64.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-resolver-dns-native-macos/4.1.94.Final/101d61afcdd5155e95eca7c3e884bd41473b5e86/netty-resolver-dns-native-

macos-4.1.94.Final-osx-aarch_64.jar
MD5: a002e5ff83e4a512449ee03bf4ac677b
SHA1: 101d61afcdd5155e95eca7c3e884bd41473b5e86
SHA256:fd94a8ef572719510ee0a275632423060efa3f4756e996f92b34e1c1f5d4ef96
Referenced In Projects/Scopes:
authentication-domain:runtimeClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...
netty-resolver-dns-native-macos-4.1.94.Final-osx-x86_64.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-resolver-dns-native-macos/4.1.94.Final/902cf7b70e993c0655ef6fd7f8a9f90d295e810d/netty-resolver-dns-native-

macos-4.1.94.Final-osx-x86_64.jar
MD5: b51dc2c03b742f0f6ca8cc78352066e1
SHA1: 902cf7b70e993c0655ef6fd7f8a9f90d295e810d
SHA256:4c0e71f92187ead7877a5a4f9eef0c07fc233ad88db256c0d58f51cdf129df21
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-transport-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-transport/4.1.94.Final/ec783a737f96991a87b1d5794e2f9eb2024d708a/netty-transport-4.1.94.Final.jar

MD5: f900b6a0a8b1ee7636c0939bdc0b14f3
SHA1: ec783a737f96991a87b1d5794e2f9eb2024d708a
SHA256:a75afa84ca35a50225991b39e6b6278186e612f7a2a0c0e981de523aaac516a4
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
References:
[email protected] - $enc.html($ref.name)
[email protected] - Exploit
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Issue Tracking
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mailing List
[email protected] - Mitigation
[email protected] - Mitigation
[email protected] - Mitigation
[email protected] - Mitigation
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Patch
[email protected] - Press/Media Coverage
[email protected] - Press/Media Coverage
[email protected] - Press/Media Coverage
[email protected] - Press/Media Coverage
[email protected] - Press/Media Coverage
[email protected] - Product
[email protected] - Product
[email protected] - Product
[email protected] - Product
[email protected] - Release Notes
[email protected] - Release Notes
[email protected] - Release Notes
[email protected] - Release Notes
[email protected] - Technical Description
[email protected] - Technical Description
[email protected] - Technical Description
[email protected] - Technical Description
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory
[email protected] - Vendor Advisory

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-transport-classes-epoll-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-transport-classes-epoll/4.1.94.Final/240e36cd5c2ffaf655913f8857f2d58b26394679/netty-transport-classes-epoll-

4.1.94.Final.jar
MD5: 2dc4fe8c18b086815255d05e613b316f
SHA1: 240e36cd5c2ffaf655913f8857f2d58b26394679
SHA256:9d5d51eb42081d6fc13f4dca6855cd30d098a5b1d0b06d5644a1342bd1e50a44
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress
CISA Known Exploited Vulnerability:
Product: IETF HTTP/2
Name: HTTP/2 Rapid Reset Attack Vulnerability
Date Added: 2023-10-10
Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2023-10-31
Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-transport-classes-kqueue-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-transport-classes-kqueue/4.1.94.Final/dbda5dfd64fadcf4f7028cad78ee3dc5115f01ea/netty-transport-classes-

kqueue-4.1.94.Final.jar
MD5: 41587089f255ec0179836c1b5ef9b7af
SHA1: dbda5dfd64fadcf4f7028cad78ee3dc5115f01ea
SHA256:339a066e988e770e038933484446ed6a6eac7c341d9ef476e9548a16f94fc886
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence
Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-transport-native-epoll-4.1.94.Final-linux-aarch_64.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-transport-native-epoll/4.1.94.Final/8150e269afb313a9b5b8d0494724b72602b7f0e5/netty-transport-native-epoll-

4.1.94.Final-linux-aarch_64.jar
MD5: c06cc86f48fbdfd0246f71f22e0b8a00
SHA1: 8150e269afb313a9b5b8d0494724b72602b7f0e5
SHA256:4c75d9cb253572281a4313fbbb3d5a92602d6acdfc95b7638fdca2790912e96f
Referenced In Projects/Scopes:
authentication-domain:runtimeClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-transport-native-epoll-4.1.94.Final-linux-x86_64.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-transport-native-epoll/4.1.94.Final/6e60c2cd22dc8856a33e5465ee4df19f287223dc/netty-transport-native-epoll-

4.1.94.Final-linux-x86_64.jar
MD5: 17a0beac0d3c565624bb5c34bf3c7047
SHA1: 6e60c2cd22dc8856a33e5465ee4df19f287223dc
SHA256:e25e0ef347f7850e6f3d8a6031d64b0edb06ba0e75533c36edb350d4defde5f3
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...
netty-transport-native-kqueue-4.1.94.Final-osx-aarch_64.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-transport-native-kqueue/4.1.94.Final/9989b4f7dd570ae9450e43b49eaed45245348710/netty-transport-native-

kqueue-4.1.94.Final-osx-aarch_64.jar
MD5: a39fa12a57d5a1472495f3cdb8f9ef7b
SHA1: 9989b4f7dd570ae9450e43b49eaed45245348710
SHA256:481803338ffc3507a7c19f1172e0be6b677e07445f310040ea8dff5d82efa5c4
Referenced In Projects/Scopes:
authentication-domain:runtimeClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-transport-native-kqueue-4.1.94.Final-osx-x86_64.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-transport-native-kqueue/4.1.94.Final/4671974882d73cf7a4f25e9b2f8e224c711a8212/netty-transport-native-kqueue-

4.1.94.Final-osx-x86_64.jar
MD5: 43a03ce701f2728a8ca04e4e01ddaf1e
SHA1: 4671974882d73cf7a4f25e9b2f8e224c711a8212
SHA256:ef5bd5faf8c2a8846fffc26ad3ca9bab4162e18f19e8fd5f77dfc6ad21ed1699
Referenced In Projects/Scopes:
authentication-domain:runtimeClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-transport-native-unix-common-4.1.94.Final.jar

Description:

Static library which contains common unix utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-transport-native-unix-common/4.1.94.Final/3fa5f9d04b6b782d869d6e0657d896eeadca5866/netty-transport-native-

unix-common-4.1.94.Final.jar
MD5: eff21db54e8454137f29330063ca4b49
SHA1: 3fa5f9d04b6b782d869d6e0657d896eeadca5866
SHA256:27d0dff1cd743190279becacfb372fe4d45b266edafad9f1c6c01b04d00280eb
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-transport-rxtx-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-transport-rxtx/4.1.94.Final/1770b1ac9361bea48cf3526c9edaf533eb63cd5f/netty-transport-rxtx-4.1.94.Final.jar

MD5: 0292ee05e771fd405b26ffd3911ca517
SHA1: 1770b1ac9361bea48cf3526c9edaf533eb63cd5f
SHA256:1f3b7a53c2aedd04cac94e67453db6823b2895cc80ace1d96a0831d6045508c1
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-transport-sctp-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-transport-sctp/4.1.94.Final/b729f2228e40c26bae3ae967315624058614d607/netty-transport-sctp-4.1.94.Final.jar

MD5: ec0b789aa8d0fefa566631678e73bc03
SHA1: b729f2228e40c26bae3ae967315624058614d607
SHA256:b734e8af39fd3da33a9d1cfb7bc7a093ffbc84a6c5df17f03a29bebd05e264bd
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress
Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

netty-transport-udt-4.1.94.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /root/.gradle/caches/modules-2/files-2.1/io.netty/netty-transport-udt/4.1.94.Final/4206d8ab8cdf909745948da7def674cf1bb94c9b/netty-transport-udt-4.1.94.Final.jar

MD5: 3700359871c6296d80adc7fb27670996
SHA1: 4206d8ab8cdf909745948da7def674cf1bb94c9b
SHA256:c8b1b0b5aecc9316b4a87e99cac26991a3e6f6bf7e38486ea8fe887415b132ff
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Identifiers

pkg:maven/io.netty/[email protected] (Confidence:High)
cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-44487 suppress

CISA Known Exploited Vulnerability:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in
August through October 2023.

CWE-400 Uncontrolled Resource Consumption

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:netty:netty:::::::: versions up to (excluding) 4.1.100

...

okio-jvm-2.8.0.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/com.squareup.okio/okio/2.8.0/49b64e09d81c0cc84b267edd0c2fd7df5a64c78c/okio-jvm-2.8.0.jar

MD5: 48756cee44c4f8403ebd07a8152ea5ba
SHA1: 49b64e09d81c0cc84b267edd0c2fd7df5a64c78c
SHA256:4496b06e73982fcdd8a5393f46e5df2ce2fa4465df5895454cac68a32f09bbc8
Referenced In Projects/Scopes:

authentication-domain:runtimeClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
Evidence

Identifiers

pkg:maven/com.squareup.okio/[email protected] (Confidence:Highest)
cpe:2.3:a:squareup:okio:2.8.0:*:*:*:*:*:*:* (Confidence:Low) suppress

Published Vulnerabilities

CVE-2023-3635 suppress

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling
a crafted GZIP archive, by using the GzipSource class.

CWE-195 Signed to Unsigned Conversion Error, CWE-681 Incorrect Conversion between Numeric Types

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:
OSSINDEX - [CVE-2023-3635] CWE-195: Signed to Unsigned Conversion Error
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3635
OSSIndex - https://github.com/square/okio/pull/1280
[email protected] - Exploit
[email protected] - Patch

Vulnerable Software & Versions: (show all)

cpe:2.3:a:squareup:okio:::::::: versions from (including) 2.0.0; versions up to (excluding) 3.4.0

...

protobuf-java-3.13.0.jar

Description:

Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
efficient yet extensible format.

License:

https://opensource.org/licenses/BSD-3-Clause

File Path: /root/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.13.0/c913f2b6021ca9606efba56d1a0d03e91e725e4c/protobuf-java-3.13.0.jar

MD5: 87b5e4213611578170e4ed61f8483dd5
SHA1: c913f2b6021ca9606efba56d1a0d03e91e725e4c
SHA256:97d5b2758408690c0dc276238707492a0b6a4d71206311b6c442cdc26c5973ff
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.config/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]

Evidence

Identifiers

pkg:maven/com.google.protobuf/[email protected] (Confidence:High)
cpe:2.3:a:google:protobuf-java:3.13.0:*:*:*:*:*:*:* (Confidence:Highest) suppress
cpe:2.3:a:protobuf:protobuf:3.13.0:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2022-3171 suppress

CWE-20 Improper Input Validation, NVD-CWE-noinfo

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:
OSSINDEX - [CVE-2022-3171] CWE-20: Improper Input Validation
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3171
OSSIndex - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48771
OSSIndex - https://github.com/advisories/GHSA-h4h5-3hr4-j3g2
OSSIndex - https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory

Vulnerable Software & Versions: (show all)

cpe:2.3:a:google:protobuf-java:::::::: versions up to (excluding) 3.16.3

...

CVE-2022-3509 (OSSINDEX) suppress

CWE-20 Improper Input Validation

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.google.protobuf:protobuf-java:3.13.0:*:*:*:*:*:*:*

CVE-2022-3510 (OSSINDEX) suppress

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to
a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted
back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2022-3510 for details

CWE-noinfo

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:
OSSINDEX - [CVE-2022-3510] CWE-noinfo
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3510
OSSIndex - https://github.com/advisories/GHSA-4gg5-vx3j-xwc7

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:com.google.protobuf:protobuf-java:3.13.0:*:*:*:*:*:*:*

CVE-2021-22569 suppress

NVD-CWE-noinfo, CWE-696 Incorrect Behavior Order

CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
Base Score: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:google:protobuf-java:::::::: versions up to (excluding) 3.16.1

...
reactor-netty-core-1.0.34.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/io.projectreactor.netty/reactor-netty-core/1.0.34/d9ddff8645c5fe55ecf8f52b720a9ac63cc36867/reactor-netty-core-1.0.34.jar

MD5: e1a9d76ca6f24faf9d5e2b2392e64938
SHA1: d9ddff8645c5fe55ecf8f52b720a9ac63cc36867
SHA256:c0b64e64011c9a65eca2ce4e85ba158cdbcb1388df2d692e59c8bb5718eb81e4
Referenced In Projects/Scopes:

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/io.projectreactor.netty/[email protected] (Confidence:Highest)

Published Vulnerabilities

CVE-2023-34054 (OSSINDEX) suppress

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may
cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.

CWE-noinfo

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:
OSSINDEX - [CVE-2023-34054] CWE-noinfo
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34054
OSSIndex - https://github.com/reactor/reactor-netty/issues/2930
OSSIndex - https://spring.io/security/cve-2023-34054

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:io.projectreactor.netty:reactor-netty-core:1.0.34:*:*:*:*:*:*:*

reactor-netty-http-1.0.34.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/io.projectreactor.netty/reactor-netty-http/1.0.34/f008216f72c90766c8772ab50644e7fa01ccad7a/reactor-netty-http-1.0.34.jar

MD5: 893d82c87bc979a3f690f5365fa58045
SHA1: f008216f72c90766c8772ab50644e7fa01ccad7a
SHA256:1dbf678fd7da0db5cb0245637cbfab3334562abf84dc669f1857dc2b940c65bc
Referenced In Projects/Scopes:

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/io.projectreactor.netty/[email protected] (Confidence:Highest)

Published Vulnerabilities

CVE-2023-34062 (OSSINDEX) suppress

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can
lead to a directory traversal attack.

Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:
OSSINDEX - [CVE-2023-34062] CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34062
OSSIndex - https://spring.io/security/cve-2023-34062

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:io.projectreactor.netty:reactor-netty-http:1.0.34:*:*:*:*:*:*:*

reactor-netty-http-brave-1.0.34.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/io.projectreactor.netty/reactor-netty-http-brave/1.0.34/a705882400ff32932f4116bf9fb6269f57af1ac2/reactor-netty-http-brave-

1.0.34.jar
MD5: dd107d9a70dc2f13e42b4a632f0b4ca3
SHA1: a705882400ff32932f4116bf9fb6269f57af1ac2
SHA256:1c6664e92a9412e78d105e2345c6e76641d9adc7c8cc7b8629390d0372d36cf8
Referenced In Projects/Scopes:

authentication-domain:runtimeClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Evidence

Identifiers

pkg:maven/io.projectreactor.netty/[email protected] (Confidence:Highest)
cpe:2.3:a:brave:brave:1.0.34:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2022-47932 suppress
Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is
caused by an incomplete fix for CVE-2022-47933.

NVD-CWE-Other

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
[email protected] - Exploit
[email protected] - Patch
[email protected] - Patch
[email protected] - Permissions Required

Vulnerable Software & Versions:

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.42.51

CVE-2022-47933 suppress

CWE-755 Improper Handling of Exceptional Conditions

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
[email protected] - Exploit
[email protected] - Issue Tracking
[email protected] - Patch
[email protected] - Patch
[email protected] - Permissions Required

Vulnerable Software & Versions:

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.42.51

CVE-2022-47934 suppress

NVD-CWE-Other

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
[email protected] - Exploit
[email protected] - Issue Tracking
[email protected] - Patch
[email protected] - Patch
[email protected] - Permissions Required

Vulnerable Software & Versions:

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.43.88

CVE-2021-22929 suppress

An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion
domains in tor.log.

CWE-532 Insertion of Sensitive Information into Log File, CWE-312 Cleartext Storage of Sensitive Information

CVSSv2:
Base Score: LOW (3.6)
Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:1.8/RC:R/MAV:A

References:
[email protected] - Exploit

Vulnerable Software & Versions:

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.28.62

CVE-2022-30334 suppress

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv2:
Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

References:
[email protected] - Exploit
[email protected] - Exploit
[email protected] - Issue Tracking
[email protected] - Vendor Advisory

Vulnerable Software & Versions:

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.34

CVE-2023-28360 suppress

NVD-CWE-Other, CWE-223 Omission of Security-relevant Information

CVSSv3:
Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A

References:
[email protected] - Third Party Advisory

Vulnerable Software & Versions:

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.48.171

snakeyaml-1.26.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /root/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.26/a78a8747147d2c5807683e76ec2b633e95c14fe9/snakeyaml-1.26.jar

MD5: 72d987f6193910b63c5e6881ab64da32
SHA1: a78a8747147d2c5807683e76ec2b633e95c14fe9
SHA256:d87d607e500885356c03c1cae61e8c2e05d697df8787d5aba13484c2eb76a844
Referenced In Projects/Scopes:
authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.ap.config/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]

Evidence

Identifiers

pkg:maven/org.yaml/[email protected] (Confidence:High)
cpe:2.3:a:snakeyaml_project:snakeyaml:1.26:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities
CVE-2022-25857 suppress

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:
OSSINDEX - [CVE-2022-25857] CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25857
OSSIndex - https://bitbucket.org/snakeyaml/snakeyaml/issues/525
[email protected] - Exploit
[email protected] - Exploit
[email protected] - Mailing List
[email protected] - Patch
[email protected] - Patch

Vulnerable Software & Versions:

cpe:2.3:a:snakeyaml_project:snakeyaml:::::::: versions up to (excluding) 1.31

CVE-2022-38749 suppress

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may
supply content that causes the parser to crash by stackoverflow.

CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
OSSINDEX - [CVE-2022-38749] CWE-787: Out-of-bounds Write
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38749
OSSIndex - https://bitbucket.org/snakeyaml/snakeyaml/issues/525
OSSIndex - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024
[email protected] - $enc.html($ref.name)
[email protected] - Mailing List
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory

Vulnerable Software & Versions:

cpe:2.3:a:snakeyaml_project:snakeyaml:::::::: versions up to (excluding) 1.31

CVE-2022-38751 suppress

CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
OSSINDEX - [CVE-2022-38751] CWE-787: Out-of-bounds Write
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38751
OSSIndex - https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039
OSSIndex - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039
[email protected] - $enc.html($ref.name)
[email protected] - Mailing List
[email protected] - Third Party Advisory
[email protected] - Third Party Advisory

Vulnerable Software & Versions:

cpe:2.3:a:snakeyaml_project:snakeyaml:::::::: versions up to (excluding) 1.31

CVE-2022-38752 suppress

CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
OSSINDEX - [CVE-2022-38752] CWE-787: Out-of-bounds Write
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38752
OSSIndex - https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081
OSSIndex - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081
OSSIndex - https://github.com/advisories/GHSA-9w3m-gqgf-c4p9
[email protected] - $enc.html($ref.name)
[email protected] - Permissions Required
[email protected] - Third Party Advisory

Vulnerable Software & Versions:

cpe:2.3:a:snakeyaml_project:snakeyaml:::::::: versions up to (excluding) 1.32

CVE-2022-41854 suppress

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker
may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
OSSINDEX - [CVE-2022-41854] CWE-121: Stack-based Buffer Overflow
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41854
OSSIndex - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - $enc.html($ref.name)
[email protected] - Exploit

Vulnerable Software & Versions:

cpe:2.3:a:snakeyaml_project:snakeyaml:::::::: versions up to (excluding) 1.32

CVE-2022-38750 suppress

CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
Base Score: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:
OSSINDEX - [CVE-2022-38750] CWE-787: Out-of-bounds Write
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38750
OSSIndex - https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027
OSSIndex - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027
[email protected] - $enc.html($ref.name)
[email protected] - Exploit
[email protected] - Exploit
[email protected] - Mailing List

Vulnerable Software & Versions:

cpe:2.3:a:snakeyaml_project:snakeyaml:::::::: versions up to (excluding) 1.31

spring-boot-2.7.14.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot/2.7.14/762261093a3e15388216c45d6a9ba7fdc022b74d/spring-boot-2.7.14.jar

MD5: 27db3c60450e880c2fe5a11975b10f31
SHA1: 762261093a3e15388216c45d6a9ba7fdc022b74d
SHA256:91c847d6ba6ce696d59c3f670093804d60f053094408cd5609b08927539cc078
Referenced In Projects/Scopes:

Included by:
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.ap.config/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]

Evidence
Identifiers

pkg:maven/org.springframework.boot/[email protected] (Confidence:Highest)
cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-34055 suppress

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service
(DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

* the application uses Spring MVC or Spring WebFlux

* org.springframework.boot:spring-boot-actuator��is on the classpath

NVD-CWE-noinfo

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
[email protected] - Vendor Advisory

Vulnerable Software & Versions: (show all)

cpe:2.3:a:vmware:spring_boot:::::::: versions from (including) 2.7.0; versions up to (including) 2.7.17

...

spring-boot-actuator-2.7.14.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-actuator/2.7.14/bf93f010b5dd65c8b1f59e00ffb2c551054b9994/spring-boot-actuator-

2.7.14.jar
MD5: b4b836fe3576de2cd278dd9f23d4a827
SHA1: bf93f010b5dd65c8b1f59e00ffb2c551054b9994
SHA256:e0274fdcea8a9ff2f3a9c01af06e47afe1932b2a178fbb07a254dff80a907766
Referenced In Projects/Scopes:

authentication-service:compileClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/org.springframework.boot/[email protected]

Evidence

Identifiers

pkg:maven/org.springframework.boot/[email protected] (Confidence:Highest)
cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-34055 suppress

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service
(DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

* the application uses Spring MVC or Spring WebFlux

* org.springframework.boot:spring-boot-actuator��is on the classpath

NVD-CWE-noinfo

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
OSSINDEX - [CVE-2023-34055] CWE-noinfo
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34055
OSSIndex - https://spring.io/security/cve-2023-34055
[email protected] - Vendor Advisory
Vulnerable Software & Versions: (show all)

cpe:2.3:a:vmware:spring_boot:::::::: versions from (including) 2.7.0; versions up to (including) 2.7.17

...

spring-boot-actuator-autoconfigure-2.7.14.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-actuator-autoconfigure/2.7.14/9656c83f01f04255967630d255709737bcb9eddd/spring-

boot-actuator-autoconfigure-2.7.14.jar
MD5: e9249e75720dc473b954ffbddcda00ae
SHA1: 9656c83f01f04255967630d255709737bcb9eddd
SHA256:048a59904b274ec4d670e1699c80ea16059e9cae361d895b64bbe366671dac4f
Referenced In Projects/Scopes:

authentication-service:compileClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/org.springframework.boot/[email protected]

Evidence

Identifiers

pkg:maven/org.springframework.boot/[email protected] (Confidence:Highest)
cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-34055 suppress

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service
(DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

* the application uses Spring MVC or Spring WebFlux

* org.springframework.boot:spring-boot-actuator��is on the classpath

NVD-CWE-noinfo

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:vmware:spring_boot:::::::: versions from (including) 2.7.0; versions up to (including) 2.7.17

...

spring-boot-autoconfigure-2.7.14.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-autoconfigure/2.7.14/4851957607f74fc4335858d66fb755f1b0c95006/spring-boot-

autoconfigure-2.7.14.jar
MD5: 977cf9c4e8324f078034e1ed66208d70
SHA1: 4851957607f74fc4335858d66fb755f1b0c95006
SHA256:f61fca5501bf06e3a188590cf626eb39c039c2093ebc74cadbe4454d7fed5c09
Referenced In Projects/Scopes:

Included by:
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]

Evidence

Identifiers

pkg:maven/org.springframework.boot/[email protected] (Confidence:Highest)
cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-34055 suppress

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service
(DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

* the application uses Spring MVC or Spring WebFlux

* org.springframework.boot:spring-boot-actuator��is on the classpath

NVD-CWE-noinfo

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
[email protected] - Vendor Advisory

Vulnerable Software & Versions: (show all)

cpe:2.3:a:vmware:spring_boot:::::::: versions from (including) 2.7.0; versions up to (including) 2.7.17

...

spring-boot-starter-2.7.14.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter/2.7.14/5506200907ff3c3458506a8e16866c684f28bdbd/spring-boot-starter-

2.7.14.jar
MD5: 513d7ab703943aa33204606100af0324
SHA1: 5506200907ff3c3458506a8e16866c684f28bdbd
SHA256:11c2055e11cc391878f6f72226c88dbb35d46e026f55756ff6be699ae2c63d4b
Referenced In Projects/Scopes:

Evidence

Identifiers

pkg:maven/org.springframework.boot/[email protected] (Confidence:Highest)
cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-34055 suppress

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service
(DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

* the application uses Spring MVC or Spring WebFlux

* org.springframework.boot:spring-boot-actuator��is on the classpath

NVD-CWE-noinfo

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
[email protected] - Vendor Advisory

Vulnerable Software & Versions: (show all)

cpe:2.3:a:vmware:spring_boot:::::::: versions from (including) 2.7.0; versions up to (including) 2.7.17

...

spring-boot-starter-actuator-2.7.14.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-actuator/2.7.14/dcc5491a40c192fdc0c649415eeb02a25e53c8/spring-boot-starter-

actuator-2.7.14.jar
MD5: 36687bdec627334444e5f3c2ed022f3b
SHA1: 00dcc5491a40c192fdc0c649415eeb02a25e53c8
SHA256:48e0619b4e69444a1b425e5b43b14d3792fe141c71e9e2b5bf2210b452184f2d
Referenced In Projects/Scopes:

authentication-service:compileClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]

Evidence

Identifiers

pkg:maven/org.springframework.boot/[email protected] (Confidence:Highest)
cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-34055 suppress
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service
(DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

* the application uses Spring MVC or Spring WebFlux

* org.springframework.boot:spring-boot-actuator��is on the classpath

NVD-CWE-noinfo

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:vmware:spring_boot:::::::: versions from (including) 2.7.0; versions up to (including) 2.7.17

...

spring-boot-starter-aop-2.7.14.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-aop/2.7.14/c4fb902f51ab09247de60c463761980d0d1a5888/spring-boot-starter-

aop-2.7.14.jar
MD5: d4039ed304b95328576220e8ccb3b9a3
SHA1: c4fb902f51ab09247de60c463761980d0d1a5888
SHA256:f1717a729dd1b12418f3ea21a71e2b09d57218978fa75ea7c2dc053301254530
Referenced In Projects/Scopes:

authentication-model:compileClasspath
authentication-domain:runtimeClasspath
authentication-service:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.iad.service.commons/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/org.springframework.boot/[email protected] (Confidence:Highest)
cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-34055 suppress

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service
(DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

* the application uses Spring MVC or Spring WebFlux

* org.springframework.boot:spring-boot-actuator��is on the classpath

NVD-CWE-noinfo

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:vmware:spring_boot:::::::: versions from (including) 2.7.0; versions up to (including) 2.7.17

...

spring-boot-starter-data-redis-2.7.14.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-data-redis/2.7.14/6b40d20d02b121dd9f21316582aabc860460f05/spring-boot-

starter-data-redis-2.7.14.jar
MD5: 4fb771615a839f05c4ad7a343a279590
SHA1: 06b40d20d02b121dd9f21316582aabc860460f05
SHA256:ff53b952c8358a0d8bd21b116bd43007f6c27727738437dbb1f2196e87cec1f5
Referenced In Projects/Scopes:

authentication-domain:runtimeClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/org.springframework.boot/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]

Evidence

Identifiers

pkg:maven/org.springframework.boot/[email protected] (Confidence:Highest)
cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-34055 suppress

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service
(DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

* the application uses Spring MVC or Spring WebFlux

* org.springframework.boot:spring-boot-actuator��is on the classpath

NVD-CWE-noinfo

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
[email protected] - Vendor Advisory

Vulnerable Software & Versions: (show all)

cpe:2.3:a:vmware:spring_boot:::::::: versions from (including) 2.7.0; versions up to (including) 2.7.17

...

spring-boot-starter-data-redis-reactive-2.7.14.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-data-redis-reactive/2.7.14/14ad68ff01962f31facd009266daae2e4dd0a03e/spring-

boot-starter-data-redis-reactive-2.7.14.jar
MD5: a278612c42f03cbb2e55683719ed9577
SHA1: 14ad68ff01962f31facd009266daae2e4dd0a03e
SHA256:077c199f2bd34c53b56c66ed65fdbc6ab7895f030bf082456a1ebea7293b261c
Referenced In Projects/Scopes:

authentication-domain:runtimeClasspath
authentication-domain:compileClasspath
authentication-model:runtimeClasspath
authentication-service:runtimeClasspath

Included by:
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]

Evidence

Identifiers

pkg:maven/org.springframework.boot/[email protected] (Confidence:Highest)
cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-34055 suppress

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service
(DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

* the application uses Spring MVC or Spring WebFlux

* org.springframework.boot:spring-boot-actuator��is on the classpath

NVD-CWE-noinfo

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:
[email protected] - Vendor Advisory

Vulnerable Software & Versions: (show all)

cpe:2.3:a:vmware:spring_boot:::::::: versions from (including) 2.7.0; versions up to (including) 2.7.17

...

spring-boot-starter-security-2.7.14.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-security/2.7.14/bfad63e7348a3f4d76b36c5ae87a5c582175a159/spring-boot-starter-

security-2.7.14.jar
MD5: 6219cb9a07b52ef4f9023a7b0a0e1315
SHA1: bfad63e7348a3f4d76b36c5ae87a5c582175a159
SHA256:a9327cb7e040b3e26a0a3056ca3e3068f1643f95605957e23e2ebf5aee6bcd10
Referenced In Projects/Scopes:

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/org.springframework.boot/[email protected] (Confidence:Highest)
cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities
CVE-2023-34055 suppress

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service
(DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

* the application uses Spring MVC or Spring WebFlux

* org.springframework.boot:spring-boot-actuator��is on the classpath

NVD-CWE-noinfo

CVSSv3:
Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

Vulnerable Software & Versions: (show all)

cpe:2.3:a:vmware:spring_boot:::::::: versions from (including) 2.7.0; versions up to (including) 2.7.17

...

spring-security-config-5.8.5.jar

File Path: /root/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-config/5.8.5/72778f3e788fb078ea85fdf838baa1ec818ddd6a/spring-security-config-

5.8.5.jar
MD5: 1ba8f87dab644d18033d86832b49e91f
SHA1: 72778f3e788fb078ea85fdf838baa1ec818ddd6a
SHA256:963d6384e0f86415d7948e75ae9afac9104a7344f0fa2150c4ddcb6c62cd33d8
Referenced In Projects/Scopes:

Included by:
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.services.authentication/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]
pkg:maven/com.apple.appeng.aluminum/[email protected]
pkg:maven/com.apple.ap.uss/[email protected]
pkg:maven/com.apple.appeng.aluminum.starters/[email protected]

Evidence

Identifiers

pkg:maven/org.springframework.security/[email protected] (Confidence:Highest)
cpe:2.3:a:pivotal_software:spring_security:5.8.5:*:*:*:*:*:*:* (Confidence:Highest) suppress
cpe:2.3:a:vmware:spring_security:5.8.5:*:*:*:*:*:*:* (Confidence:Highest) suppress

Published Vulnerabilities

CVE-2023-34042 (OSSINDEX) suppress

spring-security-config - Incorrect Permission Assignment for Critical Resource

CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv3:
Base Score: MEDIUM (4.099999904632568)
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N

References:
OSSINDEX - [CVE-2023-34042] CWE-732: Incorrect Permission Assignment for Critical Resource
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34042
OSSIndex - https://spring.io/security/cve-2023-34042
Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.springframework.security:spring-security-config:5.8.5:*:*:*:*:*:*:*

Suppressed Vulnerabilities

This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.

Terraform+Notes+PPT+27!02!2024+ +KPLABS
100% (1)
Terraform+Notes+PPT+27!02!2024+ +KPLABS
521 pages
Human Computer Interaction Solved Paper
No ratings yet
Human Computer Interaction Solved Paper
45 pages
BCA Course Book (AS PER NEP)
No ratings yet
BCA Course Book (AS PER NEP)
82 pages
introCTX Eng
No ratings yet
introCTX Eng
306 pages
Installation Instructions
No ratings yet
Installation Instructions
5 pages
Po Script
No ratings yet
Po Script
1 page
Sap C Cpi 2404 Dumps
No ratings yet
Sap C Cpi 2404 Dumps
11 pages
Editing and Graphics
No ratings yet
Editing and Graphics
36 pages
Devops Lab p5
No ratings yet
Devops Lab p5
6 pages
AMNA BUTT (SR - Software Engineer)
No ratings yet
AMNA BUTT (SR - Software Engineer)
4 pages
Path
No ratings yet
Path
1 page
Gopal Latest Resume
No ratings yet
Gopal Latest Resume
1 page
Microservices With GraphQL
No ratings yet
Microservices With GraphQL
25 pages
Question 2
No ratings yet
Question 2
1 page
Discover 25+ JDK Cli Tools - Java 30th Birthday Gift
No ratings yet
Discover 25+ JDK Cli Tools - Java 30th Birthday Gift
29 pages
Year 11 FINAL MARKSCHEME PAPER 1
No ratings yet
Year 11 FINAL MARKSCHEME PAPER 1
66 pages
Sharma 2020 Fall MISSM
No ratings yet
Sharma 2020 Fall MISSM
26 pages
Unit 1 MMA Notes
No ratings yet
Unit 1 MMA Notes
63 pages
Om Raj (2201331520123) Ses02
No ratings yet
Om Raj (2201331520123) Ses02
24 pages
Source Code Management Using Git & GitHub
No ratings yet
Source Code Management Using Git & GitHub
3 pages
12th Science Practical
No ratings yet
12th Science Practical
30 pages
AVEVAPIDInstall 122 SP2
No ratings yet
AVEVAPIDInstall 122 SP2
156 pages
Ci XG O4 Kaw 2 R 5 PTD 1721358648
No ratings yet
Ci XG O4 Kaw 2 R 5 PTD 1721358648
10 pages
Maven
No ratings yet
Maven
21 pages
Dependency
No ratings yet
Dependency
4 pages
BLC - Ex No 2
No ratings yet
BLC - Ex No 2
4 pages
Drools 6 Core Engine Deep Dive
No ratings yet
Drools 6 Core Engine Deep Dive
50 pages
Historique Spring
No ratings yet
Historique Spring
23 pages
Cinegy Air 12
No ratings yet
Cinegy Air 12
410 pages
Terraform Guide
No ratings yet
Terraform Guide
89 pages
Devops Lab Manual
No ratings yet
Devops Lab Manual
67 pages
New Text Document
No ratings yet
New Text Document
2 pages
Spring Security Reference
No ratings yet
Spring Security Reference
555 pages
Turețchi Gabriel
No ratings yet
Turețchi Gabriel
2 pages
Unit 2 - DO
No ratings yet
Unit 2 - DO
29 pages
Apicem Netwk Prog-Wolverine-1587795492
No ratings yet
Apicem Netwk Prog-Wolverine-1587795492
1,928 pages
Jars 1
No ratings yet
Jars 1
4 pages
Build Push - Yml
No ratings yet
Build Push - Yml
4 pages
BUILDING
No ratings yet
BUILDING
14 pages
Apicem - Ipam Hulk 1684903275
No ratings yet
Apicem - Ipam Hulk 1684903275
1,332 pages
Apicem - Ipam Magneto 1599240566
No ratings yet
Apicem - Ipam Magneto 1599240566
1,306 pages
Senna MC mp4/4
No ratings yet
Senna MC mp4/4
5 pages
Apicem - Ipam Shockwave 1620834597
No ratings yet
Apicem - Ipam Shockwave 1620834597
942 pages
BungeeFoundation Pom - XML File
No ratings yet
BungeeFoundation Pom - XML File
2 pages
Releaselog-20240912 2
No ratings yet
Releaselog-20240912 2
6 pages
Backing Up Data - Tar and Rsync: Tsa2151 System Administration & Maintenance LAB 12
No ratings yet
Backing Up Data - Tar and Rsync: Tsa2151 System Administration & Maintenance LAB 12
2 pages
Confluent Certified Developer for Apache Kafka® Exam kit
From Everand
Confluent Certified Developer for Apache Kafka® Exam kit
PRIYANKA
No ratings yet
Azure For Starters
From Everand
Azure For Starters
Chinmoy Mukherjee
No ratings yet
Course Code: MCSL-016 Course Title: Internet Concepts and Web Design (Lab Course) Assignment Number: MCA (1) /016/assign/2020
No ratings yet
Course Code: MCSL-016 Course Title: Internet Concepts and Web Design (Lab Course) Assignment Number: MCA (1) /016/assign/2020
14 pages
Dependencies Upgrade For Java 21 of The New Centery Project
No ratings yet
Dependencies Upgrade For Java 21 of The New Centery Project
21 pages
Tibco Hawk SNMP Adapter: Installation
No ratings yet
Tibco Hawk SNMP Adapter: Installation
30 pages
Spring Boot Maven Plugin Reference
No ratings yet
Spring Boot Maven Plugin Reference
108 pages
MVC - Posting Form To Different MVC Post Action Depending On The Clicked Submit Button - Stack Overflow
No ratings yet
MVC - Posting Form To Different MVC Post Action Depending On The Clicked Submit Button - Stack Overflow
6 pages
Application Software Installation Guides
No ratings yet
Application Software Installation Guides
6 pages
Proguard Parent 6 0 3
No ratings yet
Proguard Parent 6 0 3
3 pages
DevOps. How to build pipelines with Jenkins, Docker container, AWS ECS, JDK 11, git and maven 3?
From Everand
DevOps. How to build pipelines with Jenkins, Docker container, AWS ECS, JDK 11, git and maven 3?
John Edward Cooper Berg
No ratings yet
DEPENDENCIES
No ratings yet
DEPENDENCIES
1 page
Maven Spring Project
No ratings yet
Maven Spring Project
10 pages
Maven POM
No ratings yet
Maven POM
9 pages
How To Land A Software Engineering Job
No ratings yet
How To Land A Software Engineering Job
19 pages
Gradlew of Resources
No ratings yet
Gradlew of Resources
43 pages
Kanca Portal
No ratings yet
Kanca Portal
15 pages
Module 3 EMPOWERMENT TECHNOLOGY
No ratings yet
Module 3 EMPOWERMENT TECHNOLOGY
36 pages
Matric Tech Class 9th IoT Software Development - 2
No ratings yet
Matric Tech Class 9th IoT Software Development - 2
181 pages
Bucketprocessor
No ratings yet
Bucketprocessor
6 pages
Tài Liệu Không Có Tiêu Đề
No ratings yet
Tài Liệu Không Có Tiêu Đề
3 pages
Tutorial JSF
No ratings yet
Tutorial JSF
7 pages
Getting started with Spring Framework: A Hands-on Guide to Begin Developing Applications Using Spring Framework
From Everand
Getting started with Spring Framework: A Hands-on Guide to Begin Developing Applications Using Spring Framework
Ashish Sarin
4.5/5 (2)
DevEx Technical Test
No ratings yet
DevEx Technical Test
13 pages
Forge Installer Patched - Jar
No ratings yet
Forge Installer Patched - Jar
2 pages
HTML
No ratings yet
HTML
14 pages
Jenkinsfile
No ratings yet
Jenkinsfile
2 pages
Spring Data JPA + JSF + Maven + MySQL Using Eclipse IDE - Simple Example To Start With
No ratings yet
Spring Data JPA + JSF + Maven + MySQL Using Eclipse IDE - Simple Example To Start With
22 pages
Maven Command
100% (1)
Maven Command
1 page
Marshalsec
No ratings yet
Marshalsec
31 pages
JAVASCRIPT FRONT END PROGRAMMING: Crafting Dynamic and Interactive User Interfaces with JavaScript (2024 Guide for Beginners)
From Everand
JAVASCRIPT FRONT END PROGRAMMING: Crafting Dynamic and Interactive User Interfaces with JavaScript (2024 Guide for Beginners)
DAISY JOHNSTON
No ratings yet
Convert Thai Udf
No ratings yet
Convert Thai Udf
2 pages
Service Build
No ratings yet
Service Build
2 pages
Pom XML
No ratings yet
Pom XML
9 pages
New Text Document
No ratings yet
New Text Document
3 pages
How to a Developers Guide to 4k: Developer edition, #3
From Everand
How to a Developers Guide to 4k: Developer edition, #3
Xinc Cyberwizard
No ratings yet
SSLCertificat Install Steps Linux
No ratings yet
SSLCertificat Install Steps Linux
5 pages
Minecraft Forge Log Sample
No ratings yet
Minecraft Forge Log Sample
4 pages
Como Baixar o Forge
No ratings yet
Como Baixar o Forge
3 pages
Base Exercises-00 Intro
No ratings yet
Base Exercises-00 Intro
4 pages
Maven Installation, Setup and Deployment
No ratings yet
Maven Installation, Setup and Deployment
12 pages
Eclipse Object DB Spring MVC
No ratings yet
Eclipse Object DB Spring MVC
26 pages
Spring MVC Hibernate MySQL Integration CRUD Example Tutorial
No ratings yet
Spring MVC Hibernate MySQL Integration CRUD Example Tutorial
17 pages
Spring Data JPA + JSF + Maven + MySQL Using Eclipse IDE
No ratings yet
Spring Data JPA + JSF + Maven + MySQL Using Eclipse IDE
22 pages
Spring MVC With Hibernate and Postgresql
No ratings yet
Spring MVC With Hibernate and Postgresql
45 pages

Dependency-Check Report-7-DIC-23

Uploaded by

Dependency-Check Report-7-DIC-23

Uploaded by

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false

Project: root project 'unified-authentication'

Scan Information (show all):

Dependency Vulnerability IDs Package

aws-java-sdk-core-1.11.921.jar cpe:2.3:a:amazon:aws-sdk-java:1.11.921:*:*:*:*:*:*:* pkg:maven/com.amazonaws/aws-java-sdk-

aws-java-sdk-kms-1.11.921.jar cpe:2.3:a:amazon:aws-sdk-java:1.11.921:*:*:*:*:*:*:* pkg:maven/com.amazonaws/aws-java-sdk-

aws-java-sdk-s3-1.11.921.jar cpe:2.3:a:amazon:aws-sdk-java:1.11.921:*:*:*:*:*:*:* pkg:maven/com.amazonaws/[email protected]

aws-java-sdk-sts-1.11.921.jar cpe:2.3:a:amazon:aws-sdk-java:1.11.921:*:*:*:*:*:*:* pkg:maven/com.amazonaws/aws-java-sdk-

bcprov-jdk15on-1.68.jar cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.68:*:*:*:*:*:*:* pkg:maven/org.bouncycastle/[email protected]

brave-instrumentation-mongodb-5.13.9.jar cpe:2.3:a:brave:brave:5.13.9:*:*:*:*:*:*:* pkg:maven/io.zipkin.brave/brave-instrumentation-

brave-opentracing-0.37.4.jar cpe:2.3:a:brave:brave:0.37.4:*:*:*:*:*:*:* pkg:maven/io.opentracing.brave/brave-

commons-io-2.5.jar cpe:2.3:a:apache:commons_io:2.5:*:*:*:*:*:*:* pkg:maven/commons-io/[email protected]

guava-25.1-jre.jar cpe:2.3:a:google:guava:25.1:*:*:*:*:*:*:* pkg:maven/com.google.guava/[email protected]

jackson-databind-2.13.5.jar cpe:2.3:a:fasterxml:jackson-databind:2.13.5:*:*:*:*:*:*:* pkg:maven/com.fasterxml.jackson.core/jackson-

jmespath-java-1.11.921.jar cpe:2.3:a:amazon:aws-sdk-java:1.11.921:*:*:*:*:*:*:* pkg:maven/com.amazonaws/[email protected]

json-20220320.jar cpe:2.3:a:json-java_project:json-java:20220320:*:*:*:*:*:*:* pkg:maven/org.json/json@20220320

massilia-client-shadowed-1.6.0.21.8- cpe:2.3:a:amazon:aws-sdk-java:1.11.615:*:*:*:*:*:*:* pkg:maven/com.amazonaws/aws-java-sdk-

massilia-client-shadowed-1.6.0.21.8- cpe:2.3:a:amazon:aws-sdk-java:1.11.615:*:*:*:*:*:*:* pkg:maven/com.amazonaws/[email protected]

massilia-client-shadowed-1.6.0.21.8- cpe:2.3:a:fasterxml:jackson-databind:2.14.1:*:*:*:*:*:*:* pkg:maven/com.fasterxml.jackson.core/jackson-

massilia-client-shadowed-1.6.0.21.8- cpe:2.3:a:google:protobuf-java:2.5.0:*:*:*:*:*:*:* pkg:maven/com.google.protobuf/[email protected]

massilia-client-shadowed-1.6.0.21.8- cpe:2.3:a:apache:httpclient:4.4.1:*:*:*:*:*:*:* pkg:maven/org.apache.httpcomponents/[email protected]

netty-all-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-buffer-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-codec-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-codec-haproxy-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-codec-http-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-codec-http2-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-codec-memcache-4.1.94.Final.jar cpe:2.3:a:memcache_project:memcache:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/netty-codec-

netty-codec-mqtt-4.1.94.Final.jar cpe:2.3:a:mqtt:mqtt:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-codec-redis-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-codec-smtp-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-codec-socks-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-codec-stomp-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-codec-xml-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-common-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-handler-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-handler-proxy-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-handler-ssl-ocsp-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-resolver-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-resolver-dns-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-resolver-dns-classes-macos- cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/netty-resolver-dns-classes-

netty-resolver-dns-native-macos- cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/netty-resolver-dns-native-

netty-resolver-dns-native-macos- cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/netty-resolver-dns-native-

netty-transport-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-transport-classes-epoll-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/netty-transport-classes-

netty-transport-classes-kqueue- cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/netty-transport-classes-

netty-transport-native-epoll-4.1.94.Final- cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/netty-transport-native-

netty-transport-native-epoll-4.1.94.Final- cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/netty-transport-native-

netty-transport-native-kqueue-4.1.94.Final- cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/netty-transport-native-

netty-transport-native-kqueue-4.1.94.Final- cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/netty-transport-native-

netty-transport-native-unix-common- cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/netty-transport-native-unix-

netty-transport-rxtx-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-transport-sctp-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

netty-transport-udt-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:*:*:*:*:*:*:* pkg:maven/io.netty/[email protected]

okio-jvm-2.8.0.jar cpe:2.3:a:squareup:okio:2.8.0:*:*:*:*:*:*:* pkg:maven/com.squareup.okio/[email protected]

protobuf-java-3.13.0.jar cpe:2.3:a:google:protobuf-java:3.13.0:*:*:*:*:*:*:* pkg:maven/com.google.protobuf/[email protected]

reactor-netty-http-brave-1.0.34.jar cpe:2.3:a:brave:brave:1.0.34:*:*:*:*:*:*:* pkg:maven/io.projectreactor.netty/reactor-netty-http-

snakeyaml-1.26.jar cpe:2.3:a:snakeyaml_project:snakeyaml:1.26:*:*:*:*:*:*:* pkg:maven/org.yaml/[email protected]

spring-boot-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* pkg:maven/org.springframework.boot/spring-

spring-boot-actuator-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* pkg:maven/org.springframework.boot/spring-boot-

spring-boot-actuator-autoconfigure- cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* pkg:maven/org.springframework.boot/spring-boot-

spring-boot-autoconfigure-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* pkg:maven/org.springframework.boot/spring-boot-

spring-boot-starter-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* pkg:maven/org.springframework.boot/spring-boot-

spring-boot-starter-aop-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* pkg:maven/org.springframework.boot/spring-boot-

spring-boot-starter-data-redis-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* pkg:maven/org.springframework.boot/spring-boot-

spring-boot-starter-data-redis-reactive- cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* pkg:maven/org.springframework.boot/spring-boot-

spring-boot-starter-security-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:*:*:*:*:*:*:* pkg:maven/org.springframework.boot/spring-boot-

spring-security-config-5.8.5.jar cpe:2.3:a:pivotal_software:spring_security:5.8.5:*:*:*:*:*:*:* pkg:maven/org.springframework.security/spring-

* indicates the dependency has a known exploited vulnerability

File Path: /root/.gradle/caches/modules-2/files-2.1/com.amazonaws/aws-java-sdk-core/1.11.921/fa040675a9a2d1ea78dcce8b24ed4ba7219765b8/aws-java-sdk-core-1.11.921.jar

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Vulnerable Software & Versions:

cpe:2.3:a:amazon:aws-sdk-java:*:*:*:*:*:*:*:* versions up to (including) 1.12.260

File Path: /root/.gradle/caches/modules-2/files-2.1/com.amazonaws/aws-java-sdk-kms/1.11.921/5aa22c983fddf7274127006c614a4ca35a643b59/aws-java-sdk-kms-1.11.921.jar

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Vulnerable Software & Versions:

aws-java-sdk-core-1.11.921.jar cpe:2.3:a:amazon:aws-sdk-java:1.11.921:::::::* pkg:maven/com.amazonaws/aws-java-sdk-

aws-java-sdk-kms-1.11.921.jar cpe:2.3:a:amazon:aws-sdk-java:1.11.921:::::::* pkg:maven/com.amazonaws/aws-java-sdk-

aws-java-sdk-s3-1.11.921.jar cpe:2.3:a:amazon:aws-sdk-java:1.11.921:::::::* pkg:maven/com.amazonaws/[email protected]

aws-java-sdk-sts-1.11.921.jar cpe:2.3:a:amazon:aws-sdk-java:1.11.921:::::::* pkg:maven/com.amazonaws/aws-java-sdk-

bcprov-jdk15on-1.68.jar cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.68:::::::* pkg:maven/org.bouncycastle/[email protected]

brave-instrumentation-mongodb-5.13.9.jar cpe:2.3:a:brave:brave:5.13.9:::::::* pkg:maven/io.zipkin.brave/brave-instrumentation-

brave-opentracing-0.37.4.jar cpe:2.3:a:brave:brave:0.37.4:::::::* pkg:maven/io.opentracing.brave/brave-

commons-io-2.5.jar cpe:2.3:a:apache:commons_io:2.5:::::::* pkg:maven/commons-io/[email protected]

guava-25.1-jre.jar cpe:2.3:a:google:guava:25.1:::::::* pkg:maven/com.google.guava/[email protected]

jackson-databind-2.13.5.jar cpe:2.3:a:fasterxml:jackson-databind:2.13.5:::::::* pkg:maven/com.fasterxml.jackson.core/jackson-

jmespath-java-1.11.921.jar cpe:2.3:a:amazon:aws-sdk-java:1.11.921:::::::* pkg:maven/com.amazonaws/[email protected]

json-20220320.jar cpe:2.3:a:json-java_project:json-java:20220320:::::::* pkg:maven/org.json/json@20220320

massilia-client-shadowed-1.6.0.21.8- cpe:2.3:a:amazon:aws-sdk-java:1.11.615:::::::* pkg:maven/com.amazonaws/aws-java-sdk-

massilia-client-shadowed-1.6.0.21.8- cpe:2.3:a:amazon:aws-sdk-java:1.11.615:::::::* pkg:maven/com.amazonaws/[email protected]

massilia-client-shadowed-1.6.0.21.8- cpe:2.3:a:fasterxml:jackson-databind:2.14.1:::::::* pkg:maven/com.fasterxml.jackson.core/jackson-

massilia-client-shadowed-1.6.0.21.8- cpe:2.3:a:google:protobuf-java:2.5.0:::::::* pkg:maven/com.google.protobuf/[email protected]

massilia-client-shadowed-1.6.0.21.8- cpe:2.3:a:apache:httpclient:4.4.1:::::::* pkg:maven/org.apache.httpcomponents/[email protected]

netty-all-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-buffer-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-haproxy-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-http-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-http2-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-memcache-4.1.94.Final.jar cpe:2.3:a:memcache_project:memcache:4.1.94:::::::* pkg:maven/io.netty/netty-codec-

netty-codec-mqtt-4.1.94.Final.jar cpe:2.3:a:mqtt:mqtt:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-redis-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-smtp-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-socks-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-stomp-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-codec-xml-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-common-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-handler-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-handler-proxy-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-handler-ssl-ocsp-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-resolver-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-resolver-dns-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-resolver-dns-classes-macos- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-resolver-dns-classes-

netty-resolver-dns-native-macos- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-resolver-dns-native-

netty-resolver-dns-native-macos- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-resolver-dns-native-

netty-transport-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-transport-classes-epoll-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-transport-classes-

netty-transport-classes-kqueue- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-transport-classes-

netty-transport-native-epoll-4.1.94.Final- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-transport-native-

netty-transport-native-epoll-4.1.94.Final- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-transport-native-

netty-transport-native-kqueue-4.1.94.Final- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-transport-native-

netty-transport-native-kqueue-4.1.94.Final- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-transport-native-

netty-transport-native-unix-common- cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/netty-transport-native-unix-

netty-transport-rxtx-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-transport-sctp-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

netty-transport-udt-4.1.94.Final.jar cpe:2.3:a:netty:netty:4.1.94:::::::* pkg:maven/io.netty/[email protected]

okio-jvm-2.8.0.jar cpe:2.3:a:squareup:okio:2.8.0:::::::* pkg:maven/com.squareup.okio/[email protected]

protobuf-java-3.13.0.jar cpe:2.3:a:google:protobuf-java:3.13.0:::::::* pkg:maven/com.google.protobuf/[email protected]

reactor-netty-http-brave-1.0.34.jar cpe:2.3:a:brave:brave:1.0.34:::::::* pkg:maven/io.projectreactor.netty/reactor-netty-http-

snakeyaml-1.26.jar cpe:2.3:a:snakeyaml_project:snakeyaml:1.26:::::::* pkg:maven/org.yaml/[email protected]

spring-boot-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-

spring-boot-actuator-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

spring-boot-actuator-autoconfigure- cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

spring-boot-autoconfigure-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

spring-boot-starter-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

spring-boot-starter-aop-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

spring-boot-starter-data-redis-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

spring-boot-starter-data-redis-reactive- cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

spring-boot-starter-security-2.7.14.jar cpe:2.3:a:vmware:spring_boot:2.7.14:::::::* pkg:maven/org.springframework.boot/spring-boot-

spring-security-config-5.8.5.jar cpe:2.3:a:pivotal_software:spring_security:5.8.5:::::::* pkg:maven/org.springframework.security/spring-

cpe:2.3:a:amazon:aws-sdk-java:::::::: versions up to (including) 1.12.260

cpe:2.3:a:amazon:aws-sdk-java:::::::: versions up to (including) 1.12.260

cpe:2.3:a:amazon:aws-sdk-java:::::::: versions up to (including) 1.12.260

cpe:2.3:a:amazon:aws-sdk-java:::::::: versions up to (including) 1.12.260

cpe:2.3:a:bouncycastle:bouncy_castle_for_java:::::::: versions up to (excluding) 1.73

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.42.51

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.42.51

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.43.88

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.28.62

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.34

cpe:2.3:a:brave:brave:::::::: versions up to (excluding) 1.48.171

cpe:2.3:a:google:guava:::::::: versions up to (excluding) 32.0.0

cpe:2.3:a:google:guava:::::::: versions up to (excluding) 32.0.0

cpe:2.3:a:fasterxml:jackson-databind:::::::: versions up to (including) 2.15.2

cpe:2.3:a:amazon:aws-sdk-java:::::::: versions up to (including) 1.12.260