Dependency-Check Vulnerability Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

About The Vulnerability Report | Getting Help: google group | github issues

This report is intended to be a quick summary of findings. It is highly recommended that you use the full HTML report to determine if any false positives have been reported. Additionally, the HTML report provides many features not found in the vulnerability report.

Vulnerability Report for apache-nutch

Report Generated On: Oct 23, 2018 at 14:47:44 +02:00

Dependencies Scanned: 751
Vulnerable Dependencies: 49

Vulnerable Dependencies

NAME	CWE	Severity (CVSS)	Dependency
CVE-2015-3250	CWE-200 Information Exposure	Medium(5.0)	api-util-1.0.0-M20.jar
CVE-2017-17689	CWE-310 Cryptographic Issues	Medium(4.3)	closure-compiler-v20130603.jar
CVE-2014-0114	CWE-20 Improper Input Validation	High(7.5)	commons-beanutils-1.7.0.jar
CVE-2014-0114	CWE-20 Improper Input Validation	High(7.5)	commons-beanutils-core-1.8.0.jar
CVE-2014-0085	CWE-255 Credentials Management	Low(2.1)	curator-framework-2.7.1.jar
CVE-2016-5017	CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer	Medium(6.8)	curator-framework-2.7.1.jar
CVE-2018-8012	CWE-285 Improper Authorization	Medium(5.0)	curator-framework-2.7.1.jar
CVE-2018-8039	CWE-254 7PK - Security Features	Medium(6.8)	cxf-core-3.1.15.jar cxf-rt-ws-addr-3.1.15.jar cxf-rt-transports-http-jetty-3.1.15.jar cxf-rt-frontend-jaxrs-3.1.15.jar cxf-rt-databinding-jaxb-3.1.15.jar cxf-rt-ws-policy-3.1.15.jar cxf-rt-wsdl-3.1.15.jar cxf-rt-bindings-xml-3.1.15.jar cxf-rt-transports-http-3.1.15.jar cxf-rt-bindings-soap-3.1.15.jar cxf-rt-frontend-jaxws-3.1.15.jar cxf-rt-frontend-simple-3.1.15.jar
CVE-2018-10054	CWE-20 Improper Input Validation	Medium(6.5)	h2-1.4.197.jar
CVE-2018-14335	CWE-275 Permission Issues	Medium(4.0)	h2-1.4.197.jar
CVE-2014-0229	CWE-264 Permissions, Privileges, and Access Controls	Medium(4.0)	hadoop-client-2.2.0.jar hadoop-mapreduce-client-app-2.2.0.jar
CVE-2014-3627	CWE-59 Improper Link Resolution Before File Access ('Link Following')	Medium(5.0)	hadoop-client-2.2.0.jar hadoop-mapreduce-client-app-2.2.0.jar
CVE-2016-5001	CWE-200 Information Exposure	Low(2.1)	hadoop-client-2.2.0.jar hadoop-mapreduce-client-app-2.2.0.jar
CVE-2016-6811	CWE-264 Permissions, Privileges, and Access Controls	High(9.0)	hadoop-client-2.2.0.jar hadoop-mapreduce-client-app-2.2.0.jar
CVE-2017-15713	CWE-200 Information Exposure	Medium(4.0)	hadoop-client-2.2.0.jar hadoop-mapreduce-client-app-2.2.0.jar
CVE-2017-3161	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	hadoop-client-2.2.0.jar hadoop-mapreduce-client-app-2.2.0.jar
CVE-2017-3162	CWE-20 Improper Input Validation	High(7.5)	hadoop-client-2.2.0.jar hadoop-mapreduce-client-app-2.2.0.jar
CVE-2017-15718	CWE-255 Credentials Management	Medium(5.0)	hadoop-mapreduce-client-core-2.7.4.jar hadoop-hdfs-2.7.4.jar hadoop-common-2.7.4.jar hadoop-yarn-client-2.7.4.jar hadoop-mapreduce-client-jobclient-2.7.4.jar hadoop-yarn-api-2.7.4.jar hadoop-auth-2.7.4.jar hadoop-yarn-server-common-2.7.4.jar hadoop-mapreduce-client-common-2.7.4.jar hadoop-yarn-server-nodemanager-2.7.4.jar hadoop-annotations-2.7.4.jar hadoop-yarn-common-2.7.4.jar hadoop-mapreduce-client-shuffle-2.7.4.jar
CVE-2011-4461	CWE-310 Cryptographic Issues	Medium(5.0)	jetty-6.1.26.jar jetty-sslengine-6.1.26.jar jetty-util-6.1.26.jar
CVE-2017-7656	CWE-284 Improper Access Control	Medium(5.0)	jetty-http-9.2.22.v20170606.jar jetty-continuation-9.2.22.v20170606.jar jetty-server-9.2.22.v20170606.jar jetty-util-9.2.22.v20170606.jar jetty-security-9.2.22.v20170606.jar
CVE-2017-7657	CWE-190 Integer Overflow or Wraparound	High(7.5)	jetty-http-9.2.22.v20170606.jar jetty-continuation-9.2.22.v20170606.jar jetty-server-9.2.22.v20170606.jar jetty-util-9.2.22.v20170606.jar jetty-security-9.2.22.v20170606.jar
CVE-2017-7658	CWE-19 Data Processing Errors	High(7.5)	jetty-http-9.2.22.v20170606.jar jetty-continuation-9.2.22.v20170606.jar jetty-server-9.2.22.v20170606.jar jetty-util-9.2.22.v20170606.jar jetty-security-9.2.22.v20170606.jar
CVE-2017-9735	CWE-200 Information Exposure	Medium(5.0)	jetty-http-9.2.22.v20170606.jar jetty-continuation-9.2.22.v20170606.jar jetty-server-9.2.22.v20170606.jar jetty-util-9.2.22.v20170606.jar jetty-security-9.2.22.v20170606.jar
CVE-2014-0193	CWE-399 Resource Management Errors	Medium(5.0)	netty-3.6.2.Final.jar
CVE-2014-3488	CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer	Medium(5.0)	netty-3.6.2.Final.jar
CVE-2015-2156	CWE-20 Improper Input Validation	Medium(4.3)	netty-3.6.2.Final.jar
CVE-2015-2156	CWE-20 Improper Input Validation	Medium(4.3)	netty-all-4.0.23.Final.jar
CVE-2016-4970		High(7.8)	netty-all-4.0.23.Final.jar
CVE-2015-5237	CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer	Medium(6.5)	protobuf-java-2.5.0.jar protobuf-java-2.5.0.jar
CVE-2005-3747	CWE-200 Information Exposure	Medium(5.0)	servlet-api-2.5-20081211.jar
CVE-2007-5615	CWE-94 Improper Control of Generation of Code ('Code Injection')	Medium(5.0)	servlet-api-2.5-20081211.jar
CVE-2009-1523	CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	Medium(5.0)	servlet-api-2.5-20081211.jar
CVE-2009-1524	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	servlet-api-2.5-20081211.jar
CVE-2011-4461	CWE-310 Cryptographic Issues	Medium(5.0)	servlet-api-2.5-20081211.jar
CVE-2015-5211	CWE-20 Improper Input Validation	High(9.3)	spring-core-4.0.9.RELEASE.jar spring-beans-4.0.9.RELEASE.jar spring-aop-4.0.9.RELEASE.jar spring-expression-4.0.9.RELEASE.jar spring-context-4.0.9.RELEASE.jar spring-web-4.0.9.RELEASE.jar
CVE-2016-5007	CWE-264 Permissions, Privileges, and Access Controls	Medium(5.0)	spring-core-4.0.9.RELEASE.jar spring-beans-4.0.9.RELEASE.jar spring-aop-4.0.9.RELEASE.jar spring-expression-4.0.9.RELEASE.jar spring-context-4.0.9.RELEASE.jar spring-web-4.0.9.RELEASE.jar
CVE-2018-1270	CWE-358 Improperly Implemented Security Check for Standard	High(7.5)	spring-core-4.0.9.RELEASE.jar spring-beans-4.0.9.RELEASE.jar spring-aop-4.0.9.RELEASE.jar spring-expression-4.0.9.RELEASE.jar spring-context-4.0.9.RELEASE.jar spring-web-4.0.9.RELEASE.jar
CVE-2018-1271	CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	Medium(4.3)	spring-core-4.0.9.RELEASE.jar spring-beans-4.0.9.RELEASE.jar spring-aop-4.0.9.RELEASE.jar spring-expression-4.0.9.RELEASE.jar spring-context-4.0.9.RELEASE.jar spring-web-4.0.9.RELEASE.jar
CVE-2018-1272	CWE-264 Permissions, Privileges, and Access Controls	Medium(6.0)	spring-core-4.0.9.RELEASE.jar spring-beans-4.0.9.RELEASE.jar spring-aop-4.0.9.RELEASE.jar spring-expression-4.0.9.RELEASE.jar spring-context-4.0.9.RELEASE.jar spring-web-4.0.9.RELEASE.jar
CVE-2014-7808	CWE-310 Cryptographic Issues	Medium(5.0)	wicket-core-6.17.0.jar wicket-spring-6.17.0.jar wicket-ioc-6.17.0.jar wicket-util-6.17.0.jar wicket-request-6.17.0.jar
CVE-2015-5347	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	wicket-core-6.17.0.jar wicket-spring-6.17.0.jar wicket-ioc-6.17.0.jar wicket-util-6.17.0.jar wicket-request-6.17.0.jar
CVE-2015-7520	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	wicket-core-6.17.0.jar wicket-spring-6.17.0.jar wicket-ioc-6.17.0.jar wicket-util-6.17.0.jar wicket-request-6.17.0.jar
CVE-2016-6793	CWE-502 Deserialization of Untrusted Data	Medium(6.4)	wicket-core-6.17.0.jar wicket-spring-6.17.0.jar wicket-ioc-6.17.0.jar wicket-util-6.17.0.jar wicket-request-6.17.0.jar
CVE-2014-0043	CWE-200 Information Exposure	Medium(5.0)	wicket-extensions-6.13.0.jar
CVE-2014-3526	CWE-200 Information Exposure	Medium(5.0)	wicket-extensions-6.13.0.jar
CVE-2014-7808	CWE-310 Cryptographic Issues	Medium(5.0)	wicket-extensions-6.13.0.jar
CVE-2015-5347	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	wicket-extensions-6.13.0.jar
CVE-2015-7520	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	wicket-extensions-6.13.0.jar
CVE-2016-6793	CWE-502 Deserialization of Untrusted Data	Medium(6.4)	wicket-extensions-6.13.0.jar
CVE-2012-0881	CWE-399 Resource Management Errors	High(7.8)	xercesImpl-2.11.0.jar xercesImpl-2.11.0.jar xercesImpl-2.11.0.jar xercesImpl-2.11.0.jar
CVE-2014-0085	CWE-255 Credentials Management	Low(2.1)	zookeeper-3.4.6.jar
CVE-2016-5017	CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer	Medium(6.8)	zookeeper-3.4.6.jar
CVE-2017-5637	CWE-399 Resource Management Errors	Medium(5.0)	zookeeper-3.4.6.jar
CVE-2018-8012	CWE-285 Improper Authorization	Medium(5.0)	zookeeper-3.4.6.jar
CVE-2005-1260		Medium(5.0)	bzip2-0.9.1.jar bzip2-0.9.1.jar
CVE-2010-0405	CWE-189 Numeric Errors	Medium(5.1)	bzip2-0.9.1.jar bzip2-0.9.1.jar
CVE-2011-4089	CWE-264 Permissions, Privileges, and Access Controls	Medium(4.6)	bzip2-0.9.1.jar bzip2-0.9.1.jar
CVE-2015-5253	CWE-264 Permissions, Privileges, and Access Controls	Medium(4.0)	cxf-core-3.0.16.jar cxf-rt-frontend-jaxrs-3.0.16.jar cxf-rt-transports-http-3.0.16.jar cxf-rt-rs-client-3.0.16.jar
CVE-2017-5656	CWE-384 Session Fixation	Medium(5.0)	cxf-core-3.0.16.jar cxf-rt-frontend-jaxrs-3.0.16.jar cxf-rt-transports-http-3.0.16.jar cxf-rt-rs-client-3.0.16.jar
CVE-2018-8039	CWE-254 7PK - Security Features	Medium(6.8)	cxf-core-3.0.16.jar cxf-rt-frontend-jaxrs-3.0.16.jar cxf-rt-transports-http-3.0.16.jar cxf-rt-rs-client-3.0.16.jar
CVE-2017-15095	CWE-502 Deserialization of Untrusted Data	High(7.5)	jackson-databind-2.9.0.jar
CVE-2018-5968	CWE-184 Incomplete Blacklist	Medium(5.1)	jackson-databind-2.9.0.jar
CVE-2018-7489	CWE-184 Incomplete Blacklist	High(7.5)	jackson-databind-2.9.0.jar
CVE-2018-1338	CWE-399 Resource Management Errors	Medium(4.3)	tika-core-1.17.jar tika-parsers-1.17.jar
CVE-2018-1339	CWE-399 Resource Management Errors	Medium(4.3)	tika-core-1.17.jar tika-parsers-1.17.jar
CVE-2016-6809	CWE-502 Deserialization of Untrusted Data	High(7.5)	vorbis-java-tika-0.8.jar vorbis-java-tika-0.8.jar
CVE-2018-1338	CWE-399 Resource Management Errors	Medium(4.3)	vorbis-java-tika-0.8.jar vorbis-java-tika-0.8.jar
CVE-2018-1339	CWE-399 Resource Management Errors	Medium(4.3)	vorbis-java-tika-0.8.jar vorbis-java-tika-0.8.jar
CVE-2015-4035	CWE-20 Improper Input Validation	Medium(4.6)	xz-1.6.jar
CVE-2017-17485	CWE-502 Deserialization of Untrusted Data	High(7.5)	jackson-databind-2.9.2.jar
CVE-2018-5968	CWE-184 Incomplete Blacklist	Medium(5.1)	jackson-databind-2.9.2.jar
CVE-2018-7489	CWE-184 Incomplete Blacklist	High(7.5)	jackson-databind-2.9.2.jar
CVE-2017-15095	CWE-502 Deserialization of Untrusted Data	High(7.5)	jackson-databind-2.5.3.jar
CVE-2017-17485	CWE-502 Deserialization of Untrusted Data	High(7.5)	jackson-databind-2.5.3.jar
CVE-2017-7525	CWE-502 Deserialization of Untrusted Data	High(7.5)	jackson-databind-2.5.3.jar
CVE-2018-5968	CWE-184 Incomplete Blacklist	Medium(5.1)	jackson-databind-2.5.3.jar
CVE-2018-7489	CWE-184 Incomplete Blacklist	High(7.5)	jackson-databind-2.5.3.jar
CVE-2017-5645	CWE-502 Deserialization of Untrusted Data	High(7.5)	log4j-core-2.7.jar log4j-api-2.7.jar
CVE-2012-6612		High(7.5)	indexer-solr.jar
CVE-2013-6397	CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	Medium(4.3)	indexer-solr.jar
CVE-2013-6407		Medium(6.4)	indexer-solr.jar
CVE-2013-6408		Medium(6.4)	indexer-solr.jar
CVE-2015-8795	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	indexer-solr.jar
CVE-2015-8796	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	indexer-solr.jar
CVE-2015-8797	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	indexer-solr.jar
CVE-2017-3163	CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	Medium(5.0)	indexer-solr.jar
CVE-2018-8026	CWE-611 Improper Restriction of XML External Entity Reference ('XXE')	Low(2.1)	solr-solrj-7.3.1.jar
CVE-2014-0085	CWE-255 Credentials Management	Low(2.1)	zookeeper-3.4.11.jar
CVE-2018-8012	CWE-285 Improper Authorization	Medium(5.0)	zookeeper-3.4.11.jar
CVE-2015-6420	CWE-502 Deserialization of Untrusted Data	High(7.5)	commons-collections-3.2.1.jar commons-collections-3.2.1.jar
CVE-2017-15708	CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	High(7.5)	commons-collections-3.2.1.jar commons-collections-3.2.1.jar
CVE-2014-3577		Medium(5.8)	httpclient-4.3.4.jar
CVE-2015-5262	CWE-399 Resource Management Errors	Medium(4.3)	httpclient-4.3.4.jar
CVE-2017-7656	CWE-284 Improper Access Control	Medium(5.0)	jetty-http-8.1.15.v20140411.jar jetty-util-8.1.15.v20140411.jar jetty-websocket-8.1.15.v20140411.jar
CVE-2017-7657	CWE-190 Integer Overflow or Wraparound	High(7.5)	jetty-http-8.1.15.v20140411.jar jetty-util-8.1.15.v20140411.jar jetty-websocket-8.1.15.v20140411.jar
CVE-2017-7658	CWE-19 Data Processing Errors	High(7.5)	jetty-http-8.1.15.v20140411.jar jetty-util-8.1.15.v20140411.jar jetty-websocket-8.1.15.v20140411.jar
CVE-2017-9735	CWE-200 Information Exposure	Medium(5.0)	jetty-http-8.1.15.v20140411.jar jetty-util-8.1.15.v20140411.jar jetty-websocket-8.1.15.v20140411.jar
CVE-2014-3488	CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer	Medium(5.0)	netty-3.5.2.Final.jar netty-3.5.2.Final.jar
CVE-2015-2156	CWE-20 Improper Input Validation	Medium(4.3)	netty-3.5.2.Final.jar netty-3.5.2.Final.jar
CVE-2003-1561	CWE-200 Information Exposure	Medium(4.3)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2008-1761	CWE-399 Resource Management Errors	High(9.3)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2008-1764		High(9.3)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2008-3079		High(10.0)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2008-3172	CWE-264 Permissions, Privileges, and Access Controls	Medium(6.8)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2008-4293		High(10.0)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2008-4695	CWE-200 Information Exposure	High(9.3)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2008-4696	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2008-4794	CWE-20 Improper Input Validation	High(9.3)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2008-4795	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2008-5679	CWE-399 Resource Management Errors	High(9.3)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2009-0915		Medium(6.8)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2009-2068	CWE-287 Improper Authentication	Medium(5.8)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2010-5227		Medium(6.9)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2015-8960	CWE-310 Cryptographic Issues	Medium(6.8)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2016-7152	CWE-200 Information Exposure	Medium(5.0)	operadriver-1.5.jar operadriver-1.5.jar
CVE-2003-1561	CWE-200 Information Exposure	Medium(4.3)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2008-1761	CWE-399 Resource Management Errors	High(9.3)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2008-1764		High(9.3)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2008-3079		High(10.0)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2008-3172	CWE-264 Permissions, Privileges, and Access Controls	Medium(6.8)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2008-4293		High(10.0)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2008-4695	CWE-200 Information Exposure	High(9.3)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2008-4696	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2008-4794	CWE-20 Improper Input Validation	High(9.3)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2008-4795	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2008-5679	CWE-399 Resource Management Errors	High(9.3)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2009-0915		Medium(6.8)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2009-2068	CWE-287 Improper Authentication	Medium(5.8)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2010-5227		Medium(6.9)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2015-8960	CWE-310 Cryptographic Issues	Medium(6.8)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2016-7152	CWE-200 Information Exposure	Medium(5.0)	operalaunchers-1.1.jar operalaunchers-1.1.jar
CVE-2015-5237	CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer	Medium(6.5)	protobuf-java-2.4.1.jar protobuf-java-2.4.1.jar
CVE-2014-0107	CWE-264 Permissions, Privileges, and Access Controls	High(7.5)	serializer-2.7.1.jar
CVE-2014-0107	CWE-264 Permissions, Privileges, and Access Controls	High(7.5)	xalan-2.7.1.jar
CVE-2017-7656	CWE-284 Improper Access Control	Medium(5.0)	jetty-util-9.2.12.v20150709.jar
CVE-2017-7657	CWE-190 Integer Overflow or Wraparound	High(7.5)	jetty-util-9.2.12.v20150709.jar
CVE-2017-7658	CWE-19 Data Processing Errors	High(7.5)	jetty-util-9.2.12.v20150709.jar
CVE-2017-9735	CWE-200 Information Exposure	Medium(5.0)	jetty-util-9.2.12.v20150709.jar
CVE-2017-7656	CWE-284 Improper Access Control	Medium(5.0)	websocket-client-9.2.12.v20150709.jar websocket-common-9.2.12.v20150709.jar
CVE-2017-7657	CWE-190 Integer Overflow or Wraparound	High(7.5)	websocket-client-9.2.12.v20150709.jar websocket-common-9.2.12.v20150709.jar
CVE-2017-7658	CWE-19 Data Processing Errors	High(7.5)	websocket-client-9.2.12.v20150709.jar websocket-common-9.2.12.v20150709.jar
CVE-2017-9735	CWE-200 Information Exposure	Medium(5.0)	websocket-client-9.2.12.v20150709.jar websocket-common-9.2.12.v20150709.jar
CVE-2016-6809	CWE-502 Deserialization of Untrusted Data	High(7.5)	parse-tika.jar
CVE-2015-4035	CWE-20 Improper Input Validation	Medium(4.6)	xz-1.8.jar
CVE-2018-13684	CWE-190 Integer Overflow or Wraparound	Medium(5.0)	parse-zip.jar
CVE-2009-3821	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	solr-commons-csv-3.5.0.jar
CVE-2012-6612		High(7.5)	solr-commons-csv-3.5.0.jar
CVE-2013-6397	CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	Medium(4.3)	solr-commons-csv-3.5.0.jar
CVE-2013-6407		Medium(6.4)	solr-commons-csv-3.5.0.jar
CVE-2013-6408		Medium(6.4)	solr-commons-csv-3.5.0.jar
CVE-2015-8795	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	solr-commons-csv-3.5.0.jar
CVE-2015-8796	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	solr-commons-csv-3.5.0.jar
CVE-2015-8797	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	solr-commons-csv-3.5.0.jar
CVE-2017-3163	CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	Medium(5.0)	solr-commons-csv-3.5.0.jar
CVE-2016-3674	CWE-200 Information Exposure	Medium(5.0)	xstream-1.4.4.jar
CVE-2017-7957	CWE-20 Improper Input Validation	Medium(5.0)	xstream-1.4.4.jar
CVE-2015-6748	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Medium(4.3)	jsoup-1.8.1.jar

This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the Node Security Platform.
This report may contain data retrieved from the RetireJS Community.