Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
This report is intended to be a quick summary of findings. It is highly recommended that you use the full HTML report to determine if any false positives have been reported. Additionally, the HTML report provides many features not found in the vulnerability report.
NAME | CWE | Severity (CVSS) | Dependency |
---|---|---|---|
CVE-2015-3250 | CWE-200 Information Exposure | Medium(5.0) | api-util-1.0.0-M20.jar |
CVE-2016-5001 | CWE-200 Information Exposure | Low(2.1) | avro-mapred-1.8.1.jar |
CVE-2017-3161 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | avro-mapred-1.8.1.jar |
CVE-2017-3162 | CWE-20 Improper Input Validation | High(7.5) | avro-mapred-1.8.1.jar |
CVE-2017-17689 | CWE-310 Cryptographic Issues | Medium(4.3) | closure-compiler-v20130603.jar |
CVE-2014-0114 | CWE-20 Improper Input Validation | High(7.5) | commons-beanutils-1.7.0.jar |
CVE-2014-0114 | CWE-20 Improper Input Validation | High(7.5) | commons-beanutils-core-1.8.0.jar |
CVE-2015-6420 | CWE-502 Deserialization of Untrusted Data | High(7.5) | commons-collections-3.2.1.jar |
CVE-2017-15708 | CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | High(7.5) | commons-collections-3.2.1.jar |
CVE-2015-6420 | CWE-502 Deserialization of Untrusted Data | High(7.5) | commons-collections4-4.0.jar |
CVE-2014-0050 | CWE-264 Permissions, Privileges, and Access Controls | High(7.5) | commons-fileupload-1.3.jar |
CVE-2016-1000031 | CWE-284 Improper Access Control | High(7.5) | commons-fileupload-1.3.jar |
CVE-2016-3092 | CWE-20 Improper Input Validation | High(7.8) | commons-fileupload-1.3.jar |
CVE-2012-2378 | CWE-264 Permissions, Privileges, and Access Controls | Medium(4.3) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2012-2379 | High(10.0) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar | |
CVE-2012-3451 | CWE-20 Improper Input Validation | Medium(4.3) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2012-5575 | CWE-310 Cryptographic Issues | Medium(6.4) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2012-5633 | CWE-287 Improper Authentication | Medium(5.8) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2012-5786 | CWE-20 Improper Input Validation | Medium(5.8) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2013-0239 | CWE-287 Improper Authentication | Medium(5.0) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2013-2160 | CWE-399 Resource Management Errors | Medium(5.0) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2014-0034 | CWE-20 Improper Input Validation | Medium(4.3) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2014-0035 | CWE-310 Cryptographic Issues | Medium(4.3) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2014-0109 | CWE-399 Resource Management Errors | Medium(4.3) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2014-0110 | CWE-399 Resource Management Errors | Medium(4.3) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2014-3584 | CWE-399 Resource Management Errors | Medium(5.0) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2015-5253 | CWE-264 Permissions, Privileges, and Access Controls | Medium(4.0) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2016-6812 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2016-8739 | CWE-611 Improper Restriction of XML External Entity Reference ('XXE') | High(7.8) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2017-3156 | CWE-361 7PK - Time and State | Medium(5.0) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2017-5656 | CWE-384 Session Fixation | Medium(5.0) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2018-8039 | CWE-254 7PK - Security Features | Medium(6.8) | cxf-api-2.5.2.jar cxf-rt-bindings-xml-2.5.2.jar cxf-rt-transports-common-2.5.2.jar cxf-rt-transports-http-2.5.2.jar cxf-common-utilities-2.5.2.jar cxf-rt-frontend-jaxrs-2.5.2.jar |
CVE-2012-4449 | CWE-327 Use of a Broken or Risky Cryptographic Algorithm | High(7.5) | gora-compiler-cli-0.8.jar gora-compiler-0.8.jar |
CVE-2016-5001 | CWE-200 Information Exposure | Low(2.1) | gora-compiler-cli-0.8.jar gora-compiler-0.8.jar |
CVE-2017-3161 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | gora-compiler-cli-0.8.jar gora-compiler-0.8.jar |
CVE-2017-3162 | CWE-20 Improper Input Validation | High(7.5) | gora-compiler-cli-0.8.jar gora-compiler-0.8.jar |
CVE-2016-5001 | CWE-200 Information Exposure | Low(2.1) | hadoop-yarn-server-nodemanager-2.5.2.jar hadoop-yarn-api-2.5.2.jar hadoop-common-2.5.2.jar hadoop-yarn-client-2.5.2.jar hadoop-auth-2.5.2.jar hadoop-annotations-2.5.2.jar hadoop-mapreduce-client-shuffle-2.5.2.jar hadoop-yarn-server-common-2.5.2.jar hadoop-hdfs-2.5.2.jar hadoop-mapreduce-client-jobclient-2.5.2.jar hadoop-mapreduce-client-common-2.5.2.jar hadoop-yarn-common-2.5.2.jar |
CVE-2017-3161 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | hadoop-yarn-server-nodemanager-2.5.2.jar hadoop-yarn-api-2.5.2.jar hadoop-common-2.5.2.jar hadoop-yarn-client-2.5.2.jar hadoop-auth-2.5.2.jar hadoop-annotations-2.5.2.jar hadoop-mapreduce-client-shuffle-2.5.2.jar hadoop-yarn-server-common-2.5.2.jar hadoop-hdfs-2.5.2.jar hadoop-mapreduce-client-jobclient-2.5.2.jar hadoop-mapreduce-client-common-2.5.2.jar hadoop-yarn-common-2.5.2.jar |
CVE-2017-3162 | CWE-20 Improper Input Validation | High(7.5) | hadoop-yarn-server-nodemanager-2.5.2.jar hadoop-yarn-api-2.5.2.jar hadoop-common-2.5.2.jar hadoop-yarn-client-2.5.2.jar hadoop-auth-2.5.2.jar hadoop-annotations-2.5.2.jar hadoop-mapreduce-client-shuffle-2.5.2.jar hadoop-yarn-server-common-2.5.2.jar hadoop-hdfs-2.5.2.jar hadoop-mapreduce-client-jobclient-2.5.2.jar hadoop-mapreduce-client-common-2.5.2.jar hadoop-yarn-common-2.5.2.jar |
CVE-2017-15095 | CWE-502 Deserialization of Untrusted Data | High(7.5) | jackson-databind-2.3.0.jar |
CVE-2017-17485 | CWE-502 Deserialization of Untrusted Data | High(7.5) | jackson-databind-2.3.0.jar |
CVE-2017-7525 | CWE-502 Deserialization of Untrusted Data | High(7.5) | jackson-databind-2.3.0.jar |
CVE-2018-5968 | CWE-184 Incomplete Blacklist | Medium(5.1) | jackson-databind-2.3.0.jar |
CVE-2018-7489 | CWE-184 Incomplete Blacklist | High(7.5) | jackson-databind-2.3.0.jar |
CVE-2016-3720 | High(7.5) | jackson-dataformat-xml-2.2.3.jar | |
CVE-2016-7051 | CWE-918 Server-Side Request Forgery (SSRF) | Medium(5.0) | jackson-dataformat-xml-2.2.3.jar |
CVE-2017-15095 | CWE-502 Deserialization of Untrusted Data | High(7.5) | jackson-dataformat-xml-2.2.3.jar |
CVE-2017-17485 | CWE-502 Deserialization of Untrusted Data | High(7.5) | jackson-dataformat-xml-2.2.3.jar |
CVE-2017-7525 | CWE-502 Deserialization of Untrusted Data | High(7.5) | jackson-dataformat-xml-2.2.3.jar |
CVE-2011-4461 | CWE-310 Cryptographic Issues | Medium(5.0) | jetty-util5-6.1.26.jar jetty-util-6.1.26.jar jetty-sslengine-6.1.26.jar jetty-client-6.1.26.jar jetty-util-6.1.26.jar |
CVE-2016-5725 | CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Medium(4.3) | jsch-0.1.42.jar |
CVE-2014-0193 | CWE-399 Resource Management Errors | Medium(5.0) | netty-3.6.2.Final.jar |
CVE-2014-3488 | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer | Medium(5.0) | netty-3.6.2.Final.jar |
CVE-2015-2156 | CWE-20 Improper Input Validation | Medium(4.3) | netty-3.6.2.Final.jar |
CVE-2013-4221 | CWE-16 Configuration | High(7.5) | org.restlet.lib.org.json-2.0.jar |
CVE-2013-4271 | CWE-502 Deserialization of Untrusted Data | High(7.5) | org.restlet.lib.org.json-2.0.jar |
CVE-2014-1868 | Medium(5.0) | org.restlet.lib.org.json-2.0.jar | |
CVE-2015-5237 | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer | Medium(6.5) | protobuf-java-2.5.0.jar protobuf-java-2.5.0.jar |
CVE-2014-0107 | CWE-264 Permissions, Privileges, and Access Controls | High(7.5) | serializer-2.7.1.jar |
CVE-2005-3747 | CWE-200 Information Exposure | Medium(5.0) | servlet-api-2.5-20081211.jar |
CVE-2007-5615 | CWE-94 Improper Control of Generation of Code ('Code Injection') | Medium(5.0) | servlet-api-2.5-20081211.jar |
CVE-2009-1523 | CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Medium(5.0) | servlet-api-2.5-20081211.jar |
CVE-2009-1524 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | servlet-api-2.5-20081211.jar |
CVE-2011-4461 | CWE-310 Cryptographic Issues | Medium(5.0) | servlet-api-2.5-20081211.jar |
CVE-2014-3628 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | solr-solrj-4.6.0.jar |
CVE-2015-8795 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | solr-solrj-4.6.0.jar |
CVE-2015-8796 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | solr-solrj-4.6.0.jar |
CVE-2015-8797 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | solr-solrj-4.6.0.jar |
CVE-2017-3163 | CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Medium(5.0) | solr-solrj-4.6.0.jar |
CVE-2018-1308 | CWE-611 Improper Restriction of XML External Entity Reference ('XXE') | Medium(5.0) | solr-solrj-4.6.0.jar |
CVE-2014-0225 | CWE-611 Improper Restriction of XML External Entity Reference ('XXE') | Medium(6.8) | spring-expression-4.0.4.RELEASE.jar spring-context-4.0.4.RELEASE.jar spring-aop-4.0.4.RELEASE.jar spring-test-4.0.4.RELEASE.jar spring-beans-4.0.4.RELEASE.jar spring-web-4.0.4.RELEASE.jar |
CVE-2014-3578 | CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Medium(5.0) | spring-expression-4.0.4.RELEASE.jar spring-context-4.0.4.RELEASE.jar spring-aop-4.0.4.RELEASE.jar spring-test-4.0.4.RELEASE.jar spring-beans-4.0.4.RELEASE.jar spring-web-4.0.4.RELEASE.jar |
CVE-2014-3625 | CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Medium(5.0) | spring-expression-4.0.4.RELEASE.jar spring-context-4.0.4.RELEASE.jar spring-aop-4.0.4.RELEASE.jar spring-test-4.0.4.RELEASE.jar spring-beans-4.0.4.RELEASE.jar spring-web-4.0.4.RELEASE.jar |
CVE-2015-5211 | CWE-20 Improper Input Validation | High(9.3) | spring-expression-4.0.4.RELEASE.jar spring-context-4.0.4.RELEASE.jar spring-aop-4.0.4.RELEASE.jar spring-test-4.0.4.RELEASE.jar spring-beans-4.0.4.RELEASE.jar spring-web-4.0.4.RELEASE.jar |
CVE-2016-5007 | CWE-264 Permissions, Privileges, and Access Controls | Medium(5.0) | spring-expression-4.0.4.RELEASE.jar spring-context-4.0.4.RELEASE.jar spring-aop-4.0.4.RELEASE.jar spring-test-4.0.4.RELEASE.jar spring-beans-4.0.4.RELEASE.jar spring-web-4.0.4.RELEASE.jar |
CVE-2018-1270 | CWE-358 Improperly Implemented Security Check for Standard | High(7.5) | spring-expression-4.0.4.RELEASE.jar spring-context-4.0.4.RELEASE.jar spring-aop-4.0.4.RELEASE.jar spring-test-4.0.4.RELEASE.jar spring-beans-4.0.4.RELEASE.jar spring-web-4.0.4.RELEASE.jar |
CVE-2018-1271 | CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Medium(4.3) | spring-expression-4.0.4.RELEASE.jar spring-context-4.0.4.RELEASE.jar spring-aop-4.0.4.RELEASE.jar spring-test-4.0.4.RELEASE.jar spring-beans-4.0.4.RELEASE.jar spring-web-4.0.4.RELEASE.jar |
CVE-2018-1272 | CWE-264 Permissions, Privileges, and Access Controls | Medium(6.0) | spring-expression-4.0.4.RELEASE.jar spring-context-4.0.4.RELEASE.jar spring-aop-4.0.4.RELEASE.jar spring-test-4.0.4.RELEASE.jar spring-beans-4.0.4.RELEASE.jar spring-web-4.0.4.RELEASE.jar |
CVE-2016-6809 | CWE-502 Deserialization of Untrusted Data | High(7.5) | tika-core-1.10.jar |
CVE-2018-1338 | CWE-399 Resource Management Errors | Medium(4.3) | tika-core-1.10.jar |
CVE-2018-1339 | CWE-399 Resource Management Errors | Medium(4.3) | tika-core-1.10.jar |
CVE-2014-3526 | CWE-200 Information Exposure | Medium(5.0) | wicket-ioc-6.16.0.jar wicket-request-6.16.0.jar wicket-auth-roles-6.16.0.jar wicket-util-6.16.0.jar wicket-spring-6.16.0.jar |
CVE-2014-7808 | CWE-310 Cryptographic Issues | Medium(5.0) | wicket-ioc-6.16.0.jar wicket-request-6.16.0.jar wicket-auth-roles-6.16.0.jar wicket-util-6.16.0.jar wicket-spring-6.16.0.jar |
CVE-2015-5347 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | wicket-ioc-6.16.0.jar wicket-request-6.16.0.jar wicket-auth-roles-6.16.0.jar wicket-util-6.16.0.jar wicket-spring-6.16.0.jar |
CVE-2015-7520 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | wicket-ioc-6.16.0.jar wicket-request-6.16.0.jar wicket-auth-roles-6.16.0.jar wicket-util-6.16.0.jar wicket-spring-6.16.0.jar |
CVE-2016-6793 | CWE-502 Deserialization of Untrusted Data | Medium(6.4) | wicket-ioc-6.16.0.jar wicket-request-6.16.0.jar wicket-auth-roles-6.16.0.jar wicket-util-6.16.0.jar wicket-spring-6.16.0.jar |
CVE-2014-0043 | CWE-200 Information Exposure | Medium(5.0) | wicket-extensions-6.13.0.jar |
CVE-2014-3526 | CWE-200 Information Exposure | Medium(5.0) | wicket-extensions-6.13.0.jar |
CVE-2014-7808 | CWE-310 Cryptographic Issues | Medium(5.0) | wicket-extensions-6.13.0.jar |
CVE-2015-5347 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | wicket-extensions-6.13.0.jar |
CVE-2015-7520 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | wicket-extensions-6.13.0.jar |
CVE-2016-6793 | CWE-502 Deserialization of Untrusted Data | Medium(6.4) | wicket-extensions-6.13.0.jar |
CVE-2012-0881 | CWE-399 Resource Management Errors | High(7.8) | xercesImpl-2.9.1.jar |
CVE-2015-4035 | CWE-20 Improper Input Validation | Medium(4.6) | xz-1.5.jar |
CVE-2014-0085 | CWE-255 Credentials Management | Low(2.1) | zookeeper-3.4.5.jar |
CVE-2016-5017 | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer | Medium(6.8) | zookeeper-3.4.5.jar |
CVE-2017-5637 | CWE-399 Resource Management Errors | Medium(5.0) | zookeeper-3.4.5.jar |
CVE-2018-8012 | CWE-285 Improper Authorization | Medium(5.0) | zookeeper-3.4.5.jar |
CVE-2015-1836 | CWE-284 Improper Access Control | High(7.5) | hbase-common-0.98.8-hadoop2.jar hbase-protocol-0.98.8-hadoop2.jar |
CVE-2014-0193 | CWE-399 Resource Management Errors | Medium(5.0) | netty-3.6.6.Final.jar |
CVE-2014-3488 | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer | Medium(5.0) | netty-3.6.6.Final.jar |
CVE-2015-2156 | CWE-20 Improper Input Validation | Medium(4.3) | netty-3.6.6.Final.jar |
CVE-2014-0085 | CWE-255 Credentials Management | Low(2.1) | zookeeper-3.4.6.jar |
CVE-2016-5017 | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer | Medium(6.8) | zookeeper-3.4.6.jar |
CVE-2017-5637 | CWE-399 Resource Management Errors | Medium(5.0) | zookeeper-3.4.6.jar |
CVE-2018-8012 | CWE-285 Improper Authorization | Medium(5.0) | zookeeper-3.4.6.jar |
CVE-2012-6612 | High(7.5) | indexer-solr.jar | |
CVE-2013-6397 | CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Medium(4.3) | indexer-solr.jar |
CVE-2013-6407 | Medium(6.4) | indexer-solr.jar | |
CVE-2013-6408 | Medium(6.4) | indexer-solr.jar | |
CVE-2015-8795 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | indexer-solr.jar |
CVE-2015-8796 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | indexer-solr.jar |
CVE-2015-8797 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | indexer-solr.jar |
CVE-2017-3163 | CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Medium(5.0) | indexer-solr.jar |
CVE-2015-6748 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | jsoup-extractor.jar |
CVE-2005-1260 | Medium(5.0) | bzip2-0.9.1.jar | |
CVE-2010-0405 | CWE-189 Numeric Errors | Medium(5.1) | bzip2-0.9.1.jar |
CVE-2011-4089 | CWE-264 Permissions, Privileges, and Access Controls | Medium(4.6) | bzip2-0.9.1.jar |
CVE-2016-2175 | High(7.5) | fontbox-1.8.10.jar | |
CVE-2018-8036 | CWE-399 Resource Management Errors | Medium(4.3) | fontbox-1.8.10.jar |
CVE-2016-2175 | High(7.5) | jempbox-1.8.10.jar | |
CVE-2018-8036 | CWE-399 Resource Management Errors | Medium(4.3) | jempbox-1.8.10.jar |
CVE-2015-6748 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Medium(4.3) | jsoup-1.7.2.jar |
CVE-2017-12620 | CWE-611 Improper Restriction of XML External Entity Reference ('XXE') | High(7.5) | opennlp-tools-1.5.3.jar |
CVE-2016-6809 | CWE-502 Deserialization of Untrusted Data | High(7.5) | parse-tika.jar |
CVE-2016-2175 | High(7.5) | pdfbox-1.8.10.jar | |
CVE-2018-8036 | CWE-399 Resource Management Errors | Medium(4.3) | pdfbox-1.8.10.jar |
CVE-2016-5000 | CWE-611 Improper Restriction of XML External Entity Reference ('XXE') | Medium(4.3) | poi-ooxml-3.13-beta1.jar poi-ooxml-schemas-3.13-beta1.jar poi-scratchpad-3.13-beta1.jar |
CVE-2017-5644 | CWE-399 Resource Management Errors | High(7.1) | poi-ooxml-3.13-beta1.jar poi-ooxml-schemas-3.13-beta1.jar poi-scratchpad-3.13-beta1.jar |
CVE-2016-6809 | CWE-502 Deserialization of Untrusted Data | High(7.5) | tika-parsers-1.10.jar |
CVE-2018-1338 | CWE-399 Resource Management Errors | Medium(4.3) | tika-parsers-1.10.jar |
CVE-2018-1339 | CWE-399 Resource Management Errors | Medium(4.3) | tika-parsers-1.10.jar |
CVE-2016-6809 | CWE-502 Deserialization of Untrusted Data | High(7.5) | vorbis-java-tika-0.6.jar |
CVE-2017-6888 | CWE-399 Resource Management Errors | Medium(4.3) | vorbis-java-tika-0.6.jar |
CVE-2018-1338 | CWE-399 Resource Management Errors | Medium(4.3) | vorbis-java-tika-0.6.jar |
CVE-2018-1339 | CWE-399 Resource Management Errors | Medium(4.3) | vorbis-java-tika-0.6.jar |
CVE-2016-5725 | CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Medium(4.3) | jsch-0.1.41.jar |
This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the Node Security Platform.
This report may contain data retrieved from the RetireJS Community.