Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: fides-tool-ui-desktop

eu.imdr:fides-tool-ui-desktop:1.5.6

Scan Information (show all):

Summary

Summary of Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
HikariCP-6.3.3.jarpkg:maven/com.zaxxer/HikariCP@6.3.3 037
SparseBitSet-1.3.jarcpe:2.3:a:bit_project:bit:1.3:*:*:*:*:*:*:*pkg:maven/com.zaxxer/SparseBitSet@1.3 0Low28
angus-activation-2.0.2.jarcpe:2.3:a:eclipse:jakarta_mail:2.0.2:*:*:*:*:*:*:*pkg:maven/org.eclipse.angus/angus-activation@2.0.2 0Low35
ant-1.10.14.jarcpe:2.3:a:apache:ant:1.10.14:*:*:*:*:*:*:*pkg:maven/org.apache.ant/ant@1.10.14 0Highest24
antlr4-runtime-4.13.0.jarpkg:maven/org.antlr/antlr4-runtime@4.13.0 030
aspectjweaver-1.9.24.jarpkg:maven/org.aspectj/aspectjweaver@1.9.24 049
batik-css-1.18.jarcpe:2.3:a:apache:batik:1.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:xml_graphics_batik:1.18:*:*:*:*:*:*:*		pkg:maven/org.apache.xmlgraphics/batik-css@1.18 0Highest23
batik-i18n-1.18.jarpkg:maven/org.apache.xmlgraphics/batik-i18n@1.18 021
byte-buddy-1.17.7.jarpkg:maven/net.bytebuddy/byte-buddy@1.17.7 029
cache-api-1.1.1.jarpkg:maven/javax.cache/cache-api@1.1.1 023
classmate-1.7.0.jarpkg:maven/com.fasterxml/classmate@1.7.0 052
commons-codec-1.18.0.jarpkg:maven/commons-codec/commons-codec@1.18.0 0121
commons-collections4-4.4.jarcpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.4 0Highest105
commons-compress-1.27.1.jarcpe:2.3:a:apache:commons_compress:1.27.1:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.27.1 0Highest109
commons-io-2.18.0.jarcpe:2.3:a:apache:commons_io:2.18.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.18.0 0Highest125
commons-lang3-3.17.0.jarcpe:2.3:a:apache:commons_lang:3.17.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-lang3@3.17.0MEDIUM1Highest145
commons-logging-1.0.4.jarpkg:maven/commons-logging/commons-logging@1.0.4 086
commons-math3-3.6.1.jarpkg:maven/org.apache.commons/commons-math3@3.6.1 0134
commons-text-1.13.0.jarcpe:2.3:a:apache:commons_text:1.13.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-text@1.13.0 0Highest73
curvesapi-1.08.jarpkg:maven/com.github.virtuald/curvesapi@1.08 023
ehcache-3.10.9.jar (shaded: org.ehcache.modules:ehcache-107:3.10.9)pkg:maven/org.ehcache.modules/ehcache-107@3.10.9 021
ehcache-3.10.9.jar (shaded: org.ehcache.modules:ehcache-api:3.10.9)pkg:maven/org.ehcache.modules/ehcache-api@3.10.9 021
ehcache-3.10.9.jar (shaded: org.ehcache.modules:ehcache-core:3.10.9)pkg:maven/org.ehcache.modules/ehcache-core@3.10.9 021
ehcache-3.10.9.jar (shaded: org.ehcache.modules:ehcache-impl:3.10.9)pkg:maven/org.ehcache.modules/ehcache-impl@3.10.9 021
ehcache-3.10.9.jar (shaded: org.ehcache.modules:ehcache-xml-spi:3.10.9)pkg:maven/org.ehcache.modules/ehcache-xml-spi@3.10.9 021
ehcache-3.10.9.jar (shaded: org.ehcache.modules:ehcache-xml:3.10.9)pkg:maven/org.ehcache.modules/ehcache-xml@3.10.9 021
ehcache-3.10.9.jar (shaded: org.ehcache:sizeof:0.4.3)pkg:maven/org.ehcache/sizeof@0.4.3 013
ehcache-3.10.9.jar (shaded: org.terracotta:fast-restartable-store:1.6.10)pkg:maven/org.terracotta/fast-restartable-store@1.6.10 010
ehcache-3.10.9.jar (shaded: org.terracotta:offheap-store:2.5.5)pkg:maven/org.terracotta/offheap-store@2.5.5 020
ehcache-3.10.9.jar (shaded: org.terracotta:statistics:2.1.2)pkg:maven/org.terracotta/statistics@2.1.2 025
ehcache-3.10.9.jar (shaded: org.terracotta:terracotta-utilities-tools:0.0.17)pkg:maven/org.terracotta/terracotta-utilities-tools@0.0.17 019
ehcache-3.10.9.jarcpe:2.3:a:service_project:service:3.10.9:*:*:*:*:*:*:*pkg:maven/org.ehcache/ehcache@3.10.9 0Low54
ehcache-3.10.9.jar: sizeof-agent.jar 08
exp4j-0.4.8.jarpkg:maven/net.objecthunter/exp4j@0.4.8 034
fides-tool-api-1.0.jarpkg:maven/eu.imdr/fides-tool-api@1.0 022
fides-tool-common-1.0.jarpkg:maven/eu.imdr/fides-tool-common@1.0 020
fides-tool-engine-1.0.jarpkg:maven/eu.imdr/fides-tool-engine@1.0 022
fides-tool-persistence-1.0.jarpkg:maven/eu.imdr/fides-tool-persistence@1.0 022
fides-tool-ui-1.5.6.jarpkg:maven/eu.imdr/fides-tool-ui@1.5.6 023
flatlaf-3.5.jarcpe:2.3:a:laf:laf:3.5:*:*:*:*:*:*:*pkg:maven/com.formdev/flatlaf@3.5 0High31
flatlaf-3.5.jar: flatlaf-windows-arm64.dll 04
flatlaf-3.5.jar: flatlaf-windows-x86.dll 04
flatlaf-3.5.jar: flatlaf-windows-x86_64.dll 02
h2-2.4.240.jarcpe:2.3:a:h2database:h2:2.4.240:*:*:*:*:*:*:*pkg:maven/com.h2database/h2@2.4.240MEDIUM1Highest44
h2-2.4.240.jar: data.zip: table.js 00
h2-2.4.240.jar: data.zip: tree.js 00
hibernate-commons-annotations-7.0.3.Final.jarpkg:maven/org.hibernate.common/hibernate-commons-annotations@7.0.3.Final 038
hibernate-core-6.6.29.Final.jarcpe:2.3:a:hibernate:hibernate_orm:6.6.29:*:*:*:*:*:*:*pkg:maven/org.hibernate.orm/hibernate-core@6.6.29.Final 0Highest43
hibernate-jcache-6.6.13.Final.jarcpe:2.3:a:hibernate:hibernate_orm:6.6.13:*:*:*:*:*:*:*pkg:maven/org.hibernate.orm/hibernate-jcache@6.6.13.Final 0Highest47
istack-commons-runtime-4.1.2.jarpkg:maven/com.sun.istack/istack-commons-runtime@4.1.2 029
jackson-core-2.19.2.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.19.2:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.2 0Low47
jackson-databind-2.19.2.jarcpe:2.3:a:fasterxml:jackson-databind:2.19.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.19.2:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.19.2 0Highest41
jakarta.activation-api-2.1.4.jarpkg:maven/jakarta.activation/jakarta.activation-api@2.1.4 045
jakarta.annotation-api-2.1.1.jarcpe:2.3:a:oracle:projects:2.1.1:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@2.1.1 0Low42
jakarta.inject-api-2.0.1.jarpkg:maven/jakarta.inject/jakarta.inject-api@2.0.1 056
jakarta.persistence-api-3.1.0.jarpkg:maven/jakarta.persistence/jakarta.persistence-api@3.1.0 040
jakarta.transaction-api-2.0.1.jarcpe:2.3:a:oracle:projects:2.0.1:*:*:*:*:*:*:*pkg:maven/jakarta.transaction/jakarta.transaction-api@2.0.1 0Low50
jakarta.xml.bind-api-4.0.2.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.2 031
jandex-3.2.0.jarpkg:maven/io.smallrye/jandex@3.2.0 027
jaxb-core-4.0.5.jarpkg:maven/org.glassfish.jaxb/jaxb-core@4.0.5 040
jaxb-runtime-4.0.5.jarpkg:maven/org.glassfish.jaxb/jaxb-runtime@4.0.5 042
jboss-logging-3.6.1.Final.jarpkg:maven/org.jboss.logging/jboss-logging@3.6.1.Final 043
jsch-0.1.55.jarcpe:2.3:a:jcraft:jsch:0.1.55:*:*:*:*:*:*:*pkg:maven/com.jcraft/jsch@0.1.55 0Highest34
jsch-0.2.17.jarcpe:2.3:a:jcraft:jsch:0.2.17:*:*:*:*:*:*:*pkg:maven/com.github.mwiede/jsch@0.2.17 0Highest56
jul-to-slf4j-2.0.17.jarpkg:maven/org.slf4j/jul-to-slf4j@2.0.17 031
log4j-api-2.24.3.jarcpe:2.3:a:apache:log4j:2.24.3:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-api@2.24.3MEDIUM1Highest41
log4j-to-slf4j-2.24.3.jarpkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.24.3 037
logback-classic-1.5.18.jarcpe:2.3:a:qos:logback:1.5.18:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-classic@1.5.18 0Highest38
logback-core-1.5.18.jarcpe:2.3:a:qos:logback:1.5.18:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.5.18HIGH2Highest39
lombok-1.18.32.jarpkg:maven/org.projectlombok/lombok@1.18.32 036
lombok-1.18.32.jar: mavenEcjBootstrapAgent.jar 07
micrometer-commons-1.15.4.jarcpe:2.3:a:4d:4d:1.15.4:*:*:*:*:*:*:*pkg:maven/io.micrometer/micrometer-commons@1.15.4 0Low65
nimbus-jose-jwt-10.0.2.jar (shaded: com.github.stephenc.jcip:jcip-annotations:1.0-1)pkg:maven/com.github.stephenc.jcip/jcip-annotations@1.0-1 013
nimbus-jose-jwt-10.0.2.jar (shaded: com.google.code.gson:gson:2.12.1)cpe:2.3:a:google:gson:2.12.1:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.12.1 0Highest9
nimbus-jose-jwt-10.0.2.jarcpe:2.3:a:connect2id:nimbus_jose\+jwt:10.0.2:*:*:*:*:*:*:*pkg:maven/com.nimbusds/nimbus-jose-jwt@10.0.2 0Highest51
poi-5.4.1.jarcpe:2.3:a:apache:poi:5.4.1:*:*:*:*:*:*:*pkg:maven/org.apache.poi/poi@5.4.1 0Highest35
slf4j-api-2.0.17.jarpkg:maven/org.slf4j/slf4j-api@2.0.17 029
snakeyaml-2.4.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.4:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.4 0Highest42
spring-boot-3.5.6.jarcpe:2.3:a:vmware:spring_boot:3.5.6:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@3.5.6 0Highest38
spring-boot-devtools-3.5.6.jarcpe:2.3:a:vmware:spring_boot:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_boot_tools:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_tools:3.5.6:*:*:*:*:*:*:*		pkg:maven/org.springframework.boot/spring-boot-devtools@3.5.6 0Highest40
spring-boot-devtools-3.5.6.jar: livereload.js 00
spring-core-6.2.11.jarcpe:2.3:a:pivotal_software:spring_framework:6.2.11:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.2.11:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.2.11:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@6.2.11 0Highest41
spring-data-commons-3.5.4.jarcpe:2.3:a:pivotal_software:spring_data_commons:3.5.4:*:*:*:*:*:*:*pkg:maven/org.springframework.data/spring-data-commons@3.5.4 0Highest32
spring-data-jpa-3.5.4.jarcpe:2.3:a:pivotal_software:spring_data_jpa:3.5.4:*:*:*:*:*:*:*pkg:maven/org.springframework.data/spring-data-jpa@3.5.4 0Highest30
spring-security-core-6.5.5.jarcpe:2.3:a:pivotal_software:spring_security:6.5.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.5.5:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-core@6.5.5 0Highest38
std-commons-desktop-7.0.jarpkg:maven/com.satodev/std-commons-desktop@7.0 017
std-commons-oneui-7.0.jarpkg:maven/com.satodev/std-commons-oneui@7.0 017
std-commons-spring-7.0.jarpkg:maven/com.satodev/std-commons-spring@7.0 017
std-commons-utils-7.0.jarcpe:2.3:a:utils_project:utils:7.0:*:*:*:*:*:*:*pkg:maven/com.satodev/std-commons-utils@7.0 0Highest17
txw2-4.0.5.jarpkg:maven/org.glassfish.jaxb/txw2@4.0.5 034
validation-api-2.0.1.Final.jarpkg:maven/javax.validation/validation-api@2.0.1.Final 050
xml-apis-ext-1.3.04.jarcpe:2.3:a:apache:commons_lang:1.3.04:*:*:*:*:*:*:*pkg:maven/xml-apis/xml-apis-ext@1.3.04 0Low35
xmlbeans-5.3.0.jarcpe:2.3:a:apache:xmlbeans:5.3.0:*:*:*:*:*:*:*pkg:maven/org.apache.xmlbeans/xmlbeans@5.3.0 0Highest37
xmlgraphics-commons-2.10.jarcpe:2.3:a:apache:xmlgraphics_commons:2.10:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/xmlgraphics-commons@2.10 0Highest29

Dependencies (vulnerable)

HikariCP-6.3.3.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/com/zaxxer/HikariCP/6.3.3/HikariCP-6.3.3.jar
MD5: a5c7bb14f24a598a87118c9f73641466
SHA1: 7c5aec1e47a97ff40977e0193018865304ea9585
SHA256:709f378c05756280939ce50fc1b1f1a53bb8e1899dc1b249f21f12703640b48b
Referenced In Project/Scope: fides-tool-ui-desktop:compile
HikariCP-6.3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

SparseBitSet-1.3.jar

Description:

An efficient sparse bitset implementation for Java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/com/zaxxer/SparseBitSet/1.3/SparseBitSet-1.3.jar
MD5: fbe27bb4c05e8719b7fff5aa71a57364
SHA1: 533eac055afe3d5f614ea95e333afd6c2bde8f26
SHA256:f76b85adb0c00721ae267b7cfde4da7f71d3121cc2160c9fc00c0c89f8c53c8a
Referenced In Project/Scope: fides-tool-ui-desktop:compile
SparseBitSet-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

angus-activation-2.0.2.jar

Description:

 Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/jenkins_home/.m2/repository/org/eclipse/angus/angus-activation/2.0.2/angus-activation-2.0.2.jar
MD5: 42bba74155dc773eca277ee7a16f74be
SHA1: 41f1e0ddd157c856926ed149ab837d110955a9fc
SHA256:6dd3bcffc22bce83b07376a0e2e094e4964a3195d4118fb43e380ef35436cc1e
Referenced In Project/Scope: fides-tool-ui-desktop:runtime
angus-activation-2.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

ant-1.10.14.jar

File Path: /var/jenkins_home/.m2/repository/org/apache/ant/ant/1.10.14/ant-1.10.14.jar
MD5: 263e00d844d0e4efa54440ec5ed6362a
SHA1: 1edce9bbfa60dfd51f010879c78f4421dafae7a7
SHA256:4cbbd9243de4c1042d61d9a15db4c43c90ff93b16d78b39481da1c956c8e9671
Referenced In Project/Scope: fides-tool-ui-desktop:provided
ant-1.10.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.ant/ant-jsch@1.10.14

Identifiers

antlr4-runtime-4.13.0.jar

Description:

The ANTLR 4 Runtime

License:

https://www.antlr.org/license.html
File Path: /var/jenkins_home/.m2/repository/org/antlr/antlr4-runtime/4.13.0/antlr4-runtime-4.13.0.jar
MD5: bff95723c494b332b14575d713a65df4
SHA1: 5a02e48521624faaf5ff4d99afc88b01686af655
SHA256:bd7f7b5d07bc0b047f10915b32ca4bb1de9e57d8049098882e4453c88c076a5d
Referenced In Project/Scope: fides-tool-ui-desktop:compile
antlr4-runtime-4.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

aspectjweaver-1.9.24.jar

Description:

The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
		weaving (LTW) during class-loading and also contains the AspectJ runtime classes.

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/aspectj/aspectjweaver/1.9.24/aspectjweaver-1.9.24.jar
MD5: d95bb9406a5351d45a02145777b9a241
SHA1: 9b5aeb0cea9f958b9c57fb80e62996e95a3e9379
SHA256:75e4227fb7dc5f97c3d4689cd1c2439f4db0bd18cea2fa242c4656cd93c599aa
Referenced In Project/Scope: fides-tool-ui-desktop:compile
aspectjweaver-1.9.24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

batik-css-1.18.jar

Description:

Batik CSS engine

File Path: /var/jenkins_home/.m2/repository/org/apache/xmlgraphics/batik-css/1.18/batik-css-1.18.jar
MD5: 3c84f96ad95b3f2ff868f4fca2e599e5
SHA1: 639787c5503d058420eddc663f06ea8e05cc712d
SHA256:3d62a9b1f492fea44b36e9947367ee22501009da262d818df5a33b1808b1e09f
Referenced In Project/Scope: fides-tool-ui-desktop:compile
batik-css-1.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.satodev/std-commons-desktop@7.0

Identifiers

batik-i18n-1.18.jar

Description:

Batik i18n library

File Path: /var/jenkins_home/.m2/repository/org/apache/xmlgraphics/batik-i18n/1.18/batik-i18n-1.18.jar
MD5: 32c60445f4efa48aa8f93c144f2668d7
SHA1: 816b3f791b95cc0a0cec616028a869ecc790dd4d
SHA256:cc4a2a50380a6e6295f59ef6468d351e6771e3adf68c12d79c6007e4b1cb25cc
Referenced In Project/Scope: fides-tool-ui-desktop:compile
batik-i18n-1.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.satodev/std-commons-desktop@7.0

Identifiers

byte-buddy-1.17.7.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/net/bytebuddy/byte-buddy/1.17.7/byte-buddy-1.17.7.jar
MD5: 209b2faed508ed6804df6982f8fd2c16
SHA1: 3856bfab61beb23e099a0d6629f2ba8de4b98ace
SHA256:3575dcb8a98faf943d3c1595c47a16047c4fce8a83ebbb26262f1a2f67546357
Referenced In Project/Scope: fides-tool-ui-desktop:runtime
byte-buddy-1.17.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

cache-api-1.1.1.jar

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/javax/cache/cache-api/1.1.1/cache-api-1.1.1.jar
MD5: dfdac9358e140e61c574abb1ada84dc9
SHA1: c56fb980eb5208bfee29a9a5b9d951aba076bd91
SHA256:9f34e007edfa82a7b2a2e1b969477dcf5099ce7f4f926fb54ce7e27c4a0cd54b
Referenced In Project/Scope: fides-tool-ui-desktop:compile
cache-api-1.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

classmate-1.7.0.jar

Description:

Library for introspecting types with full generic information
        including resolving of field and method types.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/com/fasterxml/classmate/1.7.0/classmate-1.7.0.jar
MD5: 3b8f14fe92feb865a8205aa63c5ed769
SHA1: 0e98374da1f2143ac8e6e0a95036994bb19137a3
SHA256:cb868f231c5cceb89d795ea00e6e1b7a93b8f4ac1ce1d8be76dde322dff4a046
Referenced In Project/Scope: fides-tool-ui-desktop:runtime
classmate-1.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

commons-codec-1.18.0.jar

Description:

     The Apache Commons Codec component contains encoders and decoders for
     formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/commons-codec/commons-codec/1.18.0/commons-codec-1.18.0.jar
MD5: 2abf189633424b9292fd57a3192c0ed5
SHA1: ee45d1cf6ec2cc2b809ff04b4dc7aec858e0df8f
SHA256:ba005f304cef92a3dede24a38ad5ac9b8afccf0d8f75839d6c1338634cf7f6e4
Referenced In Project/Scope: fides-tool-ui-desktop:compile
commons-codec-1.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Project/Scope: fides-tool-ui-desktop:compile
commons-collections4-4.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

commons-compress-1.27.1.jar

Description:

Apache Commons Compress defines an API for working with
compression and archive formats. These include bzip2, gzip, pack200,
LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/apache/commons/commons-compress/1.27.1/commons-compress-1.27.1.jar
MD5: 1db4bd87b0082044c6e7a6af0b977a3e
SHA1: a19151084758e2fbb6b41eddaa88e7b8ff4e6599
SHA256:293d80f54b536b74095dcd7ea3cf0a29bbfc3402519281332495f4420d370d16
Referenced In Project/Scope: fides-tool-ui-desktop:compile
commons-compress-1.27.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

commons-io-2.18.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/commons-io/commons-io/2.18.0/commons-io-2.18.0.jar
MD5: 8cce74ccf461cd6502ae04c908eca917
SHA1: 44084ef756763795b31c578403dd028ff4a22950
SHA256:f3ca0f8d63c40e23a56d54101c60d5edee136b42d84bfb85bc7963093109cf8b
Referenced In Project/Scope: fides-tool-ui-desktop:compile
commons-io-2.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

commons-lang3-3.17.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

  The code is tested using the latest revision of the JDK for supported
  LTS releases: 8, 11, 17 and 21 currently.
  See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
  
  Please ensure your build environment is up-to-date and kindly report any build issues.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/apache/commons/commons-lang3/3.17.0/commons-lang3-3.17.0.jar
MD5: 7730df72b7fdff4a3a32d89a314f826a
SHA1: b17d2136f0460dcc0d2016ceefca8723bdf4ee70
SHA256:6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4
Referenced In Project/Scope: fides-tool-ui-desktop:compile
commons-lang3-3.17.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

CVE-2025-48924  

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a 
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

commons-logging-1.0.4.jar

Description:

Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /var/jenkins_home/.m2/repository/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar
MD5: 8a507817b28077e0478add944c64586a
SHA1: f029a2aefe2b3e1517573c580f948caac31b1056
SHA256:e94af49749384c11f5aa50e8d0f5fe679be771295b52030338d32843c980351e
Referenced In Project/Scope: fides-tool-ui-desktop:compile
commons-logging-1.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.satodev/std-commons-desktop@7.0

Identifiers

commons-math3-3.6.1.jar

Description:

The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
MD5: 5b730d97e4e6368069de1983937c508e
SHA1: e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf
SHA256:1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308
Referenced In Project/Scope: fides-tool-ui-desktop:compile
commons-math3-3.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

commons-text-1.13.0.jar

Description:

Apache Commons Text is a set of utility functions and reusable components for the purpose of processing
    and manipulating text that should be of use in a Java environment.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/apache/commons/commons-text/1.13.0/commons-text-1.13.0.jar
MD5: 4b4766452c04316e3ef6ffe3490d6b10
SHA1: ba2ed5521c491cabf7ecdb57f77922561c2e8958
SHA256:1e323a501127df78ed0987f345d69d65d0ea7fa3d4fb5b3f84aaeba3a8b20f38
Referenced In Project/Scope: fides-tool-ui-desktop:compile
commons-text-1.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

curvesapi-1.08.jar

Description:

Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS.

License:

BSD License: http://opensource.org/licenses/BSD-3-Clause
File Path: /var/jenkins_home/.m2/repository/com/github/virtuald/curvesapi/1.08/curvesapi-1.08.jar
MD5: fc3aed90346691e7c79da06bb6606beb
SHA1: 3d3d36568154059825089b289dcfca481fe44e2c
SHA256:ad95b08b8bbf9d7d17e5e00814898fa23324f32bc5b62f1a37801e6a56ce0079
Referenced In Project/Scope: fides-tool-ui-desktop:compile
curvesapi-1.08.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

ehcache-3.10.9.jar (shaded: org.ehcache.modules:ehcache-107:3.10.9)

Description:

The JSR-107 compatibility module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/ehcache/ehcache/3.10.9/ehcache-3.10.9.jar/META-INF/maven/org.ehcache.modules/ehcache-107/pom.xml
MD5: 3e9d99c512303ef275b02e8ce9cb2c7d
SHA1: e35d5eab1f56cb5080d6af1a3c63a8d6518dcaf4
SHA256:3b4cc7a9e5779cc0dfb60833252928cabf6086e5503489da8247f85a8d62d1fd
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

ehcache-3.10.9.jar (shaded: org.ehcache.modules:ehcache-api:3.10.9)

Description:

The API module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/ehcache/ehcache/3.10.9/ehcache-3.10.9.jar/META-INF/maven/org.ehcache.modules/ehcache-api/pom.xml
MD5: 601fa12cf135e831aacd37ae34712e9a
SHA1: 8361b135d76240bed3aaec811ba342d158087f2f
SHA256:ea857512c008c0d555c378b8e1cfce272405e9fb60888e9e57424262ca657734
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

ehcache-3.10.9.jar (shaded: org.ehcache.modules:ehcache-core:3.10.9)

Description:

The Core module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/ehcache/ehcache/3.10.9/ehcache-3.10.9.jar/META-INF/maven/org.ehcache.modules/ehcache-core/pom.xml
MD5: 061a4bd861a4d29f9b786b47d9635014
SHA1: bdce3f9d0f6a27316414bbc8022581863d6fd241
SHA256:93fdb9ca82a212876a6680d49793cedcde06c0f107207f1c4ae83b3b2491cf7c
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

ehcache-3.10.9.jar (shaded: org.ehcache.modules:ehcache-impl:3.10.9)

Description:

The implementation module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/ehcache/ehcache/3.10.9/ehcache-3.10.9.jar/META-INF/maven/org.ehcache.modules/ehcache-impl/pom.xml
MD5: 4d9767d55ea8d32afd6ce5197047f1c8
SHA1: 7ab36b6dda8a1d57a35fb9e5b6731e8446bf0a80
SHA256:fad7aceb8e91d1e3cf6b984826cf1364a3f3d41bc1f8f59a6bb26fbd5fd47bb4
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

ehcache-3.10.9.jar (shaded: org.ehcache.modules:ehcache-xml-spi:3.10.9)

Description:

This module contains the XML parsing SPI for Ehcache 3. This allows Ehcache extension services to provide XML configuration capabilities.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/ehcache/ehcache/3.10.9/ehcache-3.10.9.jar/META-INF/maven/org.ehcache.modules/ehcache-xml-spi/pom.xml
MD5: 0fdc12d35c3b82110a6601869615698e
SHA1: b3988d89ef1edd03ce1b304db18375c03551c6ef
SHA256:e122fb7b9c7ad560a34da6df49db182035b3c7709927922ea0b771c02624e4de
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

ehcache-3.10.9.jar (shaded: org.ehcache.modules:ehcache-xml:3.10.9)

Description:

The module containing all XML parsing logic Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/ehcache/ehcache/3.10.9/ehcache-3.10.9.jar/META-INF/maven/org.ehcache.modules/ehcache-xml/pom.xml
MD5: 18b7941044501bb7413d4d1b253e2dd7
SHA1: faf12f5ef9f9a4c667850c9d68f4e6c952272744
SHA256:541eba0603acd33677be138dfb5b41a4818704e4d6921bbe2da1c312584bc3b0
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

ehcache-3.10.9.jar (shaded: org.ehcache:sizeof:0.4.3)

Description:

SizeOf engine, extracted from Ehcache

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/ehcache/ehcache/3.10.9/ehcache-3.10.9.jar/META-INF/maven/org.ehcache/sizeof/pom.xml
MD5: c0ad3baef0ef03d4ca849743f1f26b70
SHA1: 8589b7bd18f4b3e12cd222a44bdcbbada5363da8
SHA256:9c03a981dbff96ff6b7d74dffb5e8a9a46bb66e06ba98d18f6b8ff4472bd0709
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

ehcache-3.10.9.jar (shaded: org.terracotta:fast-restartable-store:1.6.10)

File Path: /var/jenkins_home/.m2/repository/org/ehcache/ehcache/3.10.9/ehcache-3.10.9.jar/META-INF/maven/org.terracotta/fast-restartable-store/pom.xml
MD5: 8f0f230c65db7e3c578e8869e7187a82
SHA1: 7dc4a86d5fe3f0531c10df047271076d738ebe4a
SHA256:7cbeb173bc14daac42de34f30e317f36e37043b2beb04c77a3518c1d90380415
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

ehcache-3.10.9.jar (shaded: org.terracotta:offheap-store:2.5.5)

Description:

A library that offers data structures allocated off the java heap.

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/ehcache/ehcache/3.10.9/ehcache-3.10.9.jar/META-INF/maven/org.terracotta/offheap-store/pom.xml
MD5: f7bf911658d136d41dd38ec3111608e8
SHA1: 3363fddddcf6fe228d4bd684d79f7ffd1c9876df
SHA256:2739a6e286415e85e05a9fa2f74428b7a8cbc6dd5c8325f0f03655cefedde1b2
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

ehcache-3.10.9.jar (shaded: org.terracotta:statistics:2.1.2)

Description:

A statistics framework used inside Ehcache and the Terracotta products

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/ehcache/ehcache/3.10.9/ehcache-3.10.9.jar/META-INF/maven/org.terracotta/statistics/pom.xml
MD5: 9df3f5a18142de19c1c7f379885a4391
SHA1: 305a0214578ebf1c14e8d78adce1a5af028c8132
SHA256:25c36806fdcd2ab5e4c1c1c5625bc4f966c10a4a93ab3dd321aa82b3f9e43081
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

ehcache-3.10.9.jar (shaded: org.terracotta:terracotta-utilities-tools:0.0.17)

Description:

Utility classes/methods for common Java tasks

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/ehcache/ehcache/3.10.9/ehcache-3.10.9.jar/META-INF/maven/org.terracotta/terracotta-utilities-tools/pom.xml
MD5: 16fb5cf823dc55ddcebbe66a600fc55d
SHA1: 895abb2757ea0e257a12f700247fe7e4432bf9c4
SHA256:0f4b9612a048634f484856cd6e3341e5bcc912eb8f0ec3d5bba5bedf76c8ca87
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

ehcache-3.10.9.jar

Description:

End-user ehcache3 jar artifact

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/ehcache/ehcache/3.10.9/ehcache-3.10.9.jar
MD5: 916b64a3f93df9e99c08231fd666c522
SHA1: 19c98036524575bff4bb040ecac9cf547cc175cc
SHA256:f22d97693b02b5b95169799340c009862f4935082130b630bb64780dbafaf718
Referenced In Project/Scope: fides-tool-ui-desktop:compile
ehcache-3.10.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

ehcache-3.10.9.jar: sizeof-agent.jar

File Path: /var/jenkins_home/.m2/repository/org/ehcache/ehcache/3.10.9/ehcache-3.10.9.jar/org/ehcache/sizeof/impl/sizeof-agent.jar
MD5: 532dbbf741bfb7f531938786bc0bb970
SHA1: 4e5d8c485b09104825c0d8ec635f775ab522be06
SHA256:60e093acb08d3bc30235ef15941380195cbb85b1ec8b4afd672249f9c530e356
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

  • None

exp4j-0.4.8.jar

Description:

A simple mathematical expression evaluator for java.

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/jenkins_home/.m2/repository/net/objecthunter/exp4j/0.4.8/exp4j-0.4.8.jar
MD5: 5c554588bdf3319842a4fa66136c0119
SHA1: cf1cfc0f958077d86ac7452c7e36d944689b2ec4
SHA256:271f7824ee8a3468257bc0613afdabb67597af8389317643fa806b983b7ecb27
Referenced In Project/Scope: fides-tool-ui-desktop:compile
exp4j-0.4.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

fides-tool-api-1.0.jar

File Path: /var/jenkins_home/workspace/Fides_Multi_desktop-production/Fides/fides-tool-api/target/fides-tool-api-1.0.jar
MD5: eb9c2a9db56b43312f1a5915842ce76d
SHA1: 45e018e3c4c72efea1a96c78fefb5e11b79017e3
SHA256:4da7663264d20ec91db9954c823a5e223d73b9165c7c1753bca5878d7916b762
Referenced In Project/Scope: fides-tool-ui-desktop:compile
fides-tool-api-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui-desktop@1.5.6

Identifiers

fides-tool-common-1.0.jar

File Path: /var/jenkins_home/workspace/Fides_Multi_desktop-production/Fides/fides-tool-common/target/fides-tool-common-1.0.jar
MD5: 69f6a6f3bafd07d1fe6427b23876111a
SHA1: 943a63351cf2cb5d67deaa587eb6ec6fb149ef3e
SHA256:3d3ae4e8c38641ff9202cd78a21de53eee5cee63d72839cc29b09568cbcc3eff
Referenced In Project/Scope: fides-tool-ui-desktop:compile
fides-tool-common-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

fides-tool-engine-1.0.jar

File Path: /var/jenkins_home/workspace/Fides_Multi_desktop-production/Fides/fides-tool-engine/target/fides-tool-engine-1.0.jar
MD5: d239deee1887075e873b41e5ddb679b9
SHA1: 30ead189b9aac2b20399e46e4824c8a7921b67b7
SHA256:f9c5288a6518c8a8418bf7fd23738ab39301fe5c111f47d4144eb0b7b6c38103
Referenced In Project/Scope: fides-tool-ui-desktop:compile
fides-tool-engine-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

fides-tool-persistence-1.0.jar

File Path: /var/jenkins_home/workspace/Fides_Multi_desktop-production/Fides/fides-tool-persistence/target/fides-tool-persistence-1.0.jar
MD5: 96e06b053b7cfdfa0ceb1918827b88fd
SHA1: f22aa04d09f244bb6d2e24ab59a7b51a879597d5
SHA256:dc3d7899cb3331897457d5d4724fbf1b5a78c10d06f4562e28912621dee77ee1
Referenced In Project/Scope: fides-tool-ui-desktop:compile
fides-tool-persistence-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

fides-tool-ui-1.5.6.jar

File Path: /var/jenkins_home/workspace/Fides_Multi_desktop-production/Fides/fides-tool-ui/target/fides-tool-ui-1.5.6.jar
MD5: bbfef51573d7df480415b9b0da5e6496
SHA1: 1a1a69861e0b091e88c6134d882fb325d88fb494
SHA256:ebdb333ad80b653be88bae669d49a05db31166d11963792610f0568adb584388
Referenced In Project/Scope: fides-tool-ui-desktop:compile
fides-tool-ui-1.5.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui-desktop@1.5.6

Identifiers

flatlaf-3.5.jar

Description:

Flat Look and Feel

License:

The Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/com/formdev/flatlaf/3.5/flatlaf-3.5.jar
MD5: f37660c8d78199e83434430e4aad59aa
SHA1: 5ba0ba8ca4a1942bfff4a2771565f125c07a56a6
SHA256:0ead65f732e0934c6674e040deeb5e4c05fd932604a51bb1bf066d8909679769
Referenced In Project/Scope: fides-tool-ui-desktop:compile
flatlaf-3.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.satodev/std-commons-desktop@7.0

Identifiers

flatlaf-3.5.jar: flatlaf-windows-arm64.dll

File Path: /var/jenkins_home/.m2/repository/com/formdev/flatlaf/3.5/flatlaf-3.5.jar/com/formdev/flatlaf/natives/flatlaf-windows-arm64.dll
MD5: 9adc1896f6c8ee163fc6fd4189fd84c7
SHA1: 092c692c71b82a8aa955abcae683e71394b8091b
SHA256:7c3073c6fe96be83eeddc2380e73cd3c591d44810c1249ed2cd51c50836f2a07
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

  • None

flatlaf-3.5.jar: flatlaf-windows-x86.dll

File Path: /var/jenkins_home/.m2/repository/com/formdev/flatlaf/3.5/flatlaf-3.5.jar/com/formdev/flatlaf/natives/flatlaf-windows-x86.dll
MD5: e2356ea2ea840926c817709dc577979d
SHA1: ba74d19365968acd9eef79f57590b64480ac83ea
SHA256:a5415cd32df7aeff6f9b39fb08767ba47d75f4c93d8cf409e6ea95e87530c4d3
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

  • None

flatlaf-3.5.jar: flatlaf-windows-x86_64.dll

File Path: /var/jenkins_home/.m2/repository/com/formdev/flatlaf/3.5/flatlaf-3.5.jar/com/formdev/flatlaf/natives/flatlaf-windows-x86_64.dll
MD5: b785b258aec2821d114cad48eb6992dc
SHA1: c7d147ff7c92a2a72fbe63aca888a424b4684d52
SHA256:1056954c89c770358d8871f6d69e16bce5fc76f19e8d145a2388f7badd7cdff3
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

  • None

h2-2.4.240.jar

Description:

H2 Database Engine

License:

MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/
EPL 1.0: https://opensource.org/licenses/eclipse-1.0.php
File Path: /var/jenkins_home/.m2/repository/com/h2database/h2/2.4.240/h2-2.4.240.jar
MD5: fb14a47b07dfd4381a608d3adb89dc25
SHA1: 686180ad33981ad943fdc0ab381e619b2c2fdfe5
SHA256:29b70e427cc1c40cdc376283adbb0cc62853073797bb5fe5761f81fe73d57ce0
Referenced In Project/Scope: fides-tool-ui-desktop:runtime
h2-2.4.240.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui-desktop@1.5.6

Identifiers

CVE-2018-14335 (OSSINDEX)  

h2database - Improper Link Resolution Before File Access
CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv3:
  • Base Score: MEDIUM (6.0)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.h2database:h2:2.4.240:*:*:*:*:*:*:*

h2-2.4.240.jar: data.zip: table.js

File Path: /var/jenkins_home/.m2/repository/com/h2database/h2/2.4.240/h2-2.4.240.jar/org/h2/util/data.zip/org/h2/server/web/res/table.js
MD5: ca07fc6140e278428c7704453d30bed5
SHA1: 8044d5d7aecfa0cd1cbb897af398492ac5c8af7e
SHA256:968e1c570a30b2383db9fc67150ac924df171fe587c44996bdd08f2f14b7a017
Referenced In Project/Scope: fides-tool-ui-desktop:runtime

Identifiers

  • None

h2-2.4.240.jar: data.zip: tree.js

File Path: /var/jenkins_home/.m2/repository/com/h2database/h2/2.4.240/h2-2.4.240.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js
MD5: c2620dfa674439d78be770a2588a3e56
SHA1: 0c6bc6d3eb88131d071938de4e5514e1f182e1f9
SHA256:9f933afa133f72bd51e7904e54792418ed1595e35005e48b72af1f7fbccd8963
Referenced In Project/Scope: fides-tool-ui-desktop:runtime

Identifiers

  • None

hibernate-commons-annotations-7.0.3.Final.jar

Description:

Common reflection code used in support of annotation processing

License:

Apache License Version 2.0: https://opensource.org/licenses/Apache-2.0
File Path: /var/jenkins_home/.m2/repository/org/hibernate/common/hibernate-commons-annotations/7.0.3.Final/hibernate-commons-annotations-7.0.3.Final.jar
MD5: 6698f99235fe6d36c42caaf2e6b52797
SHA1: e183c4be8bb41d12e9f19b374e00c34a0a85f439
SHA256:0db2fd57d5e43688ac6ed5cdf36deaf05d84340dcc24c2dd2a2114de38e5175d
Referenced In Project/Scope: fides-tool-ui-desktop:runtime
hibernate-commons-annotations-7.0.3.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

hibernate-core-6.6.29.Final.jar

Description:

Hibernate's core ORM functionality

License:

GNU Library General Public License v2.1 or later: https://www.opensource.org/licenses/LGPL-2.1
File Path: /var/jenkins_home/.m2/repository/org/hibernate/orm/hibernate-core/6.6.29.Final/hibernate-core-6.6.29.Final.jar
MD5: 803edf8cbb9c6e5dd1b856fb08969c87
SHA1: d12db68bb867e2fe6e68740b3fba3d1d633f77ff
SHA256:a769334ed1b477afc7f3c1ec4f368d1dcd9f6535ab272a8560037e4f163a0a1f
Referenced In Project/Scope: fides-tool-ui-desktop:compile
hibernate-core-6.6.29.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

hibernate-jcache-6.6.13.Final.jar

Description:

Integration for javax.cache into Hibernate as a second-level caching service

License:

GNU Library General Public License v2.1 or later: https://www.opensource.org/licenses/LGPL-2.1
File Path: /var/jenkins_home/.m2/repository/org/hibernate/orm/hibernate-jcache/6.6.13.Final/hibernate-jcache-6.6.13.Final.jar
MD5: ecfe70696fa3ae18476f0b55209455e4
SHA1: 555049af043f6cdec0f4f2f637a5a41f49b738a0
SHA256:48fbaf23cb96d8d6ef3317087ca472943cb6042761d7baae1f2a96dddc87c704
Referenced In Project/Scope: fides-tool-ui-desktop:compile
hibernate-jcache-6.6.13.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

istack-commons-runtime-4.1.2.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/jenkins_home/.m2/repository/com/sun/istack/istack-commons-runtime/4.1.2/istack-commons-runtime-4.1.2.jar
MD5: 535154ef647af2a52478c4debec93659
SHA1: 18ec117c85f3ba0ac65409136afa8e42bc74e739
SHA256:7fd6792361f4dd00f8c56af4a20cecc0066deea4a8f3dec38348af23fc2296ee
Referenced In Project/Scope: fides-tool-ui-desktop:runtime
istack-commons-runtime-4.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

jackson-core-2.19.2.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.19.2/jackson-core-2.19.2.jar
MD5: b3843578b0753a9a685eea819dea3ab7
SHA1: 50f3b4bd59b9ff51a0ed493e7b5abaf5c39709bf
SHA256:aa77eaf29293a868c47372194f7c5287d77d9370b04ea25d3fffc1e4904b5880
Referenced In Project/Scope: fides-tool-ui-desktop:compile
jackson-core-2.19.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-json@3.5.6

Identifiers

jackson-databind-2.19.2.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.19.2/jackson-databind-2.19.2.jar
MD5: 856506e1d49091e89599a3ef34990597
SHA1: 46509399d28f57ca32c6bb4b0d4e10e8f062051e
SHA256:0a1bd4e9b0d670e632d40ee8c625ad376233502f03c2f5889baea95d025b47a7
Referenced In Project/Scope: fides-tool-ui-desktop:compile
jackson-databind-2.19.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-json@3.5.6

Identifiers

jakarta.activation-api-2.1.4.jar

Description:

  Specification

License:

EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/jenkins_home/.m2/repository/jakarta/activation/jakarta.activation-api/2.1.4/jakarta.activation-api-2.1.4.jar
MD5: bc1602eee7bc61a0b86f14bbbb0cc794
SHA1: 9e5c2a0d75dde71a0bedc4dbdbe47b78a5dc50f8
SHA256:c9db52100ce6c8aac95cc39075f95720d2e561b11f8051b81c121ad4effd7004
Referenced In Project/Scope: fides-tool-ui-desktop:runtime
jakarta.activation-api-2.1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

jakarta.annotation-api-2.1.1.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /var/jenkins_home/.m2/repository/jakarta/annotation/jakarta.annotation-api/2.1.1/jakarta.annotation-api-2.1.1.jar
MD5: 5dac2f68e8288d0add4dc92cb161711d
SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3
SHA256:5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe
Referenced In Project/Scope: fides-tool-ui-desktop:compile
jakarta.annotation-api-2.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

jakarta.inject-api-2.0.1.jar

Description:

Jakarta Dependency Injection

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/jakarta/inject/jakarta.inject-api/2.0.1/jakarta.inject-api-2.0.1.jar
MD5: 72003bf6efcc8455d414bbd7da86c11c
SHA1: 4c28afe1991a941d7702fe1362c365f0a8641d1e
SHA256:f7dc98062fccf14126abb751b64fab12c312566e8cbdc8483598bffcea93af7c
Referenced In Project/Scope: fides-tool-ui-desktop:runtime
jakarta.inject-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

jakarta.persistence-api-3.1.0.jar

Description:

Jakarta Persistence 3.1 API jar

License:

Eclipse Public License v. 2.0: http://www.eclipse.org/legal/epl-2.0
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/jenkins_home/.m2/repository/jakarta/persistence/jakarta.persistence-api/3.1.0/jakarta.persistence-api-3.1.0.jar
MD5: 35a1b7dfb38cf44ff795be607b0e6b5b
SHA1: 66901fa1c373c6aff65c13791cc11da72060a8d6
SHA256:475389446d35c6f46c565728b756dc508c284644ea2690644e0d8e7e339d42fd
Referenced In Project/Scope: fides-tool-ui-desktop:compile
jakarta.persistence-api-3.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

jakarta.transaction-api-2.0.1.jar

Description:

Jakarta Transactions

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /var/jenkins_home/.m2/repository/jakarta/transaction/jakarta.transaction-api/2.0.1/jakarta.transaction-api-2.0.1.jar
MD5: 5315974a3935e342b40849478e1c9966
SHA1: 51a520e3fae406abb84e2e1148e6746ce3f80a1a
SHA256:50c0a7c760c13ae6c042acf182b28f0047413db95b4636fb8879bcffab5ba875
Referenced In Project/Scope: fides-tool-ui-desktop:compile
jakarta.transaction-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

jakarta.xml.bind-api-4.0.2.jar

Description:

Jakarta XML Binding API 4.0 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/jenkins_home/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/4.0.2/jakarta.xml.bind-api-4.0.2.jar
MD5: 0c8f9991081def819435c3ff36e4d93f
SHA1: 6cd5a999b834b63238005b7144136379dc36cad2
SHA256:0d6bcfe47763e85047acf7c398336dc84ff85ebcad0a7cb6f3b9d3e981245406
Referenced In Project/Scope: fides-tool-ui-desktop:runtime
jakarta.xml.bind-api-4.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

jandex-3.2.0.jar

Description:

SmallRye Build Parent POM

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/io/smallrye/jandex/3.2.0/jandex-3.2.0.jar
MD5: 703254a1bd4c37efeebdc0a283c65565
SHA1: f17ad860f62a08487b9edabde608f8ac55c62fa7
SHA256:6da3e9ce8d0c0a433f3e7ce610a3c66accb00c71fee67aa0ff3e5a841395ac15
Referenced In Project/Scope: fides-tool-ui-desktop:runtime
jandex-3.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

jaxb-core-4.0.5.jar

Description:

JAXB Core module. Contains sources required by XJC, JXC and Runtime modules.

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/jenkins_home/.m2/repository/org/glassfish/jaxb/jaxb-core/4.0.5/jaxb-core-4.0.5.jar
MD5: ab09aef6bebd4438b0a02707881801e4
SHA1: 007b4b11ea5542eea4ad55e1080b23be436795b3
SHA256:ad3fd9bf00de3eda9859f70b6cfb011e2fe9904804e16a2665092888ece0fdca
Referenced In Project/Scope: fides-tool-ui-desktop:runtime
jaxb-core-4.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

jaxb-runtime-4.0.5.jar

Description:

JAXB (JSR 222) Reference Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/jenkins_home/.m2/repository/org/glassfish/jaxb/jaxb-runtime/4.0.5/jaxb-runtime-4.0.5.jar
MD5: c7384f1f95b8a8e15291485ff9dbe4f3
SHA1: ca84c2a7169b5293e232b9d00d1e4e36d4c3914a
SHA256:485d8940e76373a7f300815ea5504bf5b726c234425ad30971019d133124cca4
Referenced In Project/Scope: fides-tool-ui-desktop:runtime
jaxb-runtime-4.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

jboss-logging-3.6.1.Final.jar

Description:

The JBoss Logging Framework

License:

Apache License 2.0: https://repository.jboss.org/licenses/apache-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/jboss/logging/jboss-logging/3.6.1.Final/jboss-logging-3.6.1.Final.jar
MD5: acab989faf62db02c092448e95614fab
SHA1: 886afbb445b4016a37c8960a7aef6ebd769ce7e5
SHA256:5e08a4b092dc85b337f0910a740571d8720cfa565fabd880a8caf94a657ca416
Referenced In Project/Scope: fides-tool-ui-desktop:runtime
jboss-logging-3.6.1.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

jsch-0.1.55.jar

Description:

JSch is a pure Java implementation of SSH2

License:

Revised BSD: http://www.jcraft.com/jsch/LICENSE.txt
File Path: /var/jenkins_home/.m2/repository/com/jcraft/jsch/0.1.55/jsch-0.1.55.jar
MD5: c395ada0fc012d66f11bd30246f6c84d
SHA1: bbd40e5aa7aa3cfad5db34965456cee738a42a50
SHA256:d492b15a6d2ea3f1cc39c422c953c40c12289073dbe8360d98c0f6f9ec74fc44
Referenced In Project/Scope: fides-tool-ui-desktop:provided
jsch-0.1.55.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.ant/ant-jsch@1.10.14

Identifiers

jsch-0.2.17.jar

Description:

JSch is a pure Java implementation of SSH2

License:

Revised BSD: https://github.com/mwiede/jsch/blob/master/LICENSE.txt
Revised BSD: https://github.com/mwiede/jsch/blob/master/LICENSE.JZlib.txt
ISC: https://github.com/mwiede/jsch/blob/master/LICENSE.jBCrypt.txt
File Path: /var/jenkins_home/.m2/repository/com/github/mwiede/jsch/0.2.17/jsch-0.2.17.jar
MD5: cab01731fd7e65e13cb509869a3df7fb
SHA1: 1572f8ac4023895c2232160fddd4bfdd8c8e214d
SHA256:744667315fcaaa1b00d2ef177fb2660036a9733f6ccd93a5c87ce800fde6b832
Referenced In Project/Scope: fides-tool-ui-desktop:provided
jsch-0.2.17.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui-desktop@1.5.6

Identifiers

jul-to-slf4j-2.0.17.jar

Description:

JUL to SLF4J bridge

License:

https://opensource.org/license/mit
File Path: /var/jenkins_home/.m2/repository/org/slf4j/jul-to-slf4j/2.0.17/jul-to-slf4j-2.0.17.jar
MD5: a42936c56611e4794c42908fb3d3a647
SHA1: 524cb6ccc2b68a57604750e1ab8b13b5a786a6aa
SHA256:a7afcd23b9cfd1475e55c94f943b808c5922035e7e2c2a5c65a487a4106bc538
Referenced In Project/Scope: fides-tool-ui-desktop:compile
jul-to-slf4j-2.0.17.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

log4j-api-2.24.3.jar

Description:

The logging API of the Log4j project.
    Library and application code can log through this API.
    It contains a simple built-in implementation (`SimpleLogger`) for trivial use cases.
    Production applications are recommended to use Log4j API in combination with a fully-fledged implementation, such as Log4j Core.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/apache/logging/log4j/log4j-api/2.24.3/log4j-api-2.24.3.jar
MD5: d89516699543c5c21be87ee1760695f3
SHA1: b02c125db8b6d295adf72ae6e71af5d83bce2370
SHA256:5b4a0a0cd0e751ded431c162442bdbdd53328d1f8bb2bae5fc1bbeee0f66d80f
Referenced In Project/Scope: fides-tool-ui-desktop:compile
log4j-api-2.24.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

CVE-2025-68161  

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the  verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName  configuration attribute or the  log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName  system property is set to true.

This issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under the following conditions:

  *  The attacker is able to intercept or redirect network traffic between the client and the log receiver.
  *  The attacker can present a server certificate issued by a certification authority trusted by the Socket Appender’s configured trust store (or by the default Java trust store if no custom trust store is configured).


Users are advised to upgrade to Apache Log4j Core version 2.25.3, which addresses this issue.

As an alternative mitigation, the Socket Appender may be configured to use a private or restricted trust root to limit the set of trusted certificates.
CWE-295 Improper Certificate Validation, CWE-297 Improper Validation of Certificate with Host Mismatch

CVSSv4:
  • Base Score: MEDIUM (6.3)
  • Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X
CVSSv3:
  • Base Score: MEDIUM (4.8)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:2.2/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

log4j-to-slf4j-2.24.3.jar

Description:

Forwards the Log4j API calls to SLF4J.
    (Refer to the `log4j-slf4j[2]-impl` artifacts for forwarding SLF4J to the Log4j API.)

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.24.3/log4j-to-slf4j-2.24.3.jar
MD5: 1f4b63f9c41f2f5179aa10b35d76e805
SHA1: da1143e2a2531ee1c2d90baa98eb50a28a39d5a7
SHA256:c7f2b0c612a4eb05b1587d1c880eb4cf5f4f53850676a8ede8da2b8fabb4f73f
Referenced In Project/Scope: fides-tool-ui-desktop:compile
log4j-to-slf4j-2.24.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

logback-classic-1.5.18.jar

Description:

logback-classic module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /var/jenkins_home/.m2/repository/ch/qos/logback/logback-classic/1.5.18/logback-classic-1.5.18.jar
MD5: 05bd5f5d61a7efe5d5ae362df43377b5
SHA1: fc371f3fc97a639de2d67947cffb7518ec5e3d40
SHA256:3e1533d0321f8815eef46750aee0111b41554f9a4644c3c4d2d404744b09f60f
Referenced In Project/Scope: fides-tool-ui-desktop:compile
logback-classic-1.5.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

logback-core-1.5.18.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /var/jenkins_home/.m2/repository/ch/qos/logback/logback-core/1.5.18/logback-core-1.5.18.jar
MD5: 10bcea83842beead15f072799b9c923d
SHA1: 6c0375624f6f36b4e089e2488ba21334a11ef13f
SHA256:85139e7b57b464f8e5e36326dd81317648bed199ccc4f98cd42585f8d7571027
Referenced In Project/Scope: fides-tool-ui-desktop:compile
logback-core-1.5.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

CVE-2025-11226 (OSSINDEX)  

ACE vulnerability in conditional configuration file processing  by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.



A successful attack requires the presence of Janino library and Spring Framework to be present on the user's class path. In addition, the attacker must  have write access to a 
configuration file. Alternatively, the attacker could inject a malicious 
environment variable pointing to a malicious configuration file. In both 
cases, the attack requires existing privilege.
CWE-20 Improper Input Validation

CVSSv4:
  • Base Score: HIGH (7.300000190734863)
  • Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:ch.qos.logback:logback-core:1.5.18:*:*:*:*:*:*:*

CVE-2026-1225 (OSSINDEX)  

ACE vulnerability in configuration file processing  by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file.




The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must  have write access to a 
configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.
CWE-20 Improper Input Validation

CVSSv4:
  • Base Score: LOW (1.7999999523162842)
  • Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:ch.qos.logback:logback-core:1.5.18:*:*:*:*:*:*:*

lombok-1.18.32.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: /var/jenkins_home/.m2/repository/org/projectlombok/lombok/1.18.32/lombok-1.18.32.jar
MD5: 56e9be7b9a26802ac0c784ad824f3a29
SHA1: 17d46b3e205515e1e8efd3ee4d57ce8018914163
SHA256:97574674e2a25f567a313736ace00df8787d443de316407d57fc877d9f19a65d
Referenced In Project/Scope: fides-tool-ui-desktop:provided
lombok-1.18.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui-desktop@1.5.6

Identifiers

lombok-1.18.32.jar: mavenEcjBootstrapAgent.jar

File Path: /var/jenkins_home/.m2/repository/org/projectlombok/lombok/1.18.32/lombok-1.18.32.jar/lombok/launch/mavenEcjBootstrapAgent.jar
MD5: 81090c80616485973f6cd4a19d72bbdb
SHA1: ed1e7c8794dea7c7f7050098d56b2751b9f91288
SHA256:e97851350e56f4d1b02356ef61276886831e3a5e33a914ea95e878e2a46df69e
Referenced In Project/Scope: fides-tool-ui-desktop:provided

Identifiers

  • None

micrometer-commons-1.15.4.jar

Description:

Module containing common code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/io/micrometer/micrometer-commons/1.15.4/micrometer-commons-1.15.4.jar
MD5: dce057f497778156adf8d890d4f6ee35
SHA1: f73f10deeee5700b15c2f0f41ae79e2689b39613
SHA256:d9971273957d7cd695887cbc680772b75844bfcf3fa7017189171683798b9181
Referenced In Project/Scope: fides-tool-ui-desktop:compile
micrometer-commons-1.15.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-devtools@3.5.6

Identifiers

nimbus-jose-jwt-10.0.2.jar (shaded: com.github.stephenc.jcip:jcip-annotations:1.0-1)

Description:

    A clean room implementation of the JCIP Annotations based entirely on the specification provided by the javadocs.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/com/nimbusds/nimbus-jose-jwt/10.0.2/nimbus-jose-jwt-10.0.2.jar/META-INF/maven/com.github.stephenc.jcip/jcip-annotations/pom.xml
MD5: 11f9647450c14ff9b341c68782ef071a
SHA1: bdccebfbbbdd66fe56dcdf3bdee7b97a853cccc5
SHA256:68c2a5aa6e8f345743093e52b5b9e0190ba4d5a5215c0a59b4d7d33647208cbb
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

nimbus-jose-jwt-10.0.2.jar (shaded: com.google.code.gson:gson:2.12.1)

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/com/nimbusds/nimbus-jose-jwt/10.0.2/nimbus-jose-jwt-10.0.2.jar/META-INF/maven/com.google.code.gson/gson/pom.xml
MD5: 54205b633e8a676f5bb25c188631c854
SHA1: d2c3993ff96e5da39a57e5e0b695eda560949b57
SHA256:0b5735ec85f45282f1e2c769779800427b150a8163f405093a9280b71cab1978
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

nimbus-jose-jwt-10.0.2.jar

Description:

        Java library for Javascript Object Signing and Encryption (JOSE) and
        JSON Web Tokens (JWT)

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/com/nimbusds/nimbus-jose-jwt/10.0.2/nimbus-jose-jwt-10.0.2.jar
MD5: 98ebb498f6bbcee1049de8a64ff7c52c
SHA1: 93347ea9247ae09e095575e10f9cae79c195fbb8
SHA256:960b978a6cd6cbc3319648adc73959789f6742a2bf1e8dd0c843dbc91624218a
Referenced In Project/Scope: fides-tool-ui-desktop:compile
nimbus-jose-jwt-10.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

poi-5.4.1.jar

Description:

Apache POI - Java API To Access Microsoft Format Files

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/apache/poi/poi/5.4.1/poi-5.4.1.jar
MD5: d238d8ad583b76119b85c793fc36e0e7
SHA1: e4c74c59e13f62d8edd215756d14ce55566c6efe
SHA256:da5abf42da4604c5a7bca38956af6e9d6f196d9b6d4cb7eabee4f480b580d505
Referenced In Project/Scope: fides-tool-ui-desktop:compile
poi-5.4.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

slf4j-api-2.0.17.jar

Description:

The slf4j API

License:

https://opensource.org/license/mit
File Path: /var/jenkins_home/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832
Referenced In Project/Scope: fides-tool-ui-desktop:compile
slf4j-api-2.0.17.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

snakeyaml-2.4.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/yaml/snakeyaml/2.4/snakeyaml-2.4.jar
MD5: 29410ee3a987e3bff7b847933c591972
SHA1: e0666b825b796f85521f02360e77f4c92c5a7a07
SHA256:ef779af5d29a9dde8cc70ce0341f5c6f7735e23edff9685ceaa9d35359b7bb7f
Referenced In Project/Scope: fides-tool-ui-desktop:compile
snakeyaml-2.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

spring-boot-3.5.6.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/jenkins_home/.m2/repository/org/springframework/boot/spring-boot/3.5.6/spring-boot-3.5.6.jar
MD5: 231014f73d50a9f27d683152e13676c9
SHA1: a02f486ab700dad1f81e54cb37651d92a3f9d700
SHA256:4e66f6f3152e148c028977c33ab12c91ae381701b5d9d9951882a84f05ff5fea
Referenced In Project/Scope: fides-tool-ui-desktop:compile
spring-boot-3.5.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-devtools@3.5.6

Identifiers

spring-boot-devtools-3.5.6.jar

Description:

Spring Boot Developer Tools

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/jenkins_home/.m2/repository/org/springframework/boot/spring-boot-devtools/3.5.6/spring-boot-devtools-3.5.6.jar
MD5: 91809d84940c512d788c46fe490672ce
SHA1: cef8469fb0f018e4180f9244ffb8e6076621987e
SHA256:eb65e5a51da7110f3bdfd708fb6ea36d847c3637b69c1ac70298e1aca87797ff
Referenced In Project/Scope: fides-tool-ui-desktop:compile
spring-boot-devtools-3.5.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui-desktop@1.5.6

Identifiers

spring-boot-devtools-3.5.6.jar: livereload.js

File Path: /var/jenkins_home/.m2/repository/org/springframework/boot/spring-boot-devtools/3.5.6/spring-boot-devtools-3.5.6.jar/org/springframework/boot/devtools/livereload/livereload.js
MD5: cd0ec67ecbb16eb5808ac021d139b500
SHA1: 4720deaad842bc4e96d26d54f3e9d9f62b6f5b3e
SHA256:22f51f2ab40406e5b31468e3fea7dd413014f7ccbe780d9e2171d27904c6ccdf
Referenced In Project/Scope: fides-tool-ui-desktop:compile

Identifiers

  • None

spring-core-6.2.11.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/jenkins_home/.m2/repository/org/springframework/spring-core/6.2.11/spring-core-6.2.11.jar
MD5: 51868fd20036bc3bb237bf06c327dd22
SHA1: 0f4860eb6ea92abb8ae6c5e82e2e7efc395cef8d
SHA256:a1de6ff2d88c05442468360b89f881b77ff7a393b8cd5b1d5758756b2e247f8a
Referenced In Project/Scope: fides-tool-ui-desktop:compile
spring-core-6.2.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

spring-data-commons-3.5.4.jar

Description:

Core Spring concepts underpinning every Spring Data module.

File Path: /var/jenkins_home/.m2/repository/org/springframework/data/spring-data-commons/3.5.4/spring-data-commons-3.5.4.jar
MD5: aaa31b985d10f0d128d2400237d8166c
SHA1: b61f6528cb8b39b471775a4b27f0437f6646f1e6
SHA256:03295fe2e3c60931d46153136b4d8008d9d2e0bd8c7a058ddbfbc5e96779ca0c
Referenced In Project/Scope: fides-tool-ui-desktop:compile
spring-data-commons-3.5.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

spring-data-jpa-3.5.4.jar

Description:

Spring Data module for JPA repositories.

File Path: /var/jenkins_home/.m2/repository/org/springframework/data/spring-data-jpa/3.5.4/spring-data-jpa-3.5.4.jar
MD5: 4b07aa3463690622494ca3f5fbc15d2e
SHA1: abd37141d1bd52283aac0d962d6efa1d4d72424b
SHA256:acb41799f540043275c60713b72445e9bf5b4a58faf2ce5716ca9dc993d5b2e3
Referenced In Project/Scope: fides-tool-ui-desktop:compile
spring-data-jpa-3.5.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

spring-security-core-6.5.5.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/jenkins_home/.m2/repository/org/springframework/security/spring-security-core/6.5.5/spring-security-core-6.5.5.jar
MD5: 66783411d2afa0d62a095029e0c646b8
SHA1: b4010d71d6b53cae574ba3d5c15629ed782f3318
SHA256:22e02475fb304e52fa0f1185d12785fd7aa2fe907aa60b0d77b27f9c455da29e
Referenced In Project/Scope: fides-tool-ui-desktop:compile
spring-security-core-6.5.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-security@3.5.6

Identifiers

std-commons-desktop-7.0.jar

File Path: /var/jenkins_home/workspace/Fides_Multi_desktop-production/Std-Commons/std-commons-desktop/target/std-commons-desktop-7.0.jar
MD5: 48f2f7a6c279213f1391c6b5c6c07839
SHA1: d61a56b64750dd4cd4fdf4e98baa0bfdac543b6a
SHA256:4f02f19a4cb6238708a93bc5c6926c9ce199ec2ac7480e6848d15be2c64c64ed
Referenced In Project/Scope: fides-tool-ui-desktop:compile
std-commons-desktop-7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui-desktop@1.5.6

Identifiers

std-commons-oneui-7.0.jar

File Path: /var/jenkins_home/workspace/Fides_Multi_desktop-production/Std-Commons/std-commons-oneui/target/std-commons-oneui-7.0.jar
MD5: 11e4696275092f443dc2fc109c981883
SHA1: 27dc6204c597368349b22774178e1b11ae562f03
SHA256:33643d62ff435c49d65c236d8e54b95ef772e2c57ae54c8dea6bae1bdd1b4f41
Referenced In Project/Scope: fides-tool-ui-desktop:compile
std-commons-oneui-7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

std-commons-spring-7.0.jar

File Path: /var/jenkins_home/workspace/Fides_Multi_desktop-production/Std-Commons/std-commons-spring/target/std-commons-spring-7.0.jar
MD5: d1cb6610b8d7561ef7e0ea5d88d95f64
SHA1: 796c93d41aa43c0a8b25a4890b1564a830569893
SHA256:14ae98de7846410435ac0ce752dad2eb1b201636fbcbd6213349088b31829ff7
Referenced In Project/Scope: fides-tool-ui-desktop:compile
std-commons-spring-7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

std-commons-utils-7.0.jar

File Path: /var/jenkins_home/workspace/Fides_Multi_desktop-production/Std-Commons/std-commons-utils/target/std-commons-utils-7.0.jar
MD5: e146037ba8235b86acbbd6c1f2fb8122
SHA1: dc7786e5ebedff59339ec1c553f94a9529e2246d
SHA256:afecd995649f6c4265d83ef4a0f007ff0fe399dd8cc4c9c92643f4cfc92651f0
Referenced In Project/Scope: fides-tool-ui-desktop:compile
std-commons-utils-7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

txw2-4.0.5.jar

Description:

        TXW is a library that allows you to write XML documents.

File Path: /var/jenkins_home/.m2/repository/org/glassfish/jaxb/txw2/4.0.5/txw2-4.0.5.jar
MD5: 2f5aa7dbd5e326562cff6ce720a1485a
SHA1: f36a4ef12120a9bb06d766d6a0e54b144fd7ed98
SHA256:917355bc451481f30d043b24d123110517966af34383901773882810dca480e5
Referenced In Project/Scope: fides-tool-ui-desktop:runtime
txw2-4.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-api@1.0

Identifiers

validation-api-2.0.1.Final.jar

Description:

        Bean Validation API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/javax/validation/validation-api/2.0.1.Final/validation-api-2.0.1.Final.jar
MD5: 5d02c034034a7a16725ceff787e191d6
SHA1: cb855558e6271b1b32e716d24cb85c7f583ce09e
SHA256:9873b46df1833c9ee8f5bc1ff6853375115dadd8897bcb5a0dffb5848835ee6c
Referenced In Project/Scope: fides-tool-ui-desktop:compile
validation-api-2.0.1.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

xml-apis-ext-1.3.04.jar

Description:

xml-commons provides an Apache-hosted set of DOM, SAX, and 
    JAXP interfaces for use in other xml-based projects. Our hope is that we 
    can standardize on both a common version and packaging scheme for these 
    critical XML standards interfaces to make the lives of both our developers 
    and users easier. The External Components portion of xml-commons contains 
    interfaces that are defined by external standards organizations. For DOM, 
    that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for 
    JAXP it's Sun.

File Path: /var/jenkins_home/.m2/repository/xml-apis/xml-apis-ext/1.3.04/xml-apis-ext-1.3.04.jar
MD5: bcb07d3b8d2397db7a3013b6465d347b
SHA1: 41a8b86b358e87f3f13cf46069721719105aff66
SHA256:d0b4887dc34d57de49074a58affad439a013d0baffa1a8034f8ef2a5ea191646
Referenced In Project/Scope: fides-tool-ui-desktop:compile
xml-apis-ext-1.3.04.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.satodev/std-commons-desktop@7.0

Identifiers

xmlbeans-5.3.0.jar

Description:

XmlBeans main jar

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/apache/xmlbeans/xmlbeans/5.3.0/xmlbeans-5.3.0.jar
MD5: 8d5b1d80cafc2d3feae8526ce1f45cb0
SHA1: f93c3ba820d7240b7fec4ec5bc35e7223cc6fc1f
SHA256:6cc69da3b4d35b83c5e477cd4daba204e44109833e34af2b9a8a2c8788289917
Referenced In Project/Scope: fides-tool-ui-desktop:compile
xmlbeans-5.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/eu.imdr/fides-tool-ui@1.5.6

Identifiers

xmlgraphics-commons-2.10.jar

Description:

    Apache XML Graphics Commons is a library that consists of several reusable 
    components used by Apache Batik and Apache FOP. Many of these components 
    can easily be used separately outside the domains of SVG and XSL-FO.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/.m2/repository/org/apache/xmlgraphics/xmlgraphics-commons/2.10/xmlgraphics-commons-2.10.jar
MD5: 92c1ad0e6513acfe797a48baa108a8f3
SHA1: ee7fce93d437d489a323addd1f63f0587b5c4a97
SHA256:857af2d06d002ce217532504244ea8ee831aeb094feb0a47b2697f19496711ea
Referenced In Project/Scope: fides-tool-ui-desktop:compile
xmlgraphics-commons-2.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.satodev/std-commons-desktop@7.0

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.