Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

Project: owasp-dependency-check-hackazon #3

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency Vulnerability IDs Package Highest Severity CVE Count Confidence Evidence Count
bootstrap.min.js pkg:javascript/bootstrap@3.2.0 MEDIUM 4 3
can.custom.js pkg:javascript/prototypejs@1.6.0.1. HIGH 1 3
jquery-ui.js   0 0
jsr305-1.3.9.jar pkg:maven/com.google.code.findbugs/jsr305@1.3.9   0 18
spin.min.js   0 0
jquery-1.2.1.pack.js pkg:javascript/jquery@1.2.1.pack MEDIUM 3 3
modern-business.js   0 0
bootstrap.min.js   0 0
jquery.jstree.js   0 0
bootstrap.js   0 0
jquery.form-validator.min.js   0 0
bootstrapValidator.min.js   0 0
metisMenu.js   0 0
jquery-1.10.2.js pkg:javascript/jquery@1.10.2 MEDIUM 2 3
server.js   0 0
commons-codec-1.3.jar pkg:maven/commons-codec/commons-codec@1.3
pkg:maven/net.sf.ingenias/common-codec@1.3
  0 47
swfobject.js   0 0
bootstrap.min.js   0 0
commons-lang3-3.3.2.jar pkg:maven/org.apache.commons/commons-lang3@3.3.2   0 37
jquery-ui.js   0 0
commons-io-1.3.2.jar pkg:maven/commons-io/commons-io@1.3.2   0 29
jquery.hotkeys.js   0 0
simpleObject.js   0 0
sb.js   0 0
httpcore-4.0.1.jar pkg:maven/org.apache.httpcomponents/httpcore@4.0.1   0 23
star-rating.min.js   0 0
bootstrap.js pkg:javascript/bootstrap@3.2.0 MEDIUM 4 3
mode-json.js   0 0
jquery.validate.min.js   0 0
history.js   0 0
site.js   0 0
jquery.inputmask.js   0 0
html5shiv.js   0 0
jqplot.enhancedLegendRenderer.js   0 0
worker-json.js   0 0
koExternalTemplateEngine_all.min.js   0 0
jquery-ui.min.js   0 0
prettify.js   0 0
can.custom.min.js   0 0
jquery.jqplot.js   0 0
jquery.dump.js   0 0
tools.js   0 0
google-http-client-jackson2-1.19.0.jar pkg:maven/com.google.http-client/google-http-client-jackson2@1.19.0   0 31
robospice-ui-spicelist-1.4.14.jar pkg:maven/com.octo.android.robospice/robospice-ui-spicelist@1.4.14   0 28
xpath-legacy.js   0 0
services.js   0 0
jquery.form.min.js   0 0
jqplot.barRenderer.js   0 0
metisMenu.min.js   0 0
jquery.modern-blink.js   0 0
json3.min.js   0 0
dataTables.bootstrap.js   0 0
jquery.js pkg:javascript/jquery@1.6.1 MEDIUM 4 3
hackazon.apk   0 2
jquery.js pkg:javascript/jquery@1.7.1 MEDIUM 3 3
jquery.js pkg:javascript/jquery@1.6.1 MEDIUM 4 3
sweety.js   0 0
d3.min.js   0 0
dataparse.js   0 0
arrayObject.js   0 0
gson-2.2.4.jar pkg:maven/com.google.code.gson/gson@2.2.4   0 36
jquery.min.js pkg:javascript/jquery@1.7.1 MEDIUM 3 3
sweety-template.js   0 0
respond-1.4.2.min.js   0 0
robospice-retrofit-1.4.14.jar pkg:maven/com.octo.android.robospice/robospice-retrofit@1.4.14   0 28
google-http-client-android-1.19.0.jar pkg:maven/com.google.http-client/google-http-client-android@1.19.0   0 32
jqplot.categoryAxisRenderer.js   0 0
history.js   0 0
services.js   0 0
bootstrap.file-input.js   0 0
prettify.min.js   0 0
excanvas.js   0 0
commons-logging-1.1.1.jar pkg:maven/commons-logging/commons-logging@1.1.1   0 31
webunit.js   0 0
jquery-speakers_coaches_consultants.js   0 0
moment.min.js pkg:javascript/moment.js@2.8.3 low 1 3
httpclient-4.0.1.jar cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:* pkg:maven/org.apache.httpcomponents/httpclient@4.0.1 MEDIUM 3 Highest 31
knockout.localStorage.js   0 0
robospice-1.4.14.jar pkg:maven/com.octo.android.robospice/robospice@1.4.14   0 25
XMLWriter.js   0 0
swfobject.js   0 0
converter-jackson-1.6.1.jar cpe:2.3:a:square_retrofit_project:square_retrofit:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:squareup:retrofit:1.6.1:*:*:*:*:*:*:*
pkg:maven/com.squareup.retrofit/converter-jackson@1.6.1   0 Highest 22
sb-admin-2.js   0 0
robospice-google-http-client-1.4.14.jar pkg:maven/com.octo.android.robospice/robospice-google-http-client@1.4.14   0 26
retrofit-1.6.1.jar cpe:2.3:a:square_retrofit_project:square_retrofit:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:squareup:retrofit:1.6.1:*:*:*:*:*:*:*
pkg:maven/com.squareup.retrofit/retrofit@1.6.1   0 Highest 17
knockout-2.2.1.js pkg:javascript/knockout@2.2.1 medium 1 3
jquery.min.js pkg:javascript/jquery@1.9.1 MEDIUM 2 3
jquery.heartbeat.js   0 0
jqplot.pointLabels.js   0 0
vuln-config.js   0 0
services.js   0 0
ladda.jquery.min.js   0 0
html5shiv.js   0 0
knockout-templates.js   0 0
jquery.cookie.js   0 0
respond.min.js   0 0
google-http-client-1.19.0.jar pkg:maven/com.google.http-client/google-http-client@1.19.0   0 32
account.js   0 0
json2.js   0 0
helpdesk.nocache.js   0 0
nv.d3.min.js   0 0
bootstrap-dropdown.js   0 0
performanceCharting.js   0 0
jquery.nivo.slider.pack.js   0 0
okhttp-1.6.0.jar cpe:2.3:a:squareup:okhttp:1.6.0:*:*:*:*:*:*:* pkg:maven/com.squareup.okhttp/okhttp@1.6.0 MEDIUM 1 Highest 23
jquery.sparkline.js   0 0
jquery-migrate-1.2.1.js pkg:javascript/jquery-migrate@1.2.1 medium 1 3
ace.js   0 0
robospice-okhttp-1.4.14.jar pkg:maven/com.octo.android.robospice/robospice-okhttp@1.4.14   0 28
x.js   0 0
jquery.dataTables.js   0 0
amfphp_updates.js   0 0
ladda.min.js   0 0
robospice-cache-1.4.14.jar pkg:maven/com.octo.android.robospice/robospice-cache@1.4.14   0 28
site.js   0 0
ekko-lightbox.js   0 0

Dependencies

bootstrap.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/bootstrap.min.js
MD5: abda843684d022f3bc22bc83927fe05f
SHA1: 26908395e7a9a4eab607d80aa50a81d65f3017cb
SHA256:24cc29533598f962823c4229bc280487646a27a42a95257c31de1b9b18f3710f

Identifiers

CVE-2018-14040  

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*

CVE-2018-14041  

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*

CVE-2018-14042  

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*

CVE-2019-8331  

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1

can.custom.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/can.custom.js
MD5: 2c217e5e2016a7640706189804d2ee85
SHA1: 535683c6c8b10bc3d8f6179518008710ea3e38d3
SHA256:fab181e0e34b44df6ebc0467dc0b235dffa17f7511fe17f80dd772d0bbc5f0f4

Identifiers

CVE-2008-7220  

Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
NVD-CWE-Other

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:prototypejs:prototype_javascript_framework:1.6.0.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.0:pre1:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype_javascript_framework:*:*:*:*:*:*:*:* versions up to (including) 1.6.0.1
  • cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype_javascript_framework:1.6.0.1:rc0:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.0:pre0:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.0:rc0:*:*:*:*:*:*

jquery-ui.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jquery-ui.js
MD5: 3b415de6bb13cb54c8375b81bbec2f1a
SHA1: 99b3e9444d6116d1c651792fb27d920cf905b96b
SHA256:cfd3d71585bc12619307ad59bb9ae4ac6a2ad8d2f41b92d8fe7f9b620acceaaf

Identifiers

  • None

jsr305-1.3.9.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/jsr305-1.3.9.jar
MD5: 1d5a772e400b04bb67a7ef4a0e0996d8
SHA1: 40719ea6961c0cb6afaeb6a921eaa1f6afd4cfdf
SHA256:905721a0eea90a81534abb7ee6ef4ea2e5e645fa1def0a5cd88402df1b46c9ed

Identifiers

spin.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/spin.min.js
MD5: 9200c33782bb46a2e36beb1393a6797d
SHA1: e3cdb00f0eb9b7729b8fe44873bac8734aba3b0f
SHA256:ca64e3f676b38f06ed0eba111776f2bc8ad352b672c0819ec5b9072c342bd35d

Identifiers

  • None

jquery-1.2.1.pack.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/lib/simpletest/docs/simpletest.org/js/jquery-1.2.1.pack.js
MD5: ebe0ea764139f30972055e9f79972277
SHA1: ca0aea084a63d0a56e1bbf17fde5061f631b391f
SHA256:675a68ab60ce5068044d9a49a989dbf7cf5f051eece9f9d8f32faa1e89dc3912

Identifiers

CVE-2011-4969  

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (including) 1.6.2

CVE-2012-6708  

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6

modern-business.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/modern-business.js
MD5: c6b4f86f2c77ad213f0ee77cefc01fdb
SHA1: 76db3c9e44b45cae7f07decbafe0e5136906a2e2
SHA256:22e8d55a906828f4a5981a9c5cdf53d349405183c545218e0e6c236e3bc26a38

Identifiers

  • None

bootstrap.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/apache/log4php/src/site/resources/js/bootstrap.min.js
MD5: d01e3a1948f9426854ad63b9eef80a77
SHA1: 0c171fd3829587d6b25a6d8c51bd02dff5befae2
SHA256:bdaa5fc9eebff3a3b4c4e89806d2d06e3008390e9a7fb5122fcb98c12114e069

Identifiers

  • None

jquery.jstree.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jquery.jstree.js
MD5: 83c79ad9f72c91c4a78b4437a21254b1
SHA1: bfa1f9e780477f448b80a34a7da881e3edeee968
SHA256:14ea671007331e50d402bca4642aa5a56030ceed37095472de8596dcc6c375d0

Identifiers

  • None

bootstrap.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/apache/log4php/src/site/resources/js/bootstrap.js
MD5: c37968e682cc0dd043799ed029f018f7
SHA1: 4851c973a0fa800b57459b7d245d8cfccaa4b348
SHA256:8a0aa0178f4aefe0a15617ff8eb5a2e07f5488d7a66dfbc3c59224909f4711c6

Identifiers

  • None

jquery.form-validator.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery.form-validator.min.js
MD5: c089a2d71637dbc8f533eaf16e4afd2d
SHA1: 57d3d2a52db7d727078ad93bd39e81f963a609c6
SHA256:dc87e279fb83d7898f4a2072e8dc7a8201056fd72f3f35857cc167782264d507

Identifiers

  • None

bootstrapValidator.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/bootstrapValidator.min.js
MD5: 10eecdbce7bc521d19ad13b420ca155e
SHA1: 9a47b95509335a9345f04e8ce77a58d1723fb31a
SHA256:342baa305def9d8883bda953ffda736ecc9493fd045c0d60d5ad6a59b57375c5

Identifiers

  • None

metisMenu.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/plugins/metisMenu/metisMenu.js
MD5: 050f108ef581b91d461e3f71b9e8e2d5
SHA1: 03ca031cc846034796f0941dc44db19cd2cdb17f
SHA256:b94dc956e3b815e404c69ec54ac3a133f9f926a415bf4f01f8fd09694dfd288c

Identifiers

  • None

jquery-1.10.2.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery-1.10.2.js
MD5: 52e798fa363010f95feed65def07037b
SHA1: 9cbc3e88ab78003783e7d440c6fb39445a4126be
SHA256:fa411409e767595b83bf12f7204d69a856031ec9466998358316f6cbbfedd8a6

Identifiers

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6

server.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/guzzlehttp/ringphp/tests/Client/server.js
MD5: 88d159b78be1b7fa9212209d4d38aef3
SHA1: 98616b32316b8c365d47211bc6ad13081c951910
SHA256:b232eddc7abce54877b177fecd427834bd783835909cae4b42ac265443974331

Identifiers

  • None

commons-codec-1.3.jar

Description:

The codec package contains simple encoder and decoders for
   various formats such as Base64 and Hexadecimal.  In addition to these
   widely used encoders and decoders, the codec package also maintains a
   collection of phonetic encoding utilities.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/commons-codec-1.3.jar
MD5: 8e149c1053741c03736a52df83974dcc
SHA1: fd32786786e2adb664d5ecc965da47629dca14ba
SHA256:1bafd2ece2e88db4cdf835a7f8f0de65fab5b1147977a5dcc59b7c1b8c6f5080

Identifiers

swfobject.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/swfobject.js
MD5: b9697feec5732af790e8ebe7e1203268
SHA1: 06bca3cbc44ef36774ae8734867767cdebc5be80
SHA256:0d2feb3f93e3218ca3330bfaf1e91712cf1189723b58654a26e91697c05388ff

Identifiers

  • None

bootstrap.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/phpunit/php-code-coverage/PHP/CodeCoverage/Report/HTML/Renderer/Template/js/bootstrap.min.js
MD5: 9e8a05ab617c7e403be79e42f09107fe
SHA1: 3e6ab2b64de4239acb763383a591d76a44053293
SHA256:34c5b7b058640503224a11acd9e5edd7a3d11d6dd1a1d05e9cb971855e798849

Identifiers

  • None

commons-lang3-3.3.2.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/commons-lang3-3.3.2.jar
MD5: 3128bf75a2549ebe38663401191bacab
SHA1: 90a3822c38ec8c996e84c16a3477ef632cbc87a3
SHA256:6b81d10754dadf184d386011486e6509c2cc0c3d33565ced4fb4402b9413d47d

Identifiers

jquery-ui.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jqueryui-sortable/jquery-ui.js
MD5: ac2e42f1056abef6bd73d4804866c861
SHA1: 26d2d45da49d59a755078a294f6c71a9f2e621d3
SHA256:1db0372f2f0f3980c7d5a0418a8bbbf487197f85b9cdd5840745fe6ef79d8f4e

Identifiers

  • None

commons-io-1.3.2.jar

Description:

        Commons-IO contains utility classes, stream implementations, file filters, and endian classes.
  

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/commons-io-1.3.2.jar
MD5: 903c04d1fb5d4dc81d95e4be93ff7ecd
SHA1: b6dde38349ba9bb5e6ea6320531eae969985dae5
SHA256:551c13e49dab32aebdb7a70ec9c2767372e58864ae115ef389582e548cffee38

Identifiers

jquery.hotkeys.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jquery.hotkeys.js
MD5: f33d295fe69e3c013132eba0e1181d70
SHA1: 4462ce00ac82d7ceeccb159a8d86fbe4cc0fbfdd
SHA256:2fd3d8e5c325c02763a79a7cbf4d7119f284688a901d7b3f4a07eba9ccc02ba4

Identifiers

  • None

simpleObject.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/phpunit/phpunit/Tests/_files/JsonData/simpleObject.js
MD5: 74ae259131b0149d39ad5ae616eba1a2
SHA1: 6d308f2b544092d70f23a743364819fac25af7a7
SHA256:854721cfd9971a8c5b57f0691e4dd87820fcd11e278ded9b8af95a8e99ac52ee

Identifiers

  • None

sb.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/sb.js
MD5: 47fc005b3a1918e763499b1770a68158
SHA1: 7d7fd3c9429c3518ab5578be5569174c83d51a08
SHA256:9a20f088c6d6d2131336454224d8b20e85535c5a4f83f74ceee5d91f80300e39

Identifiers

  • None

httpcore-4.0.1.jar

Description:

   HttpComponents Core (Java 1.3 compatible)
  

License:

Apache License: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/httpcore-4.0.1.jar
MD5: 6c1963fd8ac0c40c004c9e892e0d7703
SHA1: e813b8722c387b22e1adccf7914729db09bcb4a9
SHA256:3b6bf92affa85d4169a91547ce3c7093ed993b41ad2df80469fc768ad01e6b6b

Identifiers

star-rating.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/star-rating.min.js
MD5: 68174b22fc83d4c1caefbd4a34304974
SHA1: 34be9449dcd023a6895fbea496aefde4fff1e789
SHA256:80e3ff7bd6a019fb932a868562a83986186108ef3b3e727b59b0b0d02cd6b940

Identifiers

  • None

bootstrap.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/bootstrap.js
MD5: f91d38466de6410297c6dcd8287abbca
SHA1: 8c639912ccd43078865578e598607d1b847c2373
SHA256:7970f31907d91bf0f19efe8aefee74d6f0a2d8c72b2f8f20a5e297d3c414a78f

Identifiers

CVE-2018-14040  

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*

CVE-2018-14041  

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*

CVE-2018-14042  

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*

CVE-2019-8331  

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1

mode-json.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/ace/mode-json.js
MD5: 3db05a95b3b7b469646402318e2e8196
SHA1: fc709bed79ee71234c8f91f9367fcc94837c6ef2
SHA256:9ddc71d20f625c9c051ac945d30328249df3bbe1a5f7cc1f9983042b4239259b

Identifiers

  • None

jquery.validate.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery.validate.min.js
MD5: a72798435017907da8f799e47224d22b
SHA1: e1ab4fd55cbb5eb011fab824f6421bf19f62ff52
SHA256:806e0db9e5c58e0fb3216872f36b577c05fd85c132d2857effd68bf617c93b20

Identifiers

  • None

history.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/ClientGenerator/Generators/AmfphpFlexClientGenerator/Template/html-template/history/history.js
MD5: bfdb20a4e8165ee19fd4b512d44c9eed
SHA1: 09f254614329c395c56ed8d78993597428cd4014
SHA256:b697997a380196049132034c898bace6ef6e30812ac560d321154ca38ad6fb87

Identifiers

  • None

site.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/apache/log4php/src/site/resources/js/site.js
MD5: c02608ca0b841fdc05cdb84dd5af6f62
SHA1: 71c7f9310188e93dcba4eafa9e22d7f0f5047ab9
SHA256:896ec6e789a5b917673c6065348788de91b73bc37f08ee21dbf1c12ae70161cb

Identifiers

  • None

jquery.inputmask.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery.inputmask.js
MD5: d72fae0422d995eaec6246f87411fd08
SHA1: 76dff37d9fd6ef17e7ebba095290100c3aa2b721
SHA256:02026c51c88abf2955940bcb47e6e65efe5d6ce1c36542270069b3ecca3a5132

Identifiers

  • None

html5shiv.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/phpunit/php-code-coverage/PHP/CodeCoverage/Report/HTML/Renderer/Template/js/html5shiv.js
MD5: 262bb88879efaaf75c74154fe0308952
SHA1: 2123253519c0bee8a5735958281a73296a66003b
SHA256:b3aa003abf3b6aaf1654fe8669472e3c01dba7bb73be4a8b73a3423cfeeb0e39

Identifiers

  • None

jqplot.enhancedLegendRenderer.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jqplot.enhancedLegendRenderer.js
MD5: 9f25a34937f3d4cd176bc0864472afed
SHA1: 8e57bf9cf7fda4fe3ecd16cf77c1abce5419c351
SHA256:8bcf33ad80f4c0cbce5da12f2d3cf884360c82cc59f61728af38c1d71ca94b61

Identifiers

  • None

worker-json.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/ace/worker-json.js
MD5: fba0f1adc8f78c53f43fc92d6842b812
SHA1: ddf5323bc2d0c57dfb7ebe2c5e2b5e32fe5bf1fa
SHA256:98e4b1957db4e83c07260cdf75cf9eb0950eb5cda9707f0ab674bb440547044c

Identifiers

  • None

koExternalTemplateEngine_all.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/koExternalTemplateEngine_all.min.js
MD5: d4267babc387054ed7279e261b724f32
SHA1: ef24e6088bf5553fcfba214cee482a9a10406594
SHA256:9215bf71191307f9b35f1d66561e406ba64faa8186cc082acadf66664ad7cef9

Identifiers

  • None

jquery-ui.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jqueryui-sortable/jquery-ui.min.js
MD5: 17dcf5271d1625874c71f06bc6e8fae9
SHA1: 4400f02bd89d050f7c06b484e3d9456a8161f0e8
SHA256:4e528f02f6efb3b4906ba9ec326aa207280352279299ec3ccf8f20e0f194f03c

Identifiers

  • None

prettify.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/apache/log4php/src/site/resources/js/prettify.js
MD5: 5f121e52404a8c33b74e965eef973edd
SHA1: 4a8986f31c6711c08d4f2fbb2481ff2c605e92bd
SHA256:dd2eeda6617cf68822da66253edcbfaf02190ff0d4ca5f55f1e98955afa3a9a7

Identifiers

  • None

can.custom.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/can.custom.min.js
MD5: 0612064db38bc34f246d217669105bf5
SHA1: b579218891051a41cb9605ec3f8d13f5b3a22bdb
SHA256:de832c08a05bf916019952342bfd26a6ee247d2f349e6879350d536f074553bf

Identifiers

  • None

jquery.jqplot.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jquery.jqplot.js
MD5: 7eab074b3b72fcb0fb6f39d0ffa23537
SHA1: 71df2722a3311617a65280b84c1b4c3feb4c5e72
SHA256:54e91d55b6a6ee3b7eadeeaf3c6b8f375376f9fcb361b493ed677a88aad6d162

Identifiers

  • None

jquery.dump.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/ClientGenerator/Generators/AmfphpHtmlClientGenerator/Template/js/jquery.dump.js
MD5: 23c01e1b974eafc2903b88deede67f0a
SHA1: bf3124ec2acaad6df590e17015d8ad86959cc4ae
SHA256:b032e53b1f1cf38cf9724840281427fc81f6b236774f777f4dfc4a8d897be8aa

Identifiers

  • None

tools.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/tools.js
MD5: 1e33608a89faa9bbbf273a5fc682dda0
SHA1: 0f89e9251fc9758d8bdbb9303b9e76dd84826d80
SHA256:5bbb34e85d093c1cf14290076a6b30ee60a87c19e5b9779517c3ea40f8031402

Identifiers

  • None

google-http-client-jackson2-1.19.0.jar

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/google-http-client-jackson2-1.19.0.jar
MD5: a0fbd6a85362ea90d37d18ce33da4282
SHA1: 81dbf9795d387d5e80e55346582d5f2fb81a42eb
SHA256:f416949077a926f14b3804c2c14cc3b3e691840cb2c2c2d2d31222d6ee05e4b5

Identifiers

robospice-ui-spicelist-1.4.14.jar

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/robospice-ui-spicelist-1.4.14.jar
MD5: bd5ed79c0ef0fbb92ac0f366b375d99a
SHA1: 95be49096c46d38a4cf76c29c7bfd8f10728257c
SHA256:105859ca150f7af1a2dcb8dcf13cc53254b697c615bc1f9f7ad4b3ca003d51fd

Identifiers

xpath-legacy.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/xpath-legacy.js
MD5: ad897c6c0975515caef1cc719cb8940c
SHA1: d0d7d0d9b52b75d5e31b7eac09169fa4bc2024f5
SHA256:9d47bad918f6d9eeaed93b1afaea24259ec5776239bac71ea4ead5664d551e70

Identifiers

  • None

services.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/services.js
MD5: 56f0013dec9d67ef1d0e2ebc6ab19e8a
SHA1: c1901df0ce3013a851f8a39118a615a6e0f6fd74
SHA256:acda8a23088f829822cfa6e352f5d9e022a672d293e729e9bd0a752d5f98631c

Identifiers

  • None

jquery.form.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery.form.min.js
MD5: 9293e417bee6496ed25336658f5586c5
SHA1: 80eefbf36d24df2cca54f246ace204aaac1fd4fc
SHA256:3a060d8ec00cedf42453f493bffb0ec47c1c9745c207e49c80ec7a883b7c38e4

Identifiers

  • None

jqplot.barRenderer.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jqplot.barRenderer.js
MD5: 7b7b7e1a7328c1bbddebca4710cd44c1
SHA1: 2ef315e940ac0155a6a5832cc19d5c442c79f1c5
SHA256:8e0e487108c4813a3a7df79bd0263b42d52cd7b8c1fc525eb1b1b3169d6858d9

Identifiers

  • None

metisMenu.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/plugins/metisMenu/metisMenu.min.js
MD5: b963d934b346231f9a1abd950b3d8c80
SHA1: 45e2f07c41c809b38f1b93dd9eeeee42f371aa19
SHA256:0fcb285e05a2de5c2b04fb919f2e32108c7d0ef3d5f8171067c0fedf623868aa

Identifiers

  • None

jquery.modern-blink.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery.modern-blink.js
MD5: 626dfbef18015ba559cbf3912c3b49e8
SHA1: 3e91bf83cf5190325822722723d7f5c21c825f8c
SHA256:409f593edb890ba3bb723c02773276e0d05b3dcbaf13f1305d39ac50762d32ad

Identifiers

  • None

json3.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/json3.min.js
MD5: 3e5137f1f047896eb22832c26829500f
SHA1: 310287f0861f2d6767db75f25d63cb307c8bef92
SHA256:7c3e64ef84e5290feef3e6e6943c4618cd3b609995b6d7bde6e898b06bbf5d5a

Identifiers

  • None

dataTables.bootstrap.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/plugins/dataTables/dataTables.bootstrap.js
MD5: d6a84d7977a34972716e3d61e63d0928
SHA1: 59ee45f0f661501713b324a290515087619f34e8
SHA256:1ba2569612e7a6203ec0b1e077468eb3dbc72230bb1e074100c4f3404f9786d5

Identifiers

  • None

jquery.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jquery.js
MD5: 3f7dfcdb5696a6ba53d87f30d09f6d61
SHA1: 8ba00a08a1d9e2a330ca2403c77dc4f12b8bd2ff
SHA256:ca87b12f3d6ba06e4dbfec7df8519b428c975edca86c1cc9517705771a3fa36e

Identifiers

CVE-2011-4969  

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (including) 1.6.2

CVE-2012-6708  

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6

hackazon.apk

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/app/hackazon.apk
MD5: 506599c6a9006a36bf0e97b5bf62158d
SHA1: aa398ad56f2cfe295bfeb5efc62dcb39ffe729f5
SHA256:3995dbb15707b736972dcc3f917dbc35539c220136fbf94bbf60853e18b337c3

Identifiers

  • None

jquery.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/apache/log4php/src/site/resources/js/jquery.js
MD5: 968e84789263b1e440f7cb4b9a07855a
SHA1: 6fb1c88177ea85b7c24830db2d820ffb93929d7d
SHA256:5d31a23ae16e6e7e41edce35797438f6705c78abccec0b083647a1d15396867b

Identifiers

CVE-2012-6708  

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6

jquery.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/ClientGenerator/Generators/AmfphpHtmlClientGenerator/Template/js/jquery.js
MD5: 4b65ea7175ec8007f79bf245cf909e05
SHA1: 25ef9bc30ae98a552ca86d0148fd2a2b4a59f1a6
SHA256:b0f0d10d40b801f6d60ed859f72830287723a64b0318146e2f8940d38e54be43

Identifiers

CVE-2011-4969  

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (including) 1.6.2

CVE-2012-6708  

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6

sweety.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/sweety.js
MD5: dcf4efabdbfb081e4434649acb818b75
SHA1: 899a9f6283ecb876f5521b41a6ece450f78f4263
SHA256:61f03c3425c699a908c9fd1c8de67988b84be59dea8d6854463aa6d47673b189

Identifiers

  • None

d3.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/phpunit/php-code-coverage/PHP/CodeCoverage/Report/HTML/Renderer/Template/js/d3.min.js
MD5: d733da10a25e820e0bd90a3b397a948a
SHA1: 6ee01abea3702e369cba49956eef4fa47989b8c3
SHA256:e164ef15edae1f1a0a1d1e3636abd098ca83929c92985d1344d1b78a2de54c9a

Identifiers

  • None

dataparse.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/dataparse.js
MD5: 17f20aa1ce729e7abb2241c1b48688e0
SHA1: ed3efe1265f15e106c3bd17b4c6a8b28063e1258
SHA256:ea04f950c44d265b5f602ccdbc8e719a1c55b19c345bab498f1f6cf633a1d02a

Identifiers

  • None

arrayObject.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/phpunit/phpunit/Tests/_files/JsonData/arrayObject.js
MD5: f6b2b7c421a506e737101c79a24a0c60
SHA1: e946b5dfa71d2e4b0515330e72a60f32ee290d70
SHA256:7e904b5b2755ded29097937403e66953265dbbcf2975f846972a7320c547ed9a

Identifiers

  • None

gson-2.2.4.jar

Description:

Google Gson library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/gson-2.2.4.jar
MD5: 2f54fc24807a4cad7297012dd8cebf3d
SHA1: a60a5e993c98c864010053cb901b7eab25306568
SHA256:c0328cd07ca9e363a5acd00c1cf4afe8cf554bd6d373834981ba05cebec687fb

Identifiers

jquery.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/apache/log4php/src/site/resources/js/jquery.min.js
MD5: db2cccefedcc741a45a582e91a5afe8d
SHA1: d1e1f3f0828fa66fb5744f42bc912694e06300f9
SHA256:863cd492b5b90e6518292dd9684fa54a5485d361a229b81a85cfc08de6ce899f

Identifiers

CVE-2012-6708  

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6

sweety-template.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/templates/sweety/js/sweety-template.js
MD5: af2c3f4bc692f609a7881d7e2964af48
SHA1: 44f4ecd575b892af7561e3b205fe518e18a2df5b
SHA256:0660f6d728a42c741fff36f906cd9815d416ec118dfc6429c8d9842de756b751

Identifiers

  • None

respond-1.4.2.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/respond-1.4.2.min.js
MD5: afc1984a3d17110449dc90cf22de0c27
SHA1: b5aba40d65b0d6f85859db47f757ea971a0efd30
SHA256:83a8807ef669fa70d0d9375347f5552897f76c6ae8e2e6f97ef592595462d8d1

Identifiers

  • None

robospice-retrofit-1.4.14.jar

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/robospice-retrofit-1.4.14.jar
MD5: 6160b9cf4ef03fce0e4ffe30c717e047
SHA1: c5e93129d2df923119f8ee659b3723dd0d631d1d
SHA256:e5aa4da439c0225bd45c77ac6284e30277752a694333b4c8650c3c2122f33f14

Identifiers

google-http-client-android-1.19.0.jar

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/google-http-client-android-1.19.0.jar
MD5: 1295fe8d841c2a148a91e21aa5116a2a
SHA1: e3f11020c2c812112803d252d1392872d3f619c8
SHA256:fa68d9bf475bd59931c8d75239092ef0962f9e0b40e0b206ae4e62056bdf2649

Identifiers

jqplot.categoryAxisRenderer.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jqplot.categoryAxisRenderer.js
MD5: 70f86b03702f611a4d8d68daf78b7d1d
SHA1: 775be787905733b352d902698ad803e3494a5175
SHA256:3957e7a5048e32459d22e4a80d545808b1e6dc6c671d07db51363ac7722ccb26

Identifiers

  • None

history.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/Amf/Slider/html-template/history/history.js
MD5: efbe3b44ed3de45a8ada2f81c3aecdec
SHA1: 13e45883335cc3c5df07978f5ba5006148509cd4
SHA256:cfa5c38fc1ad09ddc0b0971b21e73c3a2b3aeb4d85236c2fd5750280e79a7b86

Identifiers

  • None

services.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/amf/services.js
MD5: c7e565bd8002d50a80024bed719aaac8
SHA1: f751de6ca43732be215da73be4aaeb397513bb9b
SHA256:85b29eebde7b8757aa04688450f2f28b4ede26207782477f8c6ad57c24469e42

Identifiers

  • None

bootstrap.file-input.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/bootstrap.file-input.js
MD5: 2f6ec0cf9809aebf467e801506f2d390
SHA1: 742e15c49451191e742d5df52c124ff97eb21962
SHA256:df2ec24c3e1fd74c590479e5a6d3a42223151e34df74fefcd7f16686ae646e8b

Identifiers

  • None

prettify.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/apache/log4php/src/site/resources/js/prettify.min.js
MD5: 9835268d655aec46b6b4605bd986b0b1
SHA1: 650b21d4b3522e971b5ebd01952cc6f4992184d3
SHA256:38a2a1336094c8eb6f85a7ff9162c78eda387268bd13a08d4c5f9f59762b5ad9

Identifiers

  • None

excanvas.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/excanvas.js
MD5: ab6c724c99499bd1572cdbc195346c75
SHA1: 89fb281beea44cd77555b592252bb69a7bf9f690
SHA256:91909e1538782730c4ab6309ca79295bfb3bc4b28f648d9a8261e26ddd4d06ba

Identifiers

  • None

commons-logging-1.1.1.jar

Description:

Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/commons-logging-1.1.1.jar
MD5: ed448347fc0104034aa14c8189bf37de
SHA1: 5043bfebc3db072ed80fbd362e7caf00e885d8ae
SHA256:ce6f913cad1f0db3aad70186d65c5bc7ffcc9a99e3fe8e0b137312819f7c362f

Identifiers

webunit.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/lib/simpletest/extensions/js/webunit.js
MD5: 446ce96b52cf406ae84fbaea9a3c7f23
SHA1: f4a04e642a1b73d749545d3b119693bb2a56a06d
SHA256:e9cbf24a0c9c1e0c876bebebc572e62400bbf5e05ba46c88f1de896fea3edc74

Identifiers

  • None

jquery-speakers_coaches_consultants.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/lib/simpletest/docs/simpletest.org/js/jquery-speakers_coaches_consultants.js
MD5: 3240cc94790e14310e1b888e04177fc4
SHA1: a6e5dd975767a28b9614f83d41077dd6506a671b
SHA256:b09119a39b8dbf31f903a10cfccff38dcc8ee842851b042c9aa8afff1b5ddc23

Identifiers

  • None

moment.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/moment.min.js
MD5: f16affba0b3c235f9023c81d55df5e1f
SHA1: 4aa07f9f569861caf1d9d46a4818fcb5e6800810
SHA256:f20b251189e476e544eb66bfdf4ddace0531af67ace628226e3bde5ff408599f

Identifiers

reDOS - regular expression denial of service (RETIREJS)  

reDOS - regular expression denial of service
$vuln.cwes.toString()

  • Severity: low

References:

httpclient-4.0.1.jar

Description:

   HttpComponents Client (base module)
  

License:

Apache License: ../LICENSE.txt
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/httpclient-4.0.1.jar
MD5: 9ca98774860101c06ca9010efd6224a1
SHA1: 1d7d28fa738bdbfe4fbd895d9486308999bdf440
SHA256:752596ebdc7c9ae5d9a655de3bb06d078734679a9de23321dbf284ee44563c03

Identifiers

CVE-2011-1498  

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2014-3577  

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field. <a href="http://cwe.mitre.org/data/definitions/297.html" rel="nofollow">CWE-297: Improper Validation of Certificate with Host Mismatch</a>
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2015-5262 (OSSINDEX)  

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
null

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.apache.httpcomponents:httpclient:4.0.1:*:*:*:*:*:*:*

knockout.localStorage.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/knockout.localStorage.js
MD5: da1c714aa3061329efba5cae4a087018
SHA1: 94e7ed294019681c5b1ab2b5eda7f9323f57e8da
SHA256:82da7d50dc65c6ca538a14eba95e77a8e7b093fc4173410ab34dd72b4bb2b93e

Identifiers

  • None

robospice-1.4.14.jar

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/robospice-1.4.14.jar
MD5: 10d820cb9c6515cb20b2ea6959e6b01b
SHA1: fffe1563473feb2f956608554d3e97ad805914a7
SHA256:32f2e9ea56d74e6b7d7a11b25ca694b37c872628af3d1dfb92237f954df162dc

Identifiers

XMLWriter.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/XMLWriter.js
MD5: 76598231ce3f7e221c650f73d49f7bfe
SHA1: a4bb7bac65b28cd24814b67efa51265a31213530
SHA256:ef5546bc55ee156c684a06ae760daeb019371a66022f758d2d5671f16e4467f1

Identifiers

  • None

swfobject.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/ClientGenerator/Generators/AmfphpFlexClientGenerator/Template/html-template/swfobject.js
MD5: 34f352f573084aa648f2d2330b32ec4b
SHA1: 2f29da0ca9173f6581e6d7d45c4f0d9c227d6ceb
SHA256:de375ce355e9e926b96d7532ba4287aba7a4fd4267b9e17c84ea8f990a1c7ab9

Identifiers

  • None

converter-jackson-1.6.1.jar

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/converter-jackson-1.6.1.jar
MD5: 9425e1b90b6e42ff56e2037809cc6927
SHA1: 69b73fb5c75ba80d44fb2db6ebe8168a4f5f74c9
SHA256:f4bac0fa3cc76e0738ae8c7c05ddc4a64d0be6fc2cc175c0ba74b088e5e1a2b4

Identifiers

sb-admin-2.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/sb-admin-2.js
MD5: 9e682ba4c9a0fb564f5beb99f3fa2d84
SHA1: a7e9cab3ece7aab946a61d86df18f2b228af9cca
SHA256:4b293cf54536a5921f8f5e444e523760877c35cbd07c45be8d207189179500b6

Identifiers

  • None

robospice-google-http-client-1.4.14.jar

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/robospice-google-http-client-1.4.14.jar
MD5: 943bfa4a2f91a0a4d0d0e33ba27edfd4
SHA1: ba94c1a2a25bf4ba2d4e2d3ae694ff9fc4acfddb
SHA256:d2ffa68a3d89c8965d215c5e13f4d03e5b2ef96922d1b56a483c775a9a8ea858

Identifiers

retrofit-1.6.1.jar

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/retrofit-1.6.1.jar
MD5: 4cebb7ed788b3658344edfaf9fba8bbe
SHA1: efb0a36546aa8857ab8df358b106c1817e03cbee
SHA256:a869da688eb73e6d174d196ec94a43f01df68c93d979afa2bddc526dffdad617

Identifiers

knockout-2.2.1.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/knockout-2.2.1.js
MD5: 8764a417a2bc3ea8abd0e7fb7153bf00
SHA1: 23a818cc0126a80f730d2a49b0393594e8f68dbf
SHA256:2881daa4ad6d8166824a0903fd71e39a870838acfbdd10ced0c5db6c12b23e73

Identifiers

XSS injection point in attr name binding for browser IE7 and older (RETIREJS)  

XSS injection point in attr name binding for browser IE7 and older
$vuln.cwes.toString()

  • Severity: medium

References:

jquery.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/phpunit/php-code-coverage/PHP/CodeCoverage/Report/HTML/Renderer/Template/js/jquery.min.js
MD5: 397754ba49e9e0cf4e7c190da78dda05
SHA1: ae49e56999d82802727455f0ba83b63acd90a22b
SHA256:c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Identifiers

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6

jquery.heartbeat.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/lib/simpletest/docs/simpletest.org/js/jquery.heartbeat.js
MD5: b4172c0601a9b2f5119c6ae21cf3e26e
SHA1: 343db593c12ff105c8013f879ead28deb385c90a
SHA256:13d963e6776a16db03d7e8af4b1a466bac7af442c4b4bc0f14baf018cdd2205a

Identifiers

  • None

jqplot.pointLabels.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jqplot.pointLabels.js
MD5: 0050c1b78c2fee5ab9fc2a546391f943
SHA1: e8ec8758c5af7356e97d61f49a29ae9b839a5157
SHA256:459ecb909f46a92676eae36d54c377b1e5d5cd3e994f9d6422760477d8c1f416

Identifiers

  • None

vuln-config.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/vuln-config.js
MD5: 2188048c41649710bfbe3ffe7934c590
SHA1: 808071941c86406385d02db62b771dc91a231bcf
SHA256:66eaf014cfd88215e34e5a1c9cefaa5fbb4cb2ec64f695b3671c9d64a46cb10c

Identifiers

  • None

services.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/ClientGenerator/Generators/AmfphpHtmlClientGenerator/Template/js/services.js
MD5: 4741896cebcd3222f6e80f4239bd9691
SHA1: 4f5f581e67f98498b6dd369d53664772f3cf9cc0
SHA256:9c4131084a4ce33fb0a0929cee0a45c89c4f7bcafd0ba6bf03489ebb671def76

Identifiers

  • None

ladda.jquery.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/ladda.jquery.min.js
MD5: 7e8d620c851ec3d1a364b386db0c9c6a
SHA1: 1df38951fe730a210ca9cb1e4121e70a5a112d74
SHA256:6e4e96cdcdef3683298b64c35d87da0fc798fca2a30a315e7d677c44ab7a570e

Identifiers

  • None

html5shiv.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/html5shiv.js
MD5: 0ce8f355891c26c28f057e195e97dcd5
SHA1: 3c7b369485cadd585d24be44701e459c8aa54d60
SHA256:8c7a9c0470563367ab00307b4fb9bb3052d0a27f0b94e63b9dc0bb8c369449cb

Identifiers

  • None

knockout-templates.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/knockout-templates.js
MD5: c27b730ddb163a1e886d0507c38d58e9
SHA1: 45532d63da5eb0c2eaee59f671fe26868c05ef36
SHA256:f9773ea5cf0bbe4b160728350e62999e65e161c529bd31977f0c4b8789eae8c6

Identifiers

  • None

jquery.cookie.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jquery.cookie.js
MD5: 0eb32a0a58982840fc8f0b53a7ee1224
SHA1: 158120911e555326bd8126db9fe1f6be61b5172e
SHA256:1c2dff01e473387c0158848ca8b8a3f4da7d206f19861a1be78f9fa20fb55f82

Identifiers

  • None

respond.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/respond.min.js
MD5: 55a3bdb2caf10ab1336c6a0def7a9c75
SHA1: 40299c750bdc8ca083be8dcdc1dc782602465e38
SHA256:7658e0345d9717b9e1b314d7abaf38092f49659fd3816546fd837d4c3ba04572

Identifiers

  • None

google-http-client-1.19.0.jar

Description:

    Google HTTP Client Library for Java. Functionality that works on all supported Java platforms,
    including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.
  

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/google-http-client-1.19.0.jar
MD5: 1a306bb0bf74c9d991457723c0f8b3bf
SHA1: cdca49ad0977c040f603478aa2e16b2775c8fec6
SHA256:aa70d0384697f8d674ddc483b07ea3ae5821373e6393a861a3a3db786b9718b9

Identifiers

account.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/account.js
MD5: a7349cfd9820c6d46ba58988e731d646
SHA1: 221b0b869ce2cbf736cb34c5b3db120faa0a236d
SHA256:941515e869c911ba5a2f4d794915d63c00ccfd0e9bf7f9808eae28512ce33191

Identifiers

  • None

json2.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/ClientGenerator/Generators/AmfphpHtmlClientGenerator/Template/js/json2.js
MD5: 74d903049683e5bbea9ccb7544a42bca
SHA1: c5909e0dbbbb8591eae3c099a3186d985c37e365
SHA256:356614d2260c69b92680d59e99601dcd5e068f761756f22fb959b5562b9a7d62

Identifiers

  • None

helpdesk.nocache.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/helpdesk/helpdesk.nocache.js
MD5: fc03999f02df2942d2a4003c9d7aaf1f
SHA1: ca823d24c487b9de82f6507f502e2dfbb1a8e9fe
SHA256:50a263d5ac4cc3c90082765849ebc26adce01082927c097ad2dbf1a538efbd4e

Identifiers

  • None

nv.d3.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/phpunit/php-code-coverage/PHP/CodeCoverage/Report/HTML/Renderer/Template/js/nv.d3.min.js
MD5: 19e7c03cc4d1fbe325d3923d2296e819
SHA1: 10b95ab83ececca92733b6882c7ee7eb9b06a60a
SHA256:51c42577a2e05c84d85732bdd087bca0e9eb253a4aa654201db103d2a18c230d

Identifiers

  • None

bootstrap-dropdown.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/bootstrap-dropdown.js
MD5: 41061a37d74c54ad0e3fec031005fcb8
SHA1: 93e2f48c7e9c195c707eed2de47b8305765c6ab0
SHA256:9fa5384245426480b7e3c169a2e0fc1e7d99aa4fe875c392e07bbc8d15ac93da

Identifiers

  • None

performanceCharting.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/performanceCharting.js
MD5: 275cb76b732f4eeeb920acad80430ce9
SHA1: 0b552c0927745c5deafd8cb82977e8b693cdc9ea
SHA256:b44d0f85d7d1e6615c36052ac468dc9b9e57bd243a954bbdf0ec2bd97f96987e

Identifiers

  • None

jquery.nivo.slider.pack.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery.nivo.slider.pack.js
MD5: 086d3d4df87884cc37aaa61761e82269
SHA1: 91ae92528af17a06f6aa71b1293f4775484f43ce
SHA256:ad01f20b73510f213d68547e96ec5c90572fa1e40a1d1d3cf1f27b241d8d0d2d

Identifiers

  • None

okhttp-1.6.0.jar

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/okhttp-1.6.0.jar
MD5: 7012da9f5b744d9b0e19f495c0ff0855
SHA1: e32c6b4bee8b61f0de12b337c48df0f5df8caccc
SHA256:ad8245091c081df233533af7b7b1291a6db88ea4dc8aa476e8df8f47b80d8981

Identifiers

CVE-2016-2402  

OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

jquery.sparkline.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/lib/simpletest/docs/simpletest.org/js/jquery.sparkline.js
MD5: 5dd0c5160bc61f966731f7372be48b40
SHA1: dd7240ad379514bc673d3f95c39a58eaedea3501
SHA256:2b7da246cd3e22addc5b2a5c0d0c9f5b6b39574365d4855ace930dbd818eab98

Identifiers

  • None

jquery-migrate-1.2.1.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery-migrate-1.2.1.js
MD5: 7d87ce904ab76326bff3147c72a45b2a
SHA1: b5a7a40ada6f87047f00e95915356aff82cb0959
SHA256:58564bc237b683f482c3a82def059f27b2be41109d237d7a2380074b5b4f22be

Identifiers

jquery-migrate bug: 11290 (RETIREJS)  

Selector interpreted as HTML
$vuln.cwes.toString()

  • Severity: medium

References:

ace.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/ace/ace.js
MD5: a5a4ac9e7d4aa9bc479c9d2b72c81c4d
SHA1: 962158027c6eecfcf43a9a55ac42433dd942e861
SHA256:7765d79685f166703295c0fba81c4d50e18a082877d8e1db3fecb30b4ec6dea3

Identifiers

  • None

robospice-okhttp-1.4.14.jar

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/robospice-okhttp-1.4.14.jar
MD5: 6e87916d19a1dd97841e7da223b8fadc
SHA1: ba9cdcf32fc21de16afebfc5411425284923e0cd
SHA256:2d5ef4ccaf4c7039f6834a94d713d189c29d74c4945db2a146e6afb411e5f2e9

Identifiers

x.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/lib/simpletest/extensions/js/x.js
MD5: d23f58b9b98b778aac7248e31a28b9f8
SHA1: edea13f7b8bb0244ef8388c2173ed68b0dbd766f
SHA256:cc3c5341fea3608f2696b5fcb576ff2cc9462ccaa54e220aef3ce386e96856a2

Identifiers

  • None

jquery.dataTables.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/plugins/dataTables/jquery.dataTables.js
MD5: 65cc28256b5e81d346875a83357b29e3
SHA1: ef9c92a327bb19de40133bc6706c23ee1bfe65bd
SHA256:11780306b1ae75f0f8338e6710f99a328b4cb9300bc7f73a1bac836dfc1653d1

Identifiers

  • None

amfphp_updates.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/amfphp_updates.js
MD5: cb667340ad003ea17e92702ba6a3efda
SHA1: 5226551fa7b078b906474a80441b4f46fb74f8e7
SHA256:98d0199342ea843d5918af85e94ff2ae55010b545ba4cc877db0846a725c5c5d

Identifiers

  • None

ladda.min.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/ladda.min.js
MD5: 0cd0463d5b87e8303302d362f6e4cbf9
SHA1: 7fc897bedc6e1ade0bf858a42106f644e798fe01
SHA256:15eeab0be27290f42d792634296412da4d828278435376c66b5ee17557f4f8fa

Identifiers

  • None

robospice-cache-1.4.14.jar

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/robospice-cache-1.4.14.jar
MD5: 59a084117d36896543b8782632369164
SHA1: 1a13bea0b3ae105c44cb6be7fc76b6d36098faf5
SHA256:9dfeec4e0574e266b2ab693bd05611c1162678feff909a689f99cb02bba936fa

Identifiers

site.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/site.js
MD5: 43e5a4d5877933d7b1f01ac6423920c2
SHA1: 94b3b58c73cb95c3374d5a4bc5c3bbab95588454
SHA256:700f3082d2472beb0bbefbddb817cfd7ac436b4518ca3693598fd02cfe933f25

Identifiers

  • None

ekko-lightbox.js

File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/ekko-lightbox.js
MD5: 75ed92a66f0c0614c32ae85aaf6e1d42
SHA1: d906c974a77d8989eb5727299f1e181c6a18c847
SHA256:4442c0516a85d2af449febb8217183b1503b4f6f511fc130691763e03cdcc6d6

Identifiers

  • None


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.