Dependency-Check is an open source tool performing a best effort analysis of 3rd party
dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show
all ):
dependency-check version : 5.2.1
Report Generated On : Wed, 14 Aug 2019 12:07:36 +0200
Dependencies Scanned : 125 (116 unique)
Vulnerable Dependencies : 15
Vulnerabilities Found : 37
Vulnerabilities Suppressed : 0
...
NVD CVE Checked : 2019-08-14T12:04:16
NVD CVE Modified : 2019-08-14T07:02:24
VersionCheckOn : 2019-08-14T12:04:17
Summary Display:
Showing
Vulnerable Dependencies (click to show all)
Dependencies
bootstrap.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/bootstrap.min.jsMD5: abda843684d022f3bc22bc83927fe05fSHA1: 26908395e7a9a4eab607d80aa50a81d65f3017cbSHA256: 24cc29533598f962823c4229bc280487646a27a42a95257c31de1b9b18f3710f
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
bootstrap
High
Product
file
name
bootstrap
High
Version
file
version
3.2.0
High
Published
Vulnerabilities
CVE-2018-14040
suppress
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0;
versions up to (excluding) 4.1.2
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
CVE-2018-14041
suppress
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0;
versions up to (excluding) 4.1.2
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
CVE-2018-14042
suppress
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0;
versions up to (excluding) 4.1.2
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
CVE-2019-8331
suppress
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0;
versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including)
14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from
(including) 14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0;
versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from
(including) 12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including)
13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including)
12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0;
versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from
(including) 13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0;
versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from
(including) 14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including)
13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including)
13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including)
12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including)
14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including)
13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from
(including) 13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0;
versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including)
14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including)
12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0;
versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from
(including) 12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from
(including) 12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including)
12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from
(including) 13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from
(including) 14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including)
13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from
(including) 13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0;
versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from
(including) 12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from
(including) 12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0;
versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0;
versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from
(including) 14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0;
versions up to (excluding) 4.3.1
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including)
12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from
(including) 13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including)
14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including)
14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from
(including) 14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1
can.custom.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/can.custom.jsMD5: 2c217e5e2016a7640706189804d2ee85SHA1: 535683c6c8b10bc3d8f6179518008710ea3e38d3SHA256: fab181e0e34b44df6ebc0467dc0b235dffa17f7511fe17f80dd772d0bbc5f0f4
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
prototypejs
High
Product
file
name
prototypejs
High
Version
file
version
1.6.0.1.
High
Published
Vulnerabilities
CVE-2008-7220
suppress
Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
NVD-CWE-Other
CVSSv2:
Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:prototypejs:prototype_javascript_framework:1.6.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.0:pre1:*:*:*:*:*:*
cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:prototypejs:prototype_javascript_framework:*:*:*:*:*:*:*:* versions up to
(including) 1.6.0.1
cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:prototypejs:prototype_javascript_framework:1.6.0.1:rc0:*:*:*:*:*:*
cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.0:pre0:*:*:*:*:*:*
cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.0:rc0:*:*:*:*:*:*
jquery-ui.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jquery-ui.jsMD5: 3b415de6bb13cb54c8375b81bbec2f1aSHA1: 99b3e9444d6116d1c651792fb27d920cf905b96bSHA256: cfd3d71585bc12619307ad59bb9ae4ac6a2ad8d2f41b92d8fe7f9b620acceaaf
Evidence
Type
Source
Name
Value
Confidence
jsr305-1.3.9.jar
Description:
JSR305 Annotations for Findbugs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/jsr305-1.3.9.jar
MD5: 1d5a772e400b04bb67a7ef4a0e0996d8
SHA1: 40719ea6961c0cb6afaeb6a921eaa1f6afd4cfdf
SHA256: 905721a0eea90a81534abb7ee6ef4ea2e5e645fa1def0a5cd88402df1b46c9ed
Evidence
Type
Source
Name
Value
Confidence
Vendor
jar
package name
annotation
Low
Vendor
jar
package name
javax
Low
Vendor
pom
name
FindBugs-jsr305
High
Vendor
pom
url
http://findbugs.sourceforge.net/
Highest
Vendor
pom
artifactid
jsr305
Low
Vendor
pom
groupid
google.code.findbugs
Highest
Vendor
file
name
jsr305
High
Vendor
central
groupid
com.google.code.findbugs
Highest
Product
jar
package name
annotation
Low
Product
pom
name
FindBugs-jsr305
High
Product
pom
groupid
google.code.findbugs
Low
Product
central
artifactid
jsr305
Highest
Product
pom
artifactid
jsr305
Highest
Product
pom
url
http://findbugs.sourceforge.net/
Medium
Product
file
name
jsr305
High
Version
file
version
1.3.9
Highest
Version
central
version
1.3.9
Highest
Version
pom
version
1.3.9
Highest
spin.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/spin.min.jsMD5: 9200c33782bb46a2e36beb1393a6797dSHA1: e3cdb00f0eb9b7729b8fe44873bac8734aba3b0fSHA256: ca64e3f676b38f06ed0eba111776f2bc8ad352b672c0819ec5b9072c342bd35d
Evidence
Type
Source
Name
Value
Confidence
jquery-1.2.1.pack.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/lib/simpletest/docs/simpletest.org/js/jquery-1.2.1.pack.jsMD5: ebe0ea764139f30972055e9f79972277SHA1: ca0aea084a63d0a56e1bbf17fde5061f631b391fSHA256: 675a68ab60ce5068044d9a49a989dbf7cf5f051eece9f9d8f32faa1e89dc3912
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
jquery
High
Product
file
name
jquery
High
Version
file
version
1.2.1.pack
High
Published
Vulnerabilities
CVE-2011-4969
suppress
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:1.6:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (including) 1.6.2
CVE-2012-6708
suppress
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0
CVE-2019-11358
suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up
to (excluding) 8.6.15
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up
to (excluding) 7.66
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up
to (excluding) 8.5.15
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0;
versions up to (excluding) 1.11.9
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0;
versions up to (excluding) 1.12.6
modern-business.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/modern-business.jsMD5: c6b4f86f2c77ad213f0ee77cefc01fdbSHA1: 76db3c9e44b45cae7f07decbafe0e5136906a2e2SHA256: 22e8d55a906828f4a5981a9c5cdf53d349405183c545218e0e6c236e3bc26a38
Evidence
Type
Source
Name
Value
Confidence
bootstrap.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/apache/log4php/src/site/resources/js/bootstrap.min.jsMD5: d01e3a1948f9426854ad63b9eef80a77SHA1: 0c171fd3829587d6b25a6d8c51bd02dff5befae2SHA256: bdaa5fc9eebff3a3b4c4e89806d2d06e3008390e9a7fb5122fcb98c12114e069
Evidence
Type
Source
Name
Value
Confidence
jquery.jstree.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jquery.jstree.jsMD5: 83c79ad9f72c91c4a78b4437a21254b1SHA1: bfa1f9e780477f448b80a34a7da881e3edeee968SHA256: 14ea671007331e50d402bca4642aa5a56030ceed37095472de8596dcc6c375d0
Evidence
Type
Source
Name
Value
Confidence
bootstrap.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/apache/log4php/src/site/resources/js/bootstrap.jsMD5: c37968e682cc0dd043799ed029f018f7SHA1: 4851c973a0fa800b57459b7d245d8cfccaa4b348SHA256: 8a0aa0178f4aefe0a15617ff8eb5a2e07f5488d7a66dfbc3c59224909f4711c6
Evidence
Type
Source
Name
Value
Confidence
jquery.form-validator.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery.form-validator.min.jsMD5: c089a2d71637dbc8f533eaf16e4afd2dSHA1: 57d3d2a52db7d727078ad93bd39e81f963a609c6SHA256: dc87e279fb83d7898f4a2072e8dc7a8201056fd72f3f35857cc167782264d507
Evidence
Type
Source
Name
Value
Confidence
bootstrapValidator.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/bootstrapValidator.min.jsMD5: 10eecdbce7bc521d19ad13b420ca155eSHA1: 9a47b95509335a9345f04e8ce77a58d1723fb31aSHA256: 342baa305def9d8883bda953ffda736ecc9493fd045c0d60d5ad6a59b57375c5
Evidence
Type
Source
Name
Value
Confidence
metisMenu.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/plugins/metisMenu/metisMenu.jsMD5: 050f108ef581b91d461e3f71b9e8e2d5SHA1: 03ca031cc846034796f0941dc44db19cd2cdb17fSHA256: b94dc956e3b815e404c69ec54ac3a133f9f926a415bf4f01f8fd09694dfd288c
Evidence
Type
Source
Name
Value
Confidence
jquery-1.10.2.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery-1.10.2.jsMD5: 52e798fa363010f95feed65def07037bSHA1: 9cbc3e88ab78003783e7d440c6fb39445a4126beSHA256: fa411409e767595b83bf12f7204d69a856031ec9466998358316f6cbbfedd8a6
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
jquery
High
Product
file
name
jquery
High
Version
file
version
1.10.2
High
Published
Vulnerabilities
CVE-2015-9251
suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions
up to (excluding) 7.2
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
versions from (including) 8.0.0; versions up to (including) 8.0.7
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.2; versions up to (including) 8.0.6
cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*
versions up to (excluding) 7.0.0.1
cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1;
versions up to (including) 17.12
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to
(excluding) 6.1.0.4.0
cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
versions from (including) 7.3.3; versions up to (including) 7.3.5
cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including)
4.3.0.1; versions up to (including) 4.3.0.4
cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.6
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions
from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*
versions from (including) 8.0.2; versions up to (including) 8.0.7
cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions
from (including) 8.0.5; versions up to (including) 8.0.7
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
CVE-2019-11358
suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions
up to (excluding) 8.6.15
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up
to (excluding) 7.66
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions
up to (excluding) 8.5.15
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0;
versions up to (excluding) 1.11.9
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0;
versions up to (excluding) 1.12.6
server.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/guzzlehttp/ringphp/tests/Client/server.jsMD5: 88d159b78be1b7fa9212209d4d38aef3SHA1: 98616b32316b8c365d47211bc6ad13081c951910SHA256: b232eddc7abce54877b177fecd427834bd783835909cae4b42ac265443974331
Evidence
Type
Source
Name
Value
Confidence
commons-codec-1.3.jar
Description:
The codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/commons-codec-1.3.jar
MD5: 8e149c1053741c03736a52df83974dcc
SHA1: fd32786786e2adb664d5ecc965da47629dca14ba
SHA256: 1bafd2ece2e88db4cdf835a7f8f0de65fab5b1147977a5dcc59b7c1b8c6f5080
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
commons-codec
High
Vendor
pom
groupid
net.sf.ingenias
Highest
Vendor
pom
artifactid
commons-codec
Low
Vendor
pom
groupid
commons-codec
Highest
Vendor
pom
url
http://jakarta.apache.org/commons/codec/
Highest
Vendor
jar
package name
apache
Highest
Vendor
pom
url
http://jade.tilab.com/
Highest
Vendor
Manifest
specification-vendor
Apache Software Foundation
Low
Vendor
pom
artifactid
common-codec
Low
Vendor
jar
package name
codec
Low
Vendor
jar
package name
apache
Low
Vendor
pom
name
Codec
High
Vendor
central
groupid
commons-codec
High
Vendor
jar
package name
codec
Highest
Vendor
jar
package name
commons
Low
Vendor
Manifest
extension-name
org.apache.commons.codec
Medium
Vendor
pom
name
common-codec
High
Vendor
pom
organization url
http://jakarta.apache.org
Medium
Vendor
central
groupid
net.sf.ingenias
High
Vendor
pom
organization name
The Apache Software Foundation
High
Vendor
Manifest
Implementation-Vendor
Apache Software Foundation
High
Vendor
jar
package name
commons
Highest
Product
file
name
commons-codec
High
Product
Manifest
specification-title
Jakarta Commons Codec
Medium
Product
central
artifactid
commons-codec
High
Product
jar
package name
apache
Highest
Product
Manifest
Implementation-Title
org.apache.commons.codec
High
Product
pom
organization url
http://jakarta.apache.org
Low
Product
pom
url
http://jade.tilab.com/
Medium
Product
jar
package name
codec
Low
Product
pom
groupid
net.sf.ingenias
Low
Product
pom
artifactid
commons-codec
Highest
Product
pom
name
Codec
High
Product
jar
package name
codec
Highest
Product
jar
package name
commons
Low
Product
Manifest
extension-name
org.apache.commons.codec
Medium
Product
pom
name
common-codec
High
Product
pom
artifactid
common-codec
Highest
Product
central
artifactid
common-codec
High
Product
pom
organization name
The Apache Software Foundation
Low
Product
pom
url
http://jakarta.apache.org/commons/codec/
Medium
Product
pom
groupid
commons-codec
Low
Product
jar
package name
commons
Highest
Version
Manifest
Implementation-Version
1.3
High
Version
pom
version
1.3
Highest
Version
file
version
1.3
Highest
Version
central
version
1.3
High
swfobject.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/swfobject.jsMD5: b9697feec5732af790e8ebe7e1203268SHA1: 06bca3cbc44ef36774ae8734867767cdebc5be80SHA256: 0d2feb3f93e3218ca3330bfaf1e91712cf1189723b58654a26e91697c05388ff
Evidence
Type
Source
Name
Value
Confidence
Related Dependencies
swfobject.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/swfobject.js
MD5: b9697feec5732af790e8ebe7e1203268
SHA1: 06bca3cbc44ef36774ae8734867767cdebc5be80
SHA256: 0d2feb3f93e3218ca3330bfaf1e91712cf1189723b58654a26e91697c05388ff
swfobject.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/Amf/Slider/html-template/swfobject.js
MD5: b9697feec5732af790e8ebe7e1203268
SHA1: 06bca3cbc44ef36774ae8734867767cdebc5be80
SHA256: 0d2feb3f93e3218ca3330bfaf1e91712cf1189723b58654a26e91697c05388ff
swfobject.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/Amf/Coupon/html-template/swfobject.js
MD5: b9697feec5732af790e8ebe7e1203268
SHA1: 06bca3cbc44ef36774ae8734867767cdebc5be80
SHA256: 0d2feb3f93e3218ca3330bfaf1e91712cf1189723b58654a26e91697c05388ff
swfobject.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/ClientGenerator/Generators/AmfphpFlashClientGenerator/Template/html-template/swfobject.js
MD5: b9697feec5732af790e8ebe7e1203268
SHA1: 06bca3cbc44ef36774ae8734867767cdebc5be80
SHA256: 0d2feb3f93e3218ca3330bfaf1e91712cf1189723b58654a26e91697c05388ff
bootstrap.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/phpunit/php-code-coverage/PHP/CodeCoverage/Report/HTML/Renderer/Template/js/bootstrap.min.jsMD5: 9e8a05ab617c7e403be79e42f09107feSHA1: 3e6ab2b64de4239acb763383a591d76a44053293SHA256: 34c5b7b058640503224a11acd9e5edd7a3d11d6dd1a1d05e9cb971855e798849
Evidence
Type
Source
Name
Value
Confidence
commons-lang3-3.3.2.jar
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/commons-lang3-3.3.2.jar
MD5: 3128bf75a2549ebe38663401191bacab
SHA1: 90a3822c38ec8c996e84c16a3477ef632cbc87a3
SHA256: 6b81d10754dadf184d386011486e6509c2cc0c3d33565ced4fb4402b9413d47d
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
parent-groupid
org.apache.commons
Medium
Vendor
jar
package name
apache
Highest
Vendor
Manifest
specification-vendor
The Apache Software Foundation
Low
Vendor
Manifest
bundle-docurl
http://commons.apache.org/proper/commons-lang/
Low
Vendor
pom
url
http://commons.apache.org/proper/commons-lang/
Highest
Vendor
pom
artifactid
commons-lang3
Low
Vendor
file
name
commons-lang3
High
Vendor
Manifest
Implementation-Vendor-Id
org.apache
Medium
Vendor
Manifest
bundle-symbolicname
org.apache.commons.lang3
Medium
Vendor
Manifest
Implementation-Vendor
The Apache Software Foundation
High
Vendor
pom
groupid
apache.commons
Highest
Vendor
pom
name
Apache Commons Lang
High
Vendor
Manifest
implementation-build
tags/LANG_3_3_2_RC1@r1585295; 2014-04-06 14:18:52+0200
Low
Vendor
jar
package name
lang3
Highest
Vendor
pom
parent-artifactid
commons-parent
Low
Vendor
jar
package name
commons
Highest
Product
Manifest
specification-title
Apache Commons Lang
Medium
Product
jar
package name
apache
Highest
Product
Manifest
bundle-docurl
http://commons.apache.org/proper/commons-lang/
Low
Product
Manifest
Bundle-Name
Apache Commons Lang
Medium
Product
Manifest
Implementation-Title
Apache Commons Lang
High
Product
pom
groupid
apache.commons
Low
Product
file
name
commons-lang3
High
Product
Manifest
bundle-symbolicname
org.apache.commons.lang3
Medium
Product
pom
name
Apache Commons Lang
High
Product
pom
parent-groupid
org.apache.commons
Low
Product
Manifest
implementation-build
tags/LANG_3_3_2_RC1@r1585295; 2014-04-06 14:18:52+0200
Low
Product
jar
package name
lang3
Highest
Product
pom
parent-artifactid
commons-parent
Medium
Product
pom
url
http://commons.apache.org/proper/commons-lang/
Medium
Product
pom
artifactid
commons-lang3
Highest
Product
jar
package name
commons
Highest
Version
pom
version
3.3.2
Highest
Version
file
version
3.3.2
Highest
Version
Manifest
Bundle-Version
3.3.2
High
Version
pom
parent-version
3.3.2
Low
Version
Manifest
Implementation-Version
3.3.2
High
jquery-ui.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jqueryui-sortable/jquery-ui.jsMD5: ac2e42f1056abef6bd73d4804866c861SHA1: 26d2d45da49d59a755078a294f6c71a9f2e621d3SHA256: 1db0372f2f0f3980c7d5a0418a8bbbf487197f85b9cdd5840745fe6ef79d8f4e
Evidence
Type
Source
Name
Value
Confidence
commons-io-1.3.2.jar
Description:
Commons-IO contains utility classes, stream implementations, file filters, and endian classes.
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/commons-io-1.3.2.jarMD5: 903c04d1fb5d4dc81d95e4be93ff7ecdSHA1: b6dde38349ba9bb5e6ea6320531eae969985dae5SHA256: 551c13e49dab32aebdb7a70ec9c2767372e58864ae115ef389582e548cffee38
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
parent-groupid
org.apache.commons
Medium
Vendor
pom
groupid
commons-io
Highest
Vendor
file
name
commons-io
High
Vendor
jar
package name
apache
Highest
Vendor
Manifest
specification-vendor
The Apache Software Foundation
Low
Vendor
pom
url
http://jakarta.apache.org/commons/io/
Highest
Vendor
Manifest
Implementation-Vendor-Id
org.apache
Medium
Vendor
Manifest
Implementation-Vendor
The Apache Software Foundation
High
Vendor
pom
name
Commons IO
High
Vendor
pom
artifactid
commons-io
Low
Vendor
jar
package name
io
Highest
Vendor
pom
parent-artifactid
commons-parent
Low
Vendor
jar
package name
commons
Highest
Product
Manifest
specification-title
Commons IO
Medium
Product
pom
url
http://jakarta.apache.org/commons/io/
Medium
Product
file
name
commons-io
High
Product
jar
package name
apache
Highest
Product
Manifest
Implementation-Title
Commons IO
High
Product
pom
groupid
commons-io
Low
Product
pom
name
Commons IO
High
Product
pom
artifactid
commons-io
Highest
Product
pom
parent-groupid
org.apache.commons
Low
Product
jar
package name
io
Highest
Product
pom
parent-artifactid
commons-parent
Medium
Product
jar
package name
commons
Highest
Version
pom
parent-version
1.3.2
Low
Version
pom
version
1.3.2
Highest
Version
file
version
1.3.2
Highest
Version
Manifest
Implementation-Version
1.3.2
High
jquery.hotkeys.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jquery.hotkeys.jsMD5: f33d295fe69e3c013132eba0e1181d70SHA1: 4462ce00ac82d7ceeccb159a8d86fbe4cc0fbfddSHA256: 2fd3d8e5c325c02763a79a7cbf4d7119f284688a901d7b3f4a07eba9ccc02ba4
Evidence
Type
Source
Name
Value
Confidence
simpleObject.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/phpunit/phpunit/Tests/_files/JsonData/simpleObject.jsMD5: 74ae259131b0149d39ad5ae616eba1a2SHA1: 6d308f2b544092d70f23a743364819fac25af7a7SHA256: 854721cfd9971a8c5b57f0691e4dd87820fcd11e278ded9b8af95a8e99ac52ee
Evidence
Type
Source
Name
Value
Confidence
Related Dependencies
simpleObject2.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/phpunit/phpunit/Tests/_files/JsonData/simpleObject2.js
MD5: 74ae259131b0149d39ad5ae616eba1a2
SHA1: 6d308f2b544092d70f23a743364819fac25af7a7
SHA256: 854721cfd9971a8c5b57f0691e4dd87820fcd11e278ded9b8af95a8e99ac52ee
sb.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/sb.jsMD5: 47fc005b3a1918e763499b1770a68158SHA1: 7d7fd3c9429c3518ab5578be5569174c83d51a08SHA256: 9a20f088c6d6d2131336454224d8b20e85535c5a4f83f74ceee5d91f80300e39
Evidence
Type
Source
Name
Value
Confidence
httpcore-4.0.1.jar
Description:
HttpComponents Core (Java 1.3 compatible)
License:
Apache License: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/httpcore-4.0.1.jar
MD5: 6c1963fd8ac0c40c004c9e892e0d7703
SHA1: e813b8722c387b22e1adccf7914729db09bcb4a9
SHA256: 3b6bf92affa85d4169a91547ce3c7093ed993b41ad2df80469fc768ad01e6b6b
Evidence
Type
Source
Name
Value
Confidence
Vendor
jar
package name
apache
Highest
Vendor
pom
parent-groupid
org.apache.httpcomponents
Medium
Vendor
pom
artifactid
httpcore
Low
Vendor
Manifest
specification-vendor
Apache Software Foundation
Low
Vendor
pom
groupid
apache.httpcomponents
Highest
Vendor
Manifest
Implementation-Vendor-Id
org.apache
Medium
Vendor
pom
name
HttpCore
High
Vendor
file
name
httpcore
High
Vendor
pom
url
http://hc.apache.org/httpcomponents-core/
Highest
Vendor
Manifest
Implementation-Vendor
Apache Software Foundation
High
Vendor
pom
parent-artifactid
httpcomponents-core
Low
Product
jar
package name
apache
Highest
Product
pom
parent-groupid
org.apache.httpcomponents
Low
Product
Manifest
specification-title
Apache HttpCore
Medium
Product
pom
url
http://hc.apache.org/httpcomponents-core/
Medium
Product
pom
artifactid
httpcore
Highest
Product
pom
name
HttpCore
High
Product
file
name
httpcore
High
Product
pom
groupid
apache.httpcomponents
Low
Product
pom
parent-artifactid
httpcomponents-core
Medium
Version
Manifest
Implementation-Version
4.0.1
High
Version
pom
version
4.0.1
Highest
Version
file
version
4.0.1
Highest
star-rating.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/star-rating.min.jsMD5: 68174b22fc83d4c1caefbd4a34304974SHA1: 34be9449dcd023a6895fbea496aefde4fff1e789SHA256: 80e3ff7bd6a019fb932a868562a83986186108ef3b3e727b59b0b0d02cd6b940
Evidence
Type
Source
Name
Value
Confidence
bootstrap.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/bootstrap.jsMD5: f91d38466de6410297c6dcd8287abbcaSHA1: 8c639912ccd43078865578e598607d1b847c2373SHA256: 7970f31907d91bf0f19efe8aefee74d6f0a2d8c72b2f8f20a5e297d3c414a78f
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
bootstrap
High
Product
file
name
bootstrap
High
Version
file
version
3.2.0
High
Published
Vulnerabilities
CVE-2018-14040
suppress
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0;
versions up to (excluding) 4.1.2
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
CVE-2018-14041
suppress
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0;
versions up to (excluding) 4.1.2
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
CVE-2018-14042
suppress
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0;
versions up to (excluding) 4.1.2
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
CVE-2019-8331
suppress
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including)
12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including)
14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from
(including) 14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0;
versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from
(including) 12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from
(including) 13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including)
12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0;
versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from
(including) 13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including)
14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from
(including) 14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including)
13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including)
13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including)
12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from
(including) 14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including)
13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from
(including) 13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0;
versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including)
14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including)
12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including)
13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from
(including) 12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from
(including) 12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from
(including) 12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from
(including) 13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from
(including) 14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including)
13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from
(including) 13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0;
versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from
(including) 12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from
(including) 12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0;
versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0;
versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from
(including) 14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0;
versions up to (excluding) 4.3.1
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including)
12.1.0; versions up to (including) 12.1.4
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from
(including) 13.0.0; versions up to (including) 13.1.1
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including)
14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including)
14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from
(including) 14.0.0; versions up to (including) 14.1.0
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1
mode-json.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/ace/mode-json.jsMD5: 3db05a95b3b7b469646402318e2e8196SHA1: fc709bed79ee71234c8f91f9367fcc94837c6ef2SHA256: 9ddc71d20f625c9c051ac945d30328249df3bbe1a5f7cc1f9983042b4239259b
Evidence
Type
Source
Name
Value
Confidence
jquery.validate.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery.validate.min.jsMD5: a72798435017907da8f799e47224d22bSHA1: e1ab4fd55cbb5eb011fab824f6421bf19f62ff52SHA256: 806e0db9e5c58e0fb3216872f36b577c05fd85c132d2857effd68bf617c93b20
Evidence
Type
Source
Name
Value
Confidence
history.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/ClientGenerator/Generators/AmfphpFlexClientGenerator/Template/html-template/history/history.jsMD5: bfdb20a4e8165ee19fd4b512d44c9eedSHA1: 09f254614329c395c56ed8d78993597428cd4014SHA256: b697997a380196049132034c898bace6ef6e30812ac560d321154ca38ad6fb87
Evidence
Type
Source
Name
Value
Confidence
site.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/apache/log4php/src/site/resources/js/site.jsMD5: c02608ca0b841fdc05cdb84dd5af6f62SHA1: 71c7f9310188e93dcba4eafa9e22d7f0f5047ab9SHA256: 896ec6e789a5b917673c6065348788de91b73bc37f08ee21dbf1c12ae70161cb
Evidence
Type
Source
Name
Value
Confidence
jquery.inputmask.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery.inputmask.jsMD5: d72fae0422d995eaec6246f87411fd08SHA1: 76dff37d9fd6ef17e7ebba095290100c3aa2b721SHA256: 02026c51c88abf2955940bcb47e6e65efe5d6ce1c36542270069b3ecca3a5132
Evidence
Type
Source
Name
Value
Confidence
html5shiv.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/phpunit/php-code-coverage/PHP/CodeCoverage/Report/HTML/Renderer/Template/js/html5shiv.jsMD5: 262bb88879efaaf75c74154fe0308952SHA1: 2123253519c0bee8a5735958281a73296a66003bSHA256: b3aa003abf3b6aaf1654fe8669472e3c01dba7bb73be4a8b73a3423cfeeb0e39
Evidence
Type
Source
Name
Value
Confidence
jqplot.enhancedLegendRenderer.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jqplot.enhancedLegendRenderer.jsMD5: 9f25a34937f3d4cd176bc0864472afedSHA1: 8e57bf9cf7fda4fe3ecd16cf77c1abce5419c351SHA256: 8bcf33ad80f4c0cbce5da12f2d3cf884360c82cc59f61728af38c1d71ca94b61
Evidence
Type
Source
Name
Value
Confidence
worker-json.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/ace/worker-json.jsMD5: fba0f1adc8f78c53f43fc92d6842b812SHA1: ddf5323bc2d0c57dfb7ebe2c5e2b5e32fe5bf1faSHA256: 98e4b1957db4e83c07260cdf75cf9eb0950eb5cda9707f0ab674bb440547044c
Evidence
Type
Source
Name
Value
Confidence
koExternalTemplateEngine_all.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/koExternalTemplateEngine_all.min.jsMD5: d4267babc387054ed7279e261b724f32SHA1: ef24e6088bf5553fcfba214cee482a9a10406594SHA256: 9215bf71191307f9b35f1d66561e406ba64faa8186cc082acadf66664ad7cef9
Evidence
Type
Source
Name
Value
Confidence
jquery-ui.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jqueryui-sortable/jquery-ui.min.jsMD5: 17dcf5271d1625874c71f06bc6e8fae9SHA1: 4400f02bd89d050f7c06b484e3d9456a8161f0e8SHA256: 4e528f02f6efb3b4906ba9ec326aa207280352279299ec3ccf8f20e0f194f03c
Evidence
Type
Source
Name
Value
Confidence
prettify.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/apache/log4php/src/site/resources/js/prettify.jsMD5: 5f121e52404a8c33b74e965eef973eddSHA1: 4a8986f31c6711c08d4f2fbb2481ff2c605e92bdSHA256: dd2eeda6617cf68822da66253edcbfaf02190ff0d4ca5f55f1e98955afa3a9a7
Evidence
Type
Source
Name
Value
Confidence
can.custom.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/can.custom.min.jsMD5: 0612064db38bc34f246d217669105bf5SHA1: b579218891051a41cb9605ec3f8d13f5b3a22bdbSHA256: de832c08a05bf916019952342bfd26a6ee247d2f349e6879350d536f074553bf
Evidence
Type
Source
Name
Value
Confidence
jquery.jqplot.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jquery.jqplot.jsMD5: 7eab074b3b72fcb0fb6f39d0ffa23537SHA1: 71df2722a3311617a65280b84c1b4c3feb4c5e72SHA256: 54e91d55b6a6ee3b7eadeeaf3c6b8f375376f9fcb361b493ed677a88aad6d162
Evidence
Type
Source
Name
Value
Confidence
jquery.dump.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/ClientGenerator/Generators/AmfphpHtmlClientGenerator/Template/js/jquery.dump.jsMD5: 23c01e1b974eafc2903b88deede67f0aSHA1: bf3124ec2acaad6df590e17015d8ad86959cc4aeSHA256: b032e53b1f1cf38cf9724840281427fc81f6b236774f777f4dfc4a8d897be8aa
Evidence
Type
Source
Name
Value
Confidence
Related Dependencies
jquery.dump.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery.dump.js
MD5: 23c01e1b974eafc2903b88deede67f0a
SHA1: bf3124ec2acaad6df590e17015d8ad86959cc4ae
SHA256: b032e53b1f1cf38cf9724840281427fc81f6b236774f777f4dfc4a8d897be8aa
tools.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/tools.jsMD5: 1e33608a89faa9bbbf273a5fc682dda0SHA1: 0f89e9251fc9758d8bdbb9303b9e76dd84826d80SHA256: 5bbb34e85d093c1cf14290076a6b30ee60a87c19e5b9779517c3ea40f8031402
Evidence
Type
Source
Name
Value
Confidence
google-http-client-jackson2-1.19.0.jar
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/google-http-client-jackson2-1.19.0.jarMD5: a0fbd6a85362ea90d37d18ce33da4282SHA1: 81dbf9795d387d5e80e55346582d5f2fb81a42ebSHA256: f416949077a926f14b3804c2c14cc3b3e691840cb2c2c2d2d31222d6ee05e4b5
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
google-http-client-jackson2
High
Vendor
Manifest
Implementation-Vendor-Id
com.google.http-client
Medium
Vendor
Manifest
Implementation-Vendor
Google
High
Vendor
pom
name
Jackson 2 extensions to the Google HTTP Client Library for Java.
High
Vendor
pom
groupid
google.http-client
Highest
Vendor
jar
package name
api
Low
Vendor
jar
package name
google
Highest
Vendor
pom
artifactid
google-http-client-jackson2
Low
Vendor
central
groupid
com.google.http-client
Highest
Vendor
pom
parent-groupid
com.google.http-client
Medium
Vendor
pom
parent-artifactid
google-http-client-parent
Low
Vendor
jar
package name
client
Low
Vendor
jar
package name
google
Low
Vendor
jar
package name
client
Highest
Product
central
artifactid
google-http-client-jackson2
Highest
Product
file
name
google-http-client-jackson2
High
Product
pom
name
Jackson 2 extensions to the Google HTTP Client Library for Java.
High
Product
jar
package name
api
Low
Product
jar
package name
google
Highest
Product
jar
package name
json
Low
Product
pom
artifactid
google-http-client-jackson2
Highest
Product
Manifest
Implementation-Title
Jackson 2 extensions to the Google HTTP Client Library for Java.
High
Product
jar
package name
client
Low
Product
pom
groupid
google.http-client
Low
Product
pom
parent-groupid
com.google.http-client
Low
Product
pom
parent-artifactid
google-http-client-parent
Medium
Product
jar
package name
client
Highest
Version
Manifest
Implementation-Version
1.19.0
High
Version
file
version
1.19.0
Highest
Version
central
version
1.19.0
Highest
Version
pom
version
1.19.0
Highest
robospice-ui-spicelist-1.4.14.jar
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/robospice-ui-spicelist-1.4.14.jarMD5: bd5ed79c0ef0fbb92ac0f366b375d99aSHA1: 95be49096c46d38a4cf76c29c7bfd8f10728257cSHA256: 105859ca150f7af1a2dcb8dcf13cc53254b697c615bc1f9f7ad4b3ca003d51fd
Evidence
Type
Source
Name
Value
Confidence
Vendor
jar
package name
robospice
Low
Vendor
jar
package name
android
Highest
Vendor
jar
package name
spicelist
Highest
Vendor
jar
package name
android
Low
Vendor
file
name
robospice-ui-spicelist
High
Vendor
jar
package name
octo
Highest
Vendor
pom
parent-artifactid
robospice-ui-spicelist-parent
Low
Vendor
pom
groupid
octo.android.robospice
Highest
Vendor
jar
package name
octo
Low
Vendor
jar
package name
robospice
Highest
Vendor
pom
parent-groupid
com.octo.android.robospice
Medium
Vendor
pom
name
Robospice - Extension UI SpiceList Module
High
Vendor
pom
artifactid
robospice-ui-spicelist
Low
Product
jar
package name
robospice
Low
Product
pom
groupid
octo.android.robospice
Low
Product
jar
package name
android
Highest
Product
jar
package name
spicelist
Highest
Product
pom
parent-artifactid
robospice-ui-spicelist-parent
Medium
Product
jar
package name
android
Low
Product
file
name
robospice-ui-spicelist
High
Product
jar
package name
octo
Highest
Product
jar
package name
spicelist
Low
Product
pom
parent-groupid
com.octo.android.robospice
Low
Product
pom
artifactid
robospice-ui-spicelist
Highest
Product
jar
package name
robospice
Highest
Product
pom
name
Robospice - Extension UI SpiceList Module
High
Version
pom
version
1.4.14
Highest
Version
file
version
1.4.14
Highest
xpath-legacy.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/xpath-legacy.jsMD5: ad897c6c0975515caef1cc719cb8940cSHA1: d0d7d0d9b52b75d5e31b7eac09169fa4bc2024f5SHA256: 9d47bad918f6d9eeaed93b1afaea24259ec5776239bac71ea4ead5664d551e70
Evidence
Type
Source
Name
Value
Confidence
services.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/services.jsMD5: 56f0013dec9d67ef1d0e2ebc6ab19e8aSHA1: c1901df0ce3013a851f8a39118a615a6e0f6fd74SHA256: acda8a23088f829822cfa6e352f5d9e022a672d293e729e9bd0a752d5f98631c
Evidence
Type
Source
Name
Value
Confidence
jquery.form.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery.form.min.jsMD5: 9293e417bee6496ed25336658f5586c5SHA1: 80eefbf36d24df2cca54f246ace204aaac1fd4fcSHA256: 3a060d8ec00cedf42453f493bffb0ec47c1c9745c207e49c80ec7a883b7c38e4
Evidence
Type
Source
Name
Value
Confidence
jqplot.barRenderer.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jqplot.barRenderer.jsMD5: 7b7b7e1a7328c1bbddebca4710cd44c1SHA1: 2ef315e940ac0155a6a5832cc19d5c442c79f1c5SHA256: 8e0e487108c4813a3a7df79bd0263b42d52cd7b8c1fc525eb1b1b3169d6858d9
Evidence
Type
Source
Name
Value
Confidence
metisMenu.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/plugins/metisMenu/metisMenu.min.jsMD5: b963d934b346231f9a1abd950b3d8c80SHA1: 45e2f07c41c809b38f1b93dd9eeeee42f371aa19SHA256: 0fcb285e05a2de5c2b04fb919f2e32108c7d0ef3d5f8171067c0fedf623868aa
Evidence
Type
Source
Name
Value
Confidence
jquery.modern-blink.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery.modern-blink.jsMD5: 626dfbef18015ba559cbf3912c3b49e8SHA1: 3e91bf83cf5190325822722723d7f5c21c825f8cSHA256: 409f593edb890ba3bb723c02773276e0d05b3dcbaf13f1305d39ac50762d32ad
Evidence
Type
Source
Name
Value
Confidence
json3.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/json3.min.jsMD5: 3e5137f1f047896eb22832c26829500fSHA1: 310287f0861f2d6767db75f25d63cb307c8bef92SHA256: 7c3e64ef84e5290feef3e6e6943c4618cd3b609995b6d7bde6e898b06bbf5d5a
Evidence
Type
Source
Name
Value
Confidence
dataTables.bootstrap.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/plugins/dataTables/dataTables.bootstrap.jsMD5: d6a84d7977a34972716e3d61e63d0928SHA1: 59ee45f0f661501713b324a290515087619f34e8SHA256: 1ba2569612e7a6203ec0b1e077468eb3dbc72230bb1e074100c4f3404f9786d5
Evidence
Type
Source
Name
Value
Confidence
jquery.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jquery.jsMD5: 3f7dfcdb5696a6ba53d87f30d09f6d61SHA1: 8ba00a08a1d9e2a330ca2403c77dc4f12b8bd2ffSHA256: ca87b12f3d6ba06e4dbfec7df8519b428c975edca86c1cc9517705771a3fa36e
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
jquery
High
Product
file
name
jquery
High
Version
file
version
1.6.1
High
Published
Vulnerabilities
CVE-2011-4969
suppress
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:1.6:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (including) 1.6.2
CVE-2012-6708
suppress
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0
CVE-2015-9251
suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions
up to (excluding) 7.2
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
versions from (including) 8.0.0; versions up to (including) 8.0.7
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.2; versions up to (including) 8.0.6
cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*
versions up to (excluding) 7.0.0.1
cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1;
versions up to (including) 17.12
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to
(excluding) 6.1.0.4.0
cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
versions from (including) 7.3.3; versions up to (including) 7.3.5
cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including)
4.3.0.1; versions up to (including) 4.3.0.4
cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.6
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions
from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*
versions from (including) 8.0.2; versions up to (including) 8.0.7
cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions
from (including) 8.0.5; versions up to (including) 8.0.7
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
CVE-2019-11358
suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions
up to (excluding) 8.6.15
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up
to (excluding) 7.66
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions
up to (excluding) 8.5.15
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0;
versions up to (excluding) 1.11.9
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0;
versions up to (excluding) 1.12.6
hackazon.apk
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/app/hackazon.apkMD5: 506599c6a9006a36bf0e97b5bf62158dSHA1: aa398ad56f2cfe295bfeb5efc62dcb39ffe729f5SHA256: 3995dbb15707b736972dcc3f917dbc35539c220136fbf94bbf60853e18b337c3
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
hackazon
High
Product
file
name
hackazon
High
jquery.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/apache/log4php/src/site/resources/js/jquery.jsMD5: 968e84789263b1e440f7cb4b9a07855aSHA1: 6fb1c88177ea85b7c24830db2d820ffb93929d7dSHA256: 5d31a23ae16e6e7e41edce35797438f6705c78abccec0b083647a1d15396867b
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
jquery
High
Product
file
name
jquery
High
Version
file
version
1.7.1
High
Published
Vulnerabilities
CVE-2012-6708
suppress
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0
CVE-2015-9251
suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions
up to (excluding) 7.2
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
versions from (including) 8.0.0; versions up to (including) 8.0.7
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.2; versions up to (including) 8.0.6
cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*
versions up to (excluding) 7.0.0.1
cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1;
versions up to (including) 17.12
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to
(excluding) 6.1.0.4.0
cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
versions from (including) 7.3.3; versions up to (including) 7.3.5
cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including)
4.3.0.1; versions up to (including) 4.3.0.4
cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.6
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions
from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*
versions from (including) 8.0.2; versions up to (including) 8.0.7
cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions
from (including) 8.0.5; versions up to (including) 8.0.7
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
CVE-2019-11358
suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions
up to (excluding) 8.6.15
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up
to (excluding) 7.66
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions
up to (excluding) 8.5.15
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0;
versions up to (excluding) 1.11.9
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0;
versions up to (excluding) 1.12.6
jquery.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/ClientGenerator/Generators/AmfphpHtmlClientGenerator/Template/js/jquery.jsMD5: 4b65ea7175ec8007f79bf245cf909e05SHA1: 25ef9bc30ae98a552ca86d0148fd2a2b4a59f1a6SHA256: b0f0d10d40b801f6d60ed859f72830287723a64b0318146e2f8940d38e54be43
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
jquery
High
Product
file
name
jquery
High
Version
file
version
1.6.1
High
Published
Vulnerabilities
CVE-2011-4969
suppress
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:1.6:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (including) 1.6.2
CVE-2012-6708
suppress
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0
CVE-2015-9251
suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions
up to (excluding) 7.2
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
versions from (including) 8.0.0; versions up to (including) 8.0.7
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.2; versions up to (including) 8.0.6
cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*
versions up to (excluding) 7.0.0.1
cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1;
versions up to (including) 17.12
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to
(excluding) 6.1.0.4.0
cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
versions from (including) 7.3.3; versions up to (including) 7.3.5
cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including)
4.3.0.1; versions up to (including) 4.3.0.4
cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.6
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions
from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*
versions from (including) 8.0.2; versions up to (including) 8.0.7
cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions
from (including) 8.0.5; versions up to (including) 8.0.7
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
CVE-2019-11358
suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions
up to (excluding) 8.6.15
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up
to (excluding) 7.66
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions
up to (excluding) 8.5.15
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0;
versions up to (excluding) 1.11.9
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0;
versions up to (excluding) 1.12.6
sweety.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/sweety.jsMD5: dcf4efabdbfb081e4434649acb818b75SHA1: 899a9f6283ecb876f5521b41a6ece450f78f4263SHA256: 61f03c3425c699a908c9fd1c8de67988b84be59dea8d6854463aa6d47673b189
Evidence
Type
Source
Name
Value
Confidence
d3.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/phpunit/php-code-coverage/PHP/CodeCoverage/Report/HTML/Renderer/Template/js/d3.min.jsMD5: d733da10a25e820e0bd90a3b397a948aSHA1: 6ee01abea3702e369cba49956eef4fa47989b8c3SHA256: e164ef15edae1f1a0a1d1e3636abd098ca83929c92985d1344d1b78a2de54c9a
Evidence
Type
Source
Name
Value
Confidence
dataparse.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/dataparse.jsMD5: 17f20aa1ce729e7abb2241c1b48688e0SHA1: ed3efe1265f15e106c3bd17b4c6a8b28063e1258SHA256: ea04f950c44d265b5f602ccdbc8e719a1c55b19c345bab498f1f6cf633a1d02a
Evidence
Type
Source
Name
Value
Confidence
arrayObject.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/phpunit/phpunit/Tests/_files/JsonData/arrayObject.jsMD5: f6b2b7c421a506e737101c79a24a0c60SHA1: e946b5dfa71d2e4b0515330e72a60f32ee290d70SHA256: 7e904b5b2755ded29097937403e66953265dbbcf2975f846972a7320c547ed9a
Evidence
Type
Source
Name
Value
Confidence
gson-2.2.4.jar
Description:
Google Gson library
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/gson-2.2.4.jar
MD5: 2f54fc24807a4cad7297012dd8cebf3d
SHA1: a60a5e993c98c864010053cb901b7eab25306568
SHA256: c0328cd07ca9e363a5acd00c1cf4afe8cf554bd6d373834981ba05cebec687fb
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
gson
High
Vendor
jar
package name
gson
Low
Vendor
jar
package name
google
Highest
Vendor
jar
package name
gson
Highest
Vendor
pom
organization name
Google, Inc.
High
Vendor
Manifest
bundle-contactaddress
http://code.google.com/p/google-gson/
Low
Vendor
Manifest
bundle-requiredexecutionenvironment
J2SE-1.5
Low
Vendor
pom
name
Gson
High
Vendor
jar
package name
internal
Low
Vendor
pom
url
http://code.google.com/p/google-gson/
Highest
Vendor
jar
package name
google
Low
Vendor
pom
organization url
http://www.google.com
Medium
Vendor
Manifest
bundle-symbolicname
com.google.gson
Medium
Vendor
central
groupid
com.google.code.gson
Highest
Vendor
pom
groupid
google.code.gson
Highest
Vendor
pom
artifactid
gson
Low
Product
Manifest
Bundle-Name
Gson
Medium
Product
file
name
gson
High
Product
central
artifactid
gson
Highest
Product
jar
package name
gson
Low
Product
pom
artifactid
gson
Highest
Product
jar
package name
google
Highest
Product
jar
package name
gson
Highest
Product
pom
url
http://code.google.com/p/google-gson/
Medium
Product
pom
groupid
google.code.gson
Low
Product
Manifest
bundle-contactaddress
http://code.google.com/p/google-gson/
Low
Product
Manifest
bundle-requiredexecutionenvironment
J2SE-1.5
Low
Product
pom
name
Gson
High
Product
jar
package name
internal
Low
Product
pom
organization url
http://www.google.com
Low
Product
Manifest
bundle-symbolicname
com.google.gson
Medium
Product
pom
organization name
Google, Inc.
Low
Version
file
version
2.2.4
Highest
Version
Manifest
Bundle-Version
2.2.4
High
Version
central
version
2.2.4
Highest
Version
pom
version
2.2.4
Highest
jquery.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/apache/log4php/src/site/resources/js/jquery.min.jsMD5: db2cccefedcc741a45a582e91a5afe8dSHA1: d1e1f3f0828fa66fb5744f42bc912694e06300f9SHA256: 863cd492b5b90e6518292dd9684fa54a5485d361a229b81a85cfc08de6ce899f
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
jquery
High
Product
file
name
jquery
High
Version
file
version
1.7.1
High
Published
Vulnerabilities
CVE-2012-6708
suppress
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0
CVE-2015-9251
suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions
up to (excluding) 7.2
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
versions from (including) 8.0.0; versions up to (including) 8.0.7
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.2; versions up to (including) 8.0.6
cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*
versions up to (excluding) 7.0.0.1
cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1;
versions up to (including) 17.12
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to
(excluding) 6.1.0.4.0
cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
versions from (including) 7.3.3; versions up to (including) 7.3.5
cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including)
4.3.0.1; versions up to (including) 4.3.0.4
cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.6
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions
from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*
versions from (including) 8.0.2; versions up to (including) 8.0.7
cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions
from (including) 8.0.5; versions up to (including) 8.0.7
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
CVE-2019-11358
suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions
up to (excluding) 8.6.15
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up
to (excluding) 7.66
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions
up to (excluding) 8.5.15
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0;
versions up to (excluding) 1.11.9
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0;
versions up to (excluding) 1.12.6
sweety-template.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/templates/sweety/js/sweety-template.jsMD5: af2c3f4bc692f609a7881d7e2964af48SHA1: 44f4ecd575b892af7561e3b205fe518e18a2df5bSHA256: 0660f6d728a42c741fff36f906cd9815d416ec118dfc6429c8d9842de756b751
Evidence
Type
Source
Name
Value
Confidence
respond-1.4.2.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/respond-1.4.2.min.jsMD5: afc1984a3d17110449dc90cf22de0c27SHA1: b5aba40d65b0d6f85859db47f757ea971a0efd30SHA256: 83a8807ef669fa70d0d9375347f5552897f76c6ae8e2e6f97ef592595462d8d1
Evidence
Type
Source
Name
Value
Confidence
robospice-retrofit-1.4.14.jar
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/robospice-retrofit-1.4.14.jarMD5: 6160b9cf4ef03fce0e4ffe30c717e047SHA1: c5e93129d2df923119f8ee659b3723dd0d631d1dSHA256: e5aa4da439c0225bd45c77ac6284e30277752a694333b4c8650c3c2122f33f14
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
robospice-retrofit
High
Vendor
jar
package name
robospice
Low
Vendor
pom
artifactid
robospice-retrofit
Low
Vendor
jar
package name
android
Highest
Vendor
pom
name
Robospice - Extension Retrofit Module
High
Vendor
jar
package name
android
Low
Vendor
jar
package name
octo
Highest
Vendor
pom
groupid
octo.android.robospice
Highest
Vendor
jar
package name
octo
Low
Vendor
jar
package name
robospice
Highest
Vendor
pom
parent-groupid
com.octo.android.robospice
Medium
Vendor
pom
parent-artifactid
robospice-retrofit-parent
Low
Vendor
jar
package name
retrofit
Highest
Product
pom
parent-artifactid
robospice-retrofit-parent
Medium
Product
file
name
robospice-retrofit
High
Product
jar
package name
robospice
Low
Product
pom
groupid
octo.android.robospice
Low
Product
jar
package name
android
Highest
Product
pom
name
Robospice - Extension Retrofit Module
High
Product
jar
package name
android
Low
Product
jar
package name
octo
Highest
Product
jar
package name
persistence
Low
Product
pom
artifactid
robospice-retrofit
Highest
Product
pom
parent-groupid
com.octo.android.robospice
Low
Product
jar
package name
robospice
Highest
Product
jar
package name
retrofit
Highest
Version
pom
version
1.4.14
Highest
Version
file
version
1.4.14
Highest
google-http-client-android-1.19.0.jar
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/google-http-client-android-1.19.0.jarMD5: 1295fe8d841c2a148a91e21aa5116a2aSHA1: e3f11020c2c812112803d252d1392872d3f619c8SHA256: fa68d9bf475bd59931c8d75239092ef0962f9e0b40e0b206ae4e62056bdf2649
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
google-http-client-android
High
Vendor
Manifest
Implementation-Vendor-Id
com.google.http-client
Medium
Vendor
pom
artifactid
google-http-client-android
Low
Vendor
Manifest
Implementation-Vendor
Google
High
Vendor
pom
groupid
google.http-client
Highest
Vendor
jar
package name
api
Low
Vendor
jar
package name
google
Highest
Vendor
central
groupid
com.google.http-client
Highest
Vendor
pom
parent-groupid
com.google.http-client
Medium
Vendor
pom
parent-artifactid
google-http-client-parent
Low
Vendor
jar
package name
client
Low
Vendor
jar
package name
google
Low
Vendor
jar
package name
client
Highest
Vendor
pom
name
Android Platform Extensions to the Google HTTP Client Library for Java.
High
Product
file
name
google-http-client-android
High
Product
central
artifactid
google-http-client-android
Highest
Product
Manifest
Implementation-Title
Android Platform Extensions to the Google HTTP Client Library for Java.
High
Product
jar
package name
api
Low
Product
jar
package name
google
Highest
Product
jar
package name
extensions
Highest
Product
jar
package name
client
Low
Product
pom
groupid
google.http-client
Low
Product
jar
package name
extensions
Low
Product
pom
parent-groupid
com.google.http-client
Low
Product
pom
parent-artifactid
google-http-client-parent
Medium
Product
jar
package name
client
Highest
Product
pom
name
Android Platform Extensions to the Google HTTP Client Library for Java.
High
Product
pom
artifactid
google-http-client-android
Highest
Version
Manifest
Implementation-Version
1.19.0
High
Version
file
version
1.19.0
Highest
Version
central
version
1.19.0
Highest
Version
pom
version
1.19.0
Highest
jqplot.categoryAxisRenderer.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jqplot.categoryAxisRenderer.jsMD5: 70f86b03702f611a4d8d68daf78b7d1dSHA1: 775be787905733b352d902698ad803e3494a5175SHA256: 3957e7a5048e32459d22e4a80d545808b1e6dc6c671d07db51363ac7722ccb26
Evidence
Type
Source
Name
Value
Confidence
history.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/Amf/Slider/html-template/history/history.jsMD5: efbe3b44ed3de45a8ada2f81c3aecdecSHA1: 13e45883335cc3c5df07978f5ba5006148509cd4SHA256: cfa5c38fc1ad09ddc0b0971b21e73c3a2b3aeb4d85236c2fd5750280e79a7b86
Evidence
Type
Source
Name
Value
Confidence
Related Dependencies
history.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/ClientGenerator/Generators/AmfphpFlashClientGenerator/Template/html-template/history/history.js
MD5: efbe3b44ed3de45a8ada2f81c3aecdec
SHA1: 13e45883335cc3c5df07978f5ba5006148509cd4
SHA256: cfa5c38fc1ad09ddc0b0971b21e73c3a2b3aeb4d85236c2fd5750280e79a7b86
history.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/Amf/Coupon/html-template/history/history.js
MD5: efbe3b44ed3de45a8ada2f81c3aecdec
SHA1: 13e45883335cc3c5df07978f5ba5006148509cd4
SHA256: cfa5c38fc1ad09ddc0b0971b21e73c3a2b3aeb4d85236c2fd5750280e79a7b86
services.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/amf/services.jsMD5: c7e565bd8002d50a80024bed719aaac8SHA1: f751de6ca43732be215da73be4aaeb397513bb9bSHA256: 85b29eebde7b8757aa04688450f2f28b4ede26207782477f8c6ad57c24469e42
Evidence
Type
Source
Name
Value
Confidence
bootstrap.file-input.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/bootstrap.file-input.jsMD5: 2f6ec0cf9809aebf467e801506f2d390SHA1: 742e15c49451191e742d5df52c124ff97eb21962SHA256: df2ec24c3e1fd74c590479e5a6d3a42223151e34df74fefcd7f16686ae646e8b
Evidence
Type
Source
Name
Value
Confidence
prettify.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/apache/log4php/src/site/resources/js/prettify.min.jsMD5: 9835268d655aec46b6b4605bd986b0b1SHA1: 650b21d4b3522e971b5ebd01952cc6f4992184d3SHA256: 38a2a1336094c8eb6f85a7ff9162c78eda387268bd13a08d4c5f9f59762b5ad9
Evidence
Type
Source
Name
Value
Confidence
excanvas.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/excanvas.jsMD5: ab6c724c99499bd1572cdbc195346c75SHA1: 89fb281beea44cd77555b592252bb69a7bf9f690SHA256: 91909e1538782730c4ab6309ca79295bfb3bc4b28f648d9a8261e26ddd4d06ba
Evidence
Type
Source
Name
Value
Confidence
commons-logging-1.1.1.jar
Description:
Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/commons-logging-1.1.1.jarMD5: ed448347fc0104034aa14c8189bf37deSHA1: 5043bfebc3db072ed80fbd362e7caf00e885d8aeSHA256: ce6f913cad1f0db3aad70186d65c5bc7ffcc9a99e3fe8e0b137312819f7c362f
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
parent-groupid
org.apache.commons
Medium
Vendor
jar
package name
apache
Highest
Vendor
pom
url
http://commons.apache.org/logging
Highest
Vendor
Manifest
extension-name
org.apache.commons.logging
Medium
Vendor
Manifest
specification-vendor
Apache Software Foundation
Low
Vendor
pom
artifactid
commons-logging
Low
Vendor
pom
name
Commons Logging
High
Vendor
Manifest
Implementation-Vendor-Id
org.apache
Medium
Vendor
pom
groupid
commons-logging
Highest
Vendor
file
name
commons-logging
High
Vendor
pom
parent-artifactid
commons-parent
Low
Vendor
Manifest
Implementation-Vendor
Apache Software Foundation
High
Vendor
jar
package name
commons
Highest
Vendor
jar
package name
logging
Highest
Product
jar
package name
apache
Highest
Product
Manifest
extension-name
org.apache.commons.logging
Medium
Product
pom
name
Commons Logging
High
Product
Manifest
specification-title
Jakarta Commons Logging
Medium
Product
file
name
commons-logging
High
Product
pom
parent-groupid
org.apache.commons
Low
Product
pom
artifactid
commons-logging
Highest
Product
pom
groupid
commons-logging
Low
Product
pom
url
http://commons.apache.org/logging
Medium
Product
pom
parent-artifactid
commons-parent
Medium
Product
Manifest
Implementation-Title
Jakarta Commons Logging
High
Product
jar
package name
commons
Highest
Product
jar
package name
logging
Highest
Version
Manifest
Implementation-Version
1.1.1
High
Version
file
version
1.1.1
Highest
Version
pom
parent-version
1.1.1
Low
Version
pom
version
1.1.1
Highest
webunit.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/lib/simpletest/extensions/js/webunit.jsMD5: 446ce96b52cf406ae84fbaea9a3c7f23SHA1: f4a04e642a1b73d749545d3b119693bb2a56a06dSHA256: e9cbf24a0c9c1e0c876bebebc572e62400bbf5e05ba46c88f1de896fea3edc74
Evidence
Type
Source
Name
Value
Confidence
jquery-speakers_coaches_consultants.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/lib/simpletest/docs/simpletest.org/js/jquery-speakers_coaches_consultants.jsMD5: 3240cc94790e14310e1b888e04177fc4SHA1: a6e5dd975767a28b9614f83d41077dd6506a671bSHA256: b09119a39b8dbf31f903a10cfccff38dcc8ee842851b042c9aa8afff1b5ddc23
Evidence
Type
Source
Name
Value
Confidence
moment.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/moment.min.jsMD5: f16affba0b3c235f9023c81d55df5e1fSHA1: 4aa07f9f569861caf1d9d46a4818fcb5e6800810SHA256: f20b251189e476e544eb66bfdf4ddace0531af67ace628226e3bde5ff408599f
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
moment.js
High
Product
file
name
moment.js
High
Version
file
version
2.8.3
High
Published
Vulnerabilities
reDOS - regular expression denial of service (RETIREJS)
suppress
reDOS - regular expression denial of service
$vuln.cwes.toString()
References:
httpclient-4.0.1.jar
Description:
HttpComponents Client (base module)
License:
Apache License: ../LICENSE.txt
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/httpclient-4.0.1.jar
MD5: 9ca98774860101c06ca9010efd6224a1
SHA1: 1d7d28fa738bdbfe4fbd895d9486308999bdf440
SHA256: 752596ebdc7c9ae5d9a655de3bb06d078734679a9de23321dbf284ee44563c03
Evidence
Type
Source
Name
Value
Confidence
Vendor
Manifest
url
http://hc.apache.org/httpcomponents-client
Low
Vendor
pom
artifactid
httpclient
Low
Vendor
jar
package name
apache
Highest
Vendor
Manifest
specification-vendor
The Apache Software Foundation
Low
Vendor
pom
parent-artifactid
httpcomponents-client
Low
Vendor
pom
parent-groupid
org.apache.httpcomponents
Medium
Vendor
pom
groupid
apache.httpcomponents
Highest
Vendor
Manifest
Implementation-Vendor-Id
org.apache
Medium
Vendor
Manifest
Implementation-Vendor
The Apache Software Foundation
High
Vendor
pom
name
HttpClient
High
Vendor
pom
url
http://hc.apache.org/httpcomponents-client
Highest
Vendor
jar
package name
httpclient
Highest
Vendor
file
name
httpclient
High
Vendor
jar
package name
client
Highest
Product
Manifest
specification-title
HttpComponents HttpClient
Medium
Product
Manifest
url
http://hc.apache.org/httpcomponents-client
Low
Product
pom
parent-artifactid
httpcomponents-client
Medium
Product
Manifest
Implementation-Title
HttpComponents HttpClient
High
Product
jar
package name
apache
Highest
Product
pom
parent-groupid
org.apache.httpcomponents
Low
Product
pom
url
http://hc.apache.org/httpcomponents-client
Medium
Product
pom
artifactid
httpclient
Highest
Product
pom
name
HttpClient
High
Product
jar
package name
http
Highest
Product
jar
package name
httpclient
Highest
Product
file
name
httpclient
High
Product
jar
package name
client
Highest
Product
pom
groupid
apache.httpcomponents
Low
Version
Manifest
Implementation-Version
4.0.1
High
Version
pom
version
4.0.1
Highest
Version
file
version
4.0.1
Highest
Published
Vulnerabilities
CVE-2011-1498
suppress
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
CWE-200 Information Exposure
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
References:
Vulnerable Software & Versions: (show
all )
CVE-2014-3577
suppress
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field. <a href="http://cwe.mitre.org/data/definitions/297.html" rel="nofollow">CWE-297: Improper Validation of Certificate with Host Mismatch</a>
NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
References:
Vulnerable Software & Versions: (show
all )
CVE-2015-5262 (OSSINDEX)
suppress
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
null
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.apache.httpcomponents:httpclient:4.0.1:*:*:*:*:*:*:*
knockout.localStorage.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/knockout.localStorage.jsMD5: da1c714aa3061329efba5cae4a087018SHA1: 94e7ed294019681c5b1ab2b5eda7f9323f57e8daSHA256: 82da7d50dc65c6ca538a14eba95e77a8e7b093fc4173410ab34dd72b4bb2b93e
Evidence
Type
Source
Name
Value
Confidence
robospice-1.4.14.jar
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/robospice-1.4.14.jarMD5: 10d820cb9c6515cb20b2ea6959e6b01bSHA1: fffe1563473feb2f956608554d3e97ad805914a7SHA256: 32f2e9ea56d74e6b7d7a11b25ca694b37c872628af3d1dfb92237f954df162dc
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
artifactid
robospice
Low
Vendor
jar
package name
robospice
Low
Vendor
file
name
robospice
High
Vendor
jar
package name
android
Highest
Vendor
pom
name
Robospice - Core
High
Vendor
jar
package name
android
Low
Vendor
jar
package name
octo
Highest
Vendor
pom
groupid
octo.android.robospice
Highest
Vendor
jar
package name
octo
Low
Vendor
jar
package name
robospice
Highest
Vendor
pom
parent-groupid
com.octo.android.robospice
Medium
Vendor
pom
parent-artifactid
robospice-core-parent
Low
Product
jar
package name
robospice
Low
Product
pom
parent-groupid
com.octo.android.robospice
Low
Product
file
name
robospice
High
Product
pom
groupid
octo.android.robospice
Low
Product
jar
package name
android
Highest
Product
jar
package name
robospice
Highest
Product
pom
name
Robospice - Core
High
Product
jar
package name
android
Low
Product
jar
package name
octo
Highest
Product
pom
artifactid
robospice
Highest
Product
pom
parent-artifactid
robospice-core-parent
Medium
Version
pom
version
1.4.14
Highest
Version
file
version
1.4.14
Highest
XMLWriter.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/XMLWriter.jsMD5: 76598231ce3f7e221c650f73d49f7bfeSHA1: a4bb7bac65b28cd24814b67efa51265a31213530SHA256: ef5546bc55ee156c684a06ae760daeb019371a66022f758d2d5671f16e4467f1
Evidence
Type
Source
Name
Value
Confidence
swfobject.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/ClientGenerator/Generators/AmfphpFlexClientGenerator/Template/html-template/swfobject.jsMD5: 34f352f573084aa648f2d2330b32ec4bSHA1: 2f29da0ca9173f6581e6d7d45c4f0d9c227d6cebSHA256: de375ce355e9e926b96d7532ba4287aba7a4fd4267b9e17c84ea8f990a1c7ab9
Evidence
Type
Source
Name
Value
Confidence
converter-jackson-1.6.1.jar
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/converter-jackson-1.6.1.jarMD5: 9425e1b90b6e42ff56e2037809cc6927SHA1: 69b73fb5c75ba80d44fb2db6ebe8168a4f5f74c9SHA256: f4bac0fa3cc76e0738ae8c7c05ddc4a64d0be6fc2cc175c0ba74b088e5e1a2b4
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
parent-groupid
com.squareup.retrofit
Medium
Vendor
pom
parent-artifactid
retrofit-converters
Low
Vendor
pom
artifactid
converter-jackson
Low
Vendor
jar
package name
converter
Low
Vendor
jar
package name
retrofit
Low
Vendor
file
name
converter-jackson
High
Vendor
pom
groupid
squareup.retrofit
Highest
Vendor
pom
name
Converter: Jackson
High
Vendor
jar
package name
retrofit
Highest
Vendor
jar
package name
converter
Highest
Product
pom
artifactid
converter-jackson
Highest
Product
jar
package name
converter
Low
Product
file
name
converter-jackson
High
Product
pom
parent-groupid
com.squareup.retrofit
Low
Product
pom
parent-artifactid
retrofit-converters
Medium
Product
pom
name
Converter: Jackson
High
Product
pom
groupid
squareup.retrofit
Low
Product
jar
package name
jacksonconverter
Low
Product
jar
package name
retrofit
Highest
Product
jar
package name
converter
Highest
Version
pom
version
1.6.1
Highest
Version
file
version
1.6.1
Highest
sb-admin-2.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/sb-admin-2.jsMD5: 9e682ba4c9a0fb564f5beb99f3fa2d84SHA1: a7e9cab3ece7aab946a61d86df18f2b228af9ccaSHA256: 4b293cf54536a5921f8f5e444e523760877c35cbd07c45be8d207189179500b6
Evidence
Type
Source
Name
Value
Confidence
robospice-google-http-client-1.4.14.jar
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/robospice-google-http-client-1.4.14.jarMD5: 943bfa4a2f91a0a4d0d0e33ba27edfd4SHA1: ba94c1a2a25bf4ba2d4e2d3ae694ff9fc4acfddbSHA256: d2ffa68a3d89c8965d215c5e13f4d03e5b2ef96922d1b56a483c775a9a8ea858
Evidence
Type
Source
Name
Value
Confidence
Vendor
jar
package name
robospice
Low
Vendor
file
name
robospice-google-http-client
High
Vendor
pom
name
Robospice - Extension Google Htpp Java Client Module
High
Vendor
jar
package name
android
Highest
Vendor
pom
parent-artifactid
robospice-google-http-client-parent
Low
Vendor
jar
package name
android
Low
Vendor
jar
package name
octo
Highest
Vendor
pom
groupid
octo.android.robospice
Highest
Vendor
jar
package name
octo
Low
Vendor
jar
package name
robospice
Highest
Vendor
pom
parent-groupid
com.octo.android.robospice
Medium
Vendor
pom
artifactid
robospice-google-http-client
Low
Product
jar
package name
robospice
Low
Product
file
name
robospice-google-http-client
High
Product
pom
name
Robospice - Extension Google Htpp Java Client Module
High
Product
pom
groupid
octo.android.robospice
Low
Product
jar
package name
android
Highest
Product
pom
artifactid
robospice-google-http-client
Highest
Product
jar
package name
android
Low
Product
jar
package name
octo
Highest
Product
pom
parent-artifactid
robospice-google-http-client-parent
Medium
Product
jar
package name
persistence
Low
Product
pom
parent-groupid
com.octo.android.robospice
Low
Product
jar
package name
robospice
Highest
Version
pom
version
1.4.14
Highest
Version
file
version
1.4.14
Highest
retrofit-1.6.1.jar
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/retrofit-1.6.1.jarMD5: 4cebb7ed788b3658344edfaf9fba8bbeSHA1: efb0a36546aa8857ab8df358b106c1817e03cbeeSHA256: a869da688eb73e6d174d196ec94a43f01df68c93d979afa2bddc526dffdad617
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
parent-groupid
com.squareup.retrofit
Medium
Vendor
pom
parent-artifactid
parent
Low
Vendor
pom
name
Retrofit
High
Vendor
file
name
retrofit
High
Vendor
jar
package name
retrofit
Low
Vendor
pom
groupid
squareup.retrofit
Highest
Vendor
pom
artifactid
retrofit
Low
Vendor
jar
package name
retrofit
Highest
Product
pom
name
Retrofit
High
Product
file
name
retrofit
High
Product
pom
artifactid
retrofit
Highest
Product
pom
parent-groupid
com.squareup.retrofit
Low
Product
pom
parent-artifactid
parent
Medium
Product
pom
groupid
squareup.retrofit
Low
Product
jar
package name
retrofit
Highest
Version
pom
version
1.6.1
Highest
Version
file
version
1.6.1
Highest
knockout-2.2.1.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/knockout-2.2.1.jsMD5: 8764a417a2bc3ea8abd0e7fb7153bf00SHA1: 23a818cc0126a80f730d2a49b0393594e8f68dbfSHA256: 2881daa4ad6d8166824a0903fd71e39a870838acfbdd10ced0c5db6c12b23e73
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
knockout
High
Product
file
name
knockout
High
Version
file
version
2.2.1
High
Published
Vulnerabilities
XSS injection point in attr name binding for browser IE7 and older (RETIREJS)
suppress
XSS injection point in attr name binding for browser IE7 and older
$vuln.cwes.toString()
References:
jquery.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/phpunit/php-code-coverage/PHP/CodeCoverage/Report/HTML/Renderer/Template/js/jquery.min.jsMD5: 397754ba49e9e0cf4e7c190da78dda05SHA1: ae49e56999d82802727455f0ba83b63acd90a22bSHA256: c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
jquery
High
Product
file
name
jquery
High
Version
file
version
1.9.1
High
Published
Vulnerabilities
CVE-2015-9251
suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions
up to (excluding) 7.2
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
versions from (including) 8.0.0; versions up to (including) 8.0.7
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.2; versions up to (including) 8.0.6
cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*
versions up to (excluding) 7.0.0.1
cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1;
versions up to (including) 17.12
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to
(excluding) 6.1.0.4.0
cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
versions from (including) 7.3.3; versions up to (including) 7.3.5
cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including)
4.3.0.1; versions up to (including) 4.3.0.4
cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.6
cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions
from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*
versions from (including) 8.0.2; versions up to (including) 8.0.7
cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*
versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions
from (including) 8.0.5; versions up to (including) 8.0.7
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
CVE-2019-11358
suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (6.1)
Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions
up to (excluding) 8.6.15
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up
to (excluding) 7.66
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions
up to (excluding) 8.5.15
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0;
versions up to (excluding) 1.11.9
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0;
versions up to (excluding) 1.12.6
jquery.heartbeat.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/lib/simpletest/docs/simpletest.org/js/jquery.heartbeat.jsMD5: b4172c0601a9b2f5119c6ae21cf3e26eSHA1: 343db593c12ff105c8013f879ead28deb385c90aSHA256: 13d963e6776a16db03d7e8af4b1a466bac7af442c4b4bc0f14baf018cdd2205a
Evidence
Type
Source
Name
Value
Confidence
jqplot.pointLabels.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jqplot.pointLabels.jsMD5: 0050c1b78c2fee5ab9fc2a546391f943SHA1: e8ec8758c5af7356e97d61f49a29ae9b839a5157SHA256: 459ecb909f46a92676eae36d54c377b1e5d5cd3e994f9d6422760477d8c1f416
Evidence
Type
Source
Name
Value
Confidence
vuln-config.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/vuln-config.jsMD5: 2188048c41649710bfbe3ffe7934c590SHA1: 808071941c86406385d02db62b771dc91a231bcfSHA256: 66eaf014cfd88215e34e5a1c9cefaa5fbb4cb2ec64f695b3671c9d64a46cb10c
Evidence
Type
Source
Name
Value
Confidence
services.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/ClientGenerator/Generators/AmfphpHtmlClientGenerator/Template/js/services.jsMD5: 4741896cebcd3222f6e80f4239bd9691SHA1: 4f5f581e67f98498b6dd369d53664772f3cf9cc0SHA256: 9c4131084a4ce33fb0a0929cee0a45c89c4f7bcafd0ba6bf03489ebb671def76
Evidence
Type
Source
Name
Value
Confidence
ladda.jquery.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/ladda.jquery.min.jsMD5: 7e8d620c851ec3d1a364b386db0c9c6aSHA1: 1df38951fe730a210ca9cb1e4121e70a5a112d74SHA256: 6e4e96cdcdef3683298b64c35d87da0fc798fca2a30a315e7d677c44ab7a570e
Evidence
Type
Source
Name
Value
Confidence
html5shiv.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/html5shiv.jsMD5: 0ce8f355891c26c28f057e195e97dcd5SHA1: 3c7b369485cadd585d24be44701e459c8aa54d60SHA256: 8c7a9c0470563367ab00307b4fb9bb3052d0a27f0b94e63b9dc0bb8c369449cb
Evidence
Type
Source
Name
Value
Confidence
knockout-templates.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/knockout-templates.jsMD5: c27b730ddb163a1e886d0507c38d58e9SHA1: 45532d63da5eb0c2eaee59f671fe26868c05ef36SHA256: f9773ea5cf0bbe4b160728350e62999e65e161c529bd31977f0c4b8789eae8c6
Evidence
Type
Source
Name
Value
Confidence
jquery.cookie.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/jquery.cookie.jsMD5: 0eb32a0a58982840fc8f0b53a7ee1224SHA1: 158120911e555326bd8126db9fe1f6be61b5172eSHA256: 1c2dff01e473387c0158848ca8b8a3f4da7d206f19861a1be78f9fa20fb55f82
Evidence
Type
Source
Name
Value
Confidence
respond.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/respond.min.jsMD5: 55a3bdb2caf10ab1336c6a0def7a9c75SHA1: 40299c750bdc8ca083be8dcdc1dc782602465e38SHA256: 7658e0345d9717b9e1b314d7abaf38092f49659fd3816546fd837d4c3ba04572
Evidence
Type
Source
Name
Value
Confidence
google-http-client-1.19.0.jar
Description:
Google HTTP Client Library for Java. Functionality that works on all supported Java platforms,
including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/google-http-client-1.19.0.jarMD5: 1a306bb0bf74c9d991457723c0f8b3bfSHA1: cdca49ad0977c040f603478aa2e16b2775c8fec6SHA256: aa70d0384697f8d674ddc483b07ea3ae5821373e6393a861a3a3db786b9718b9
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
google-http-client
High
Vendor
Manifest
Implementation-Vendor-Id
com.google.http-client
Medium
Vendor
Manifest
Implementation-Vendor
Google
High
Vendor
pom
artifactid
google-http-client
Low
Vendor
pom
groupid
google.http-client
Highest
Vendor
jar
package name
api
Low
Vendor
jar
package name
google
Highest
Vendor
jar
package name
http
Highest
Vendor
central
groupid
com.google.http-client
Highest
Vendor
pom
parent-groupid
com.google.http-client
Medium
Vendor
pom
parent-artifactid
google-http-client-parent
Low
Vendor
jar
package name
client
Low
Vendor
jar
package name
google
Low
Vendor
pom
name
Google HTTP Client Library for Java
High
Vendor
jar
package name
client
Highest
Product
central
artifactid
google-http-client
Highest
Product
file
name
google-http-client
High
Product
Manifest
Implementation-Title
Google HTTP Client Library for Java
High
Product
jar
package name
api
Low
Product
jar
package name
google
Highest
Product
jar
package name
http
Highest
Product
pom
artifactid
google-http-client
Highest
Product
jar
package name
client
Low
Product
pom
groupid
google.http-client
Low
Product
pom
parent-groupid
com.google.http-client
Low
Product
pom
parent-artifactid
google-http-client-parent
Medium
Product
pom
name
Google HTTP Client Library for Java
High
Product
jar
package name
client
Highest
Version
Manifest
Implementation-Version
1.19.0
High
Version
file
version
1.19.0
Highest
Version
central
version
1.19.0
Highest
Version
pom
version
1.19.0
Highest
account.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/account.jsMD5: a7349cfd9820c6d46ba58988e731d646SHA1: 221b0b869ce2cbf736cb34c5b3db120faa0a236dSHA256: 941515e869c911ba5a2f4d794915d63c00ccfd0e9bf7f9808eae28512ce33191
Evidence
Type
Source
Name
Value
Confidence
json2.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/ClientGenerator/Generators/AmfphpHtmlClientGenerator/Template/js/json2.jsMD5: 74d903049683e5bbea9ccb7544a42bcaSHA1: c5909e0dbbbb8591eae3c099a3186d985c37e365SHA256: 356614d2260c69b92680d59e99601dcd5e068f761756f22fb959b5562b9a7d62
Evidence
Type
Source
Name
Value
Confidence
helpdesk.nocache.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/helpdesk/helpdesk.nocache.jsMD5: fc03999f02df2942d2a4003c9d7aaf1fSHA1: ca823d24c487b9de82f6507f502e2dfbb1a8e9feSHA256: 50a263d5ac4cc3c90082765849ebc26adce01082927c097ad2dbf1a538efbd4e
Evidence
Type
Source
Name
Value
Confidence
nv.d3.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/phpunit/php-code-coverage/PHP/CodeCoverage/Report/HTML/Renderer/Template/js/nv.d3.min.jsMD5: 19e7c03cc4d1fbe325d3923d2296e819SHA1: 10b95ab83ececca92733b6882c7ee7eb9b06a60aSHA256: 51c42577a2e05c84d85732bdd087bca0e9eb253a4aa654201db103d2a18c230d
Evidence
Type
Source
Name
Value
Confidence
bootstrap-dropdown.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/bootstrap-dropdown.jsMD5: 41061a37d74c54ad0e3fec031005fcb8SHA1: 93e2f48c7e9c195c707eed2de47b8305765c6ab0SHA256: 9fa5384245426480b7e3c169a2e0fc1e7d99aa4fe875c392e07bbc8d15ac93da
Evidence
Type
Source
Name
Value
Confidence
performanceCharting.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/performanceCharting.jsMD5: 275cb76b732f4eeeb920acad80430ce9SHA1: 0b552c0927745c5deafd8cb82977e8b693cdc9eaSHA256: b44d0f85d7d1e6615c36052ac468dc9b9e57bd243a954bbdf0ec2bd97f96987e
Evidence
Type
Source
Name
Value
Confidence
jquery.nivo.slider.pack.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery.nivo.slider.pack.jsMD5: 086d3d4df87884cc37aaa61761e82269SHA1: 91ae92528af17a06f6aa71b1293f4775484f43ceSHA256: ad01f20b73510f213d68547e96ec5c90572fa1e40a1d1d3cf1f27b241d8d0d2d
Evidence
Type
Source
Name
Value
Confidence
okhttp-1.6.0.jar
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/okhttp-1.6.0.jarMD5: 7012da9f5b744d9b0e19f495c0ff0855SHA1: e32c6b4bee8b61f0de12b337c48df0f5df8cacccSHA256: ad8245091c081df233533af7b7b1291a6db88ea4dc8aa476e8df8f47b80d8981
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
name
OkHttp
High
Vendor
pom
parent-artifactid
parent
Low
Vendor
pom
groupid
squareup.okhttp
Highest
Vendor
jar
package name
squareup
Highest
Vendor
pom
artifactid
okhttp
Low
Vendor
jar
package name
squareup
Low
Vendor
jar
package name
internal
Low
Vendor
pom
parent-groupid
com.squareup.okhttp
Medium
Vendor
jar
package name
okhttp
Low
Vendor
jar
package name
okhttp
Highest
Vendor
file
name
okhttp
High
Product
pom
name
OkHttp
High
Product
pom
artifactid
okhttp
Highest
Product
jar
package name
squareup
Highest
Product
jar
package name
internal
Low
Product
pom
parent-groupid
com.squareup.okhttp
Low
Product
pom
parent-artifactid
parent
Medium
Product
jar
package name
okhttp
Low
Product
pom
groupid
squareup.okhttp
Low
Product
jar
package name
okhttp
Highest
Product
file
name
okhttp
High
Version
pom
version
1.6.0
Highest
Version
file
version
1.6.0
Highest
Related Dependencies
okhttp-urlconnection-1.6.0.jar
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/okhttp-urlconnection-1.6.0.jar
MD5: 29dde70fdc9f66b27a501785295898ca
SHA1: 375c2206eb7e52976955d0f8737be5e0ec9cf667
SHA256: b75f580bfb4574b2bd0ef2c90b4465b2ac3745eff13d3379a8dfd45a3fa2c653
pkg:maven/com.squareup.okhttp/okhttp-urlconnection@1.6.0
Published
Vulnerabilities
CVE-2016-2402
suppress
OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.
CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
Base Score: MEDIUM (5.9)
Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
Vulnerable Software & Versions: (show
all )
jquery.sparkline.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/lib/simpletest/docs/simpletest.org/js/jquery.sparkline.jsMD5: 5dd0c5160bc61f966731f7372be48b40SHA1: dd7240ad379514bc673d3f95c39a58eaedea3501SHA256: 2b7da246cd3e22addc5b2a5c0d0c9f5b6b39574365d4855ace930dbd818eab98
Evidence
Type
Source
Name
Value
Confidence
jquery-migrate-1.2.1.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/jquery-migrate-1.2.1.jsMD5: 7d87ce904ab76326bff3147c72a45b2aSHA1: b5a7a40ada6f87047f00e95915356aff82cb0959SHA256: 58564bc237b683f482c3a82def059f27b2be41109d237d7a2380074b5b4f22be
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
jquery-migrate
High
Product
file
name
jquery-migrate
High
Version
file
version
1.2.1
High
Published
Vulnerabilities
jquery-migrate bug: 11290 (RETIREJS)
suppress
Selector interpreted as HTML
$vuln.cwes.toString()
References:
ace.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/ace/ace.jsMD5: a5a4ac9e7d4aa9bc479c9d2b72c81c4dSHA1: 962158027c6eecfcf43a9a55ac42433dd942e861SHA256: 7765d79685f166703295c0fba81c4d50e18a082877d8e1db3fecb30b4ec6dea3
Evidence
Type
Source
Name
Value
Confidence
robospice-okhttp-1.4.14.jar
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/robospice-okhttp-1.4.14.jarMD5: 6e87916d19a1dd97841e7da223b8fadcSHA1: ba9cdcf32fc21de16afebfc5411425284923e0cdSHA256: 2d5ef4ccaf4c7039f6834a94d713d189c29d74c4945db2a146e6afb411e5f2e9
Evidence
Type
Source
Name
Value
Confidence
Vendor
jar
package name
robospice
Low
Vendor
pom
name
Robospice - Extension OkHttp Module
High
Vendor
jar
package name
android
Highest
Vendor
pom
artifactid
robospice-okhttp
Low
Vendor
jar
package name
android
Low
Vendor
jar
package name
octo
Highest
Vendor
pom
parent-artifactid
robospice-okhttp-parent
Low
Vendor
jar
package name
okhttp
Highest
Vendor
pom
groupid
octo.android.robospice
Highest
Vendor
jar
package name
octo
Low
Vendor
jar
package name
robospice
Highest
Vendor
pom
parent-groupid
com.octo.android.robospice
Medium
Vendor
file
name
robospice-okhttp
High
Product
jar
package name
robospice
Low
Product
pom
name
Robospice - Extension OkHttp Module
High
Product
jar
package name
request
Low
Product
pom
artifactid
robospice-okhttp
Highest
Product
pom
groupid
octo.android.robospice
Low
Product
jar
package name
android
Highest
Product
jar
package name
android
Low
Product
jar
package name
octo
Highest
Product
jar
package name
okhttp
Highest
Product
pom
parent-artifactid
robospice-okhttp-parent
Medium
Product
pom
parent-groupid
com.octo.android.robospice
Low
Product
jar
package name
robospice
Highest
Product
file
name
robospice-okhttp
High
Version
pom
version
1.4.14
Highest
Version
file
version
1.4.14
Highest
x.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/vendor/swiftmailer/swiftmailer/test-suite/lib/simpletest/extensions/js/x.jsMD5: d23f58b9b98b778aac7248e31a28b9f8SHA1: edea13f7b8bb0244ef8388c2173ed68b0dbd766fSHA256: cc3c5341fea3608f2696b5fcb576ff2cc9462ccaa54e220aef3ce386e96856a2
Evidence
Type
Source
Name
Value
Confidence
jquery.dataTables.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/plugins/dataTables/jquery.dataTables.jsMD5: 65cc28256b5e81d346875a83357b29e3SHA1: ef9c92a327bb19de40133bc6706c23ee1bfe65bdSHA256: 11780306b1ae75f0f8338e6710f99a328b4cb9300bc7f73a1bac836dfc1653d1
Evidence
Type
Source
Name
Value
Confidence
amfphp_updates.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/amf_back_office/js/amfphp_updates.jsMD5: cb667340ad003ea17e92702ba6a3efdaSHA1: 5226551fa7b078b906474a80441b4f46fb74f8e7SHA256: 98d0199342ea843d5918af85e94ff2ae55010b545ba4cc877db0846a725c5c5d
Evidence
Type
Source
Name
Value
Confidence
ladda.min.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/ladda.min.jsMD5: 0cd0463d5b87e8303302d362f6e4cbf9SHA1: 7fc897bedc6e1ade0bf858a42106f644e798fe01SHA256: 15eeab0be27290f42d792634296412da4d828278435376c66b5ee17557f4f8fa
Evidence
Type
Source
Name
Value
Confidence
robospice-cache-1.4.14.jar
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/subprojects/android/hackazon/jars/robospice-cache-1.4.14.jarMD5: 59a084117d36896543b8782632369164SHA1: 1a13bea0b3ae105c44cb6be7fc76b6d36098faf5SHA256: 9dfeec4e0574e266b2ab693bd05611c1162678feff909a689f99cb02bba936fa
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
parent-artifactid
robospice-cache-parent
Low
Vendor
jar
package name
robospice
Low
Vendor
jar
package name
android
Highest
Vendor
pom
artifactid
robospice-cache
Low
Vendor
jar
package name
android
Low
Vendor
jar
package name
octo
Highest
Vendor
pom
groupid
octo.android.robospice
Highest
Vendor
pom
name
Robospice - Persistence Module
High
Vendor
file
name
robospice-cache
High
Vendor
jar
package name
octo
Low
Vendor
jar
package name
robospice
Highest
Vendor
pom
parent-groupid
com.octo.android.robospice
Medium
Vendor
jar
package name
persistence
Highest
Product
jar
package name
robospice
Low
Product
pom
groupid
octo.android.robospice
Low
Product
jar
package name
android
Highest
Product
pom
parent-artifactid
robospice-cache-parent
Medium
Product
jar
package name
android
Low
Product
jar
package name
octo
Highest
Product
jar
package name
persistence
Low
Product
pom
name
Robospice - Persistence Module
High
Product
file
name
robospice-cache
High
Product
pom
parent-groupid
com.octo.android.robospice
Low
Product
jar
package name
robospice
Highest
Product
jar
package name
persistence
Highest
Product
pom
artifactid
robospice-cache
Highest
Version
pom
version
1.4.14
Highest
Version
file
version
1.4.14
Highest
site.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/site.jsMD5: 43e5a4d5877933d7b1f01ac6423920c2SHA1: 94b3b58c73cb95c3374d5a4bc5c3bbab95588454SHA256: 700f3082d2472beb0bbefbddb817cfd7ac436b4518ca3693598fd02cfe933f25
Evidence
Type
Source
Name
Value
Confidence
ekko-lightbox.js
File Path: /var/jenkins_home/workspace/owasp-dependency-check-hackazon/hackazon/web/js/ekko-lightbox.jsMD5: 75ed92a66f0c0614c32ae85aaf6e1d42SHA1: d906c974a77d8989eb5727299f1e181c6a18c847SHA256: 4442c0516a85d2af449febb8217183b1503b4f6f511fc130691763e03cdcc6d6
Evidence
Type
Source
Name
Value
Confidence