Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 12.1.3
Report Generated On: Mon, 1 Sep 2025 03:18:27 GMT
Dependencies Scanned: 25 (19 unique)
Vulnerable Dependencies: 1
Vulnerabilities Found: 1
Vulnerabilities Suppressed: 0
...
NVD API Last Checked: 2025-09-01T03:18:00Z
NVD API Last Modified: 2025-08-31T04:15:55Z

Summary

Summary of Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Highest Severity	CVE Count	Confidence	Evidence Count
bw-base-2.0.0.jar		pkg:maven/org.bedework/bw-base@2.0.0		0		42
bw-util-config-6.0.0.jar		pkg:maven/org.bedework/bw-util-config@6.0.0		0		44
bw-util-jmx-6.0.0.jar		pkg:maven/org.bedework/bw-util-jmx@6.0.0		0		44
bw-util-logging-6.0.0.jar		pkg:maven/org.bedework/bw-util-logging@6.0.0		0		44
bw-util-misc-6.0.0.jar	cpe:2.3:a:utils_project:utils:6.0.0:::::::*	pkg:maven/org.bedework/bw-util-misc@6.0.0		0	Low	44
bw-util-xml-6.0.0.jar		pkg:maven/org.bedework/bw-util-xml@6.0.0		0		44
commons-lang3-3.17.0.jar	cpe:2.3:a:apache:commons_lang:3.17.0:::::::*	pkg:maven/org.apache.commons/commons-lang3@3.17.0	MEDIUM	1	Highest	145
commons-pool2-2.9.0.jar		pkg:maven/org.apache.commons/commons-pool2@2.9.0		0		88
commons-text-1.13.0.jar	cpe:2.3:a:apache:commons_text:1.13.0:::::::*	pkg:maven/org.apache.commons/commons-text@1.13.0		0	Highest	73
jackson-annotations-2.18.2.jar	cpe:2.3:a:fasterxml:jackson-modules-java8:2.18.2:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.18.2		0	Low	38
jakarta.annotation-api-3.0.0.jar	cpe:2.3:a:oracle:projects:3.0.0:::::::*	pkg:maven/jakarta.annotation/jakarta.annotation-api@3.0.0		0	Low	42
jakarta.jms-api-3.1.0.jar		pkg:maven/jakarta.jms/jakarta.jms-api@3.1.0		0		35
jakarta.persistence-api-3.1.0.jar		pkg:maven/jakarta.persistence/jakarta.persistence-api@3.1.0		0		40
jakarta.transaction-api-2.0.1.jar	cpe:2.3:a:oracle:projects:2.0.1:::::::*	pkg:maven/jakarta.transaction/jakarta.transaction-api@2.0.1		0	Low	50
openjpa-4.1.1.jar (shaded: org.apache.openjpa:openjpa-kernel:4.1.1)	cpe:2.3:a:apache:openjpa:4.1.1:::::::*	pkg:maven/org.apache.openjpa/openjpa-kernel@4.1.1		0	Highest	9
openjpa-4.1.1.jar	cpe:2.3:a:apache:openjpa:4.1.1:::::::*	pkg:maven/org.apache.openjpa/openjpa@4.1.1		0	Highest	36
org.bedework.database:bw-db:6.1.0-SNAPSHOT		pkg:maven/org.bedework.database/bw-db@6.1.0-SNAPSHOT		0		6
org.bedework.database:bw-jpa:6.1.0-SNAPSHOT		pkg:maven/org.bedework.database/bw-jpa@6.1.0-SNAPSHOT		0		6
xbean-asm9-shaded-4.20.jar		pkg:maven/org.apache.xbean/xbean-asm9-shaded@4.20		0		28

Dependencies (vulnerable)

bw-base-2.0.0.jar

Description:

This project provides base classes, types and methods

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/bedework/bw-base/2.0.0/bw-base-2.0.0.jar
MD5: 0480624145ad4fc5daeba898b7132099
SHA1: b24b7279e0475bb3c8c84e37af400ad87877c955
SHA256:10d27642e3bf1f2f4f85320293b5041b7e34cba02cc2656f29e79f75cee97cc5
Referenced In Projects/Scopes:

Bedework: database orm independent modules:compile
Bedework: database hibernate modules:compile
Bedework: openjpa utility:compile
Bedework: jpa utility:compile

pkg:maven/org.bedework.database/bw-db@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-hibernate@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-db@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-db@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bw-base	High
Vendor	jar	package name	base	Highest
Vendor	jar	package name	bedework	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	implementation-url	https://github.com/Bedework/bw-base	Low
Vendor	Manifest	Implementation-Vendor	Bedework	High
Vendor	Manifest	os-arch	x86_64	Low
Vendor	Manifest	os-name	Mac OS X	Medium
Vendor	Manifest	specification-vendor	Bedework	Low
Vendor	pom	artifactid	bw-base	Highest
Vendor	pom	artifactid	bw-base	Low
Vendor	pom	developer name	Arlen Johnson	Medium
Vendor	pom	developer name	Mike Douglass	Medium
Vendor	pom	developer org	Bedework Commercial Services	Medium
Vendor	pom	developer org	Spherical Cow Group	Medium
Vendor	pom	developer org URL	http://sphericalcowgroup.com/	Medium
Vendor	pom	developer org URL	https://bedework.com/	Medium
Vendor	pom	groupid	org.bedework	Highest
Vendor	pom	name	Bedework: base classes	High
Vendor	pom	url	Bedework/bw-base	Highest
Product	file	name	bw-base	High
Product	jar	package name	base	Highest
Product	jar	package name	bedework	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Bedework: base classes	High
Product	Manifest	implementation-url	https://github.com/Bedework/bw-base	Low
Product	Manifest	os-arch	x86_64	Low
Product	Manifest	os-name	Mac OS X	Medium
Product	Manifest	specification-title	Bedework: base classes	Medium
Product	pom	artifactid	bw-base	Highest
Product	pom	developer name	Arlen Johnson	Low
Product	pom	developer name	Mike Douglass	Low
Product	pom	developer org	Bedework Commercial Services	Low
Product	pom	developer org	Spherical Cow Group	Low
Product	pom	developer org URL	http://sphericalcowgroup.com/	Low
Product	pom	developer org URL	https://bedework.com/	Low
Product	pom	groupid	org.bedework	Highest
Product	pom	name	Bedework: base classes	High
Product	pom	url	Bedework/bw-base	High
Version	file	version	2.0.0	High
Version	Manifest	Implementation-Version	2.0.0	High
Version	pom	version	2.0.0	Highest

Identifiers

pkg:maven/org.bedework/bw-base@2.0.0 (Confidence:High)

bw-util-config-6.0.0.jar

Description:

This project provides a number of utility configuration classes and methods

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/bedework/bw-util-config/6.0.0/bw-util-config-6.0.0.jar
MD5: 974d4ee4953df439fc3753869cc469da
SHA1: c1f787f23f0c5028280a457d0709418ea332fe09
SHA256:97ee0ce50094f85f881d63fb423dfb7ae1973843ac6028f0488860394553aa60
Referenced In Projects/Scopes:

Bedework: database hibernate modules:compile
Bedework: openjpa utility:compile
Bedework: jpa utility:compile

pkg:maven/org.bedework.database/bw-jpa@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-hibernate@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-openjpa@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bw-util-config	High
Vendor	jar	package name	bedework	Highest
Vendor	jar	package name	config	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	implementation-url	https://github.com/Bedework/bw-util-conf/bw-util-config	Low
Vendor	Manifest	Implementation-Vendor	Bedework	High
Vendor	Manifest	os-arch	x86_64	Low
Vendor	Manifest	os-name	Mac OS X	Medium
Vendor	Manifest	specification-vendor	Bedework	Low
Vendor	pom	artifactid	bw-util-config	Highest
Vendor	pom	artifactid	bw-util-config	Low
Vendor	pom	developer name	Arlen Johnson	Medium
Vendor	pom	developer name	Mike Douglass	Medium
Vendor	pom	developer org	Bedework Commercial Services	Medium
Vendor	pom	developer org	Spherical Cow Group	Medium
Vendor	pom	developer org URL	http://sphericalcowgroup.com/	Medium
Vendor	pom	developer org URL	https://bedework.com/	Medium
Vendor	pom	groupid	org.bedework	Highest
Vendor	pom	name	Bedework: base configuration classes	High
Vendor	pom	url	Bedework/bw-util-conf/bw-util-config	Highest
Product	file	name	bw-util-config	High
Product	jar	package name	bedework	Highest
Product	jar	package name	config	Highest
Product	jar	package name	util	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Bedework: base configuration classes	High
Product	Manifest	implementation-url	https://github.com/Bedework/bw-util-conf/bw-util-config	Low
Product	Manifest	os-arch	x86_64	Low
Product	Manifest	os-name	Mac OS X	Medium
Product	Manifest	specification-title	Bedework: base configuration classes	Medium
Product	pom	artifactid	bw-util-config	Highest
Product	pom	developer name	Arlen Johnson	Low
Product	pom	developer name	Mike Douglass	Low
Product	pom	developer org	Bedework Commercial Services	Low
Product	pom	developer org	Spherical Cow Group	Low
Product	pom	developer org URL	http://sphericalcowgroup.com/	Low
Product	pom	developer org URL	https://bedework.com/	Low
Product	pom	groupid	org.bedework	Highest
Product	pom	name	Bedework: base configuration classes	High
Product	pom	url	Bedework/bw-util-conf/bw-util-config	High
Version	file	version	6.0.0	High
Version	Manifest	Implementation-Version	6.0.0	High
Version	pom	version	6.0.0	Highest

Identifiers

pkg:maven/org.bedework/bw-util-config@6.0.0 (Confidence:High)

bw-util-jmx-6.0.0.jar

Description:

This project provides a number of utility configuration classes and methods

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/bedework/bw-util-jmx/6.0.0/bw-util-jmx-6.0.0.jar
MD5: e7ffae94c51d5c62aa657c7f321607b5
SHA1: cbfbb6e89fa5adac492adcc48866cfec62cc932d
SHA256:60b3d4ce24901fc1ab0b741be3413efaffb263f99f368062618478c67e7fd3b9
Referenced In Projects/Scopes:

Bedework: database hibernate modules:compile
Bedework: openjpa utility:compile

pkg:maven/org.bedework.database/bw-hibernate@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-openjpa@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bw-util-jmx	High
Vendor	jar	package name	bedework	Highest
Vendor	jar	package name	jmx	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	implementation-url	https://github.com/Bedework/bw-util-conf/bw-util-jmx	Low
Vendor	Manifest	Implementation-Vendor	Bedework	High
Vendor	Manifest	os-arch	x86_64	Low
Vendor	Manifest	os-name	Mac OS X	Medium
Vendor	Manifest	specification-vendor	Bedework	Low
Vendor	pom	artifactid	bw-util-jmx	Highest
Vendor	pom	artifactid	bw-util-jmx	Low
Vendor	pom	developer name	Arlen Johnson	Medium
Vendor	pom	developer name	Mike Douglass	Medium
Vendor	pom	developer org	Bedework Commercial Services	Medium
Vendor	pom	developer org	Spherical Cow Group	Medium
Vendor	pom	developer org URL	http://sphericalcowgroup.com/	Medium
Vendor	pom	developer org URL	https://bedework.com/	Medium
Vendor	pom	groupid	org.bedework	Highest
Vendor	pom	name	Bedework: JMX config classes	High
Vendor	pom	url	Bedework/bw-util-conf/bw-util-jmx	Highest
Product	file	name	bw-util-jmx	High
Product	jar	package name	bedework	Highest
Product	jar	package name	jmx	Highest
Product	jar	package name	util	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Bedework: JMX config classes	High
Product	Manifest	implementation-url	https://github.com/Bedework/bw-util-conf/bw-util-jmx	Low
Product	Manifest	os-arch	x86_64	Low
Product	Manifest	os-name	Mac OS X	Medium
Product	Manifest	specification-title	Bedework: JMX config classes	Medium
Product	pom	artifactid	bw-util-jmx	Highest
Product	pom	developer name	Arlen Johnson	Low
Product	pom	developer name	Mike Douglass	Low
Product	pom	developer org	Bedework Commercial Services	Low
Product	pom	developer org	Spherical Cow Group	Low
Product	pom	developer org URL	http://sphericalcowgroup.com/	Low
Product	pom	developer org URL	https://bedework.com/	Low
Product	pom	groupid	org.bedework	Highest
Product	pom	name	Bedework: JMX config classes	High
Product	pom	url	Bedework/bw-util-conf/bw-util-jmx	High
Version	file	version	6.0.0	High
Version	Manifest	Implementation-Version	6.0.0	High
Version	pom	version	6.0.0	Highest

Identifiers

pkg:maven/org.bedework/bw-util-jmx@6.0.0 (Confidence:High)

bw-util-logging-6.0.0.jar

Description:

This project provides logging utility classes and methods

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/bedework/bw-util-logging/6.0.0/bw-util-logging-6.0.0.jar
MD5: 2c63b9031e2d0852a00e57753320b409
SHA1: a12c15e6670f1298c8c4779d08b24595e921aceb
SHA256:e26bbaf5a5dcad998990fdc647f448b2e2dcac6eb628be6945fe24d53759b745
Referenced In Projects/Scopes:

Bedework: database orm independent modules:compile
Bedework: database hibernate modules:compile
Bedework: openjpa utility:compile
Bedework: jpa utility:compile

pkg:maven/org.bedework.database/bw-openjpa@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-jpa@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-db@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-hibernate@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bw-util-logging	High
Vendor	jar	package name	bedework	Highest
Vendor	jar	package name	logging	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	implementation-url	https://github.com/Bedework/bw-util-logging	Low
Vendor	Manifest	Implementation-Vendor	Bedework	High
Vendor	Manifest	os-arch	x86_64	Low
Vendor	Manifest	os-name	Mac OS X	Medium
Vendor	Manifest	specification-vendor	Bedework	Low
Vendor	pom	artifactid	bw-util-logging	Highest
Vendor	pom	artifactid	bw-util-logging	Low
Vendor	pom	developer name	Arlen Johnson	Medium
Vendor	pom	developer name	Mike Douglass	Medium
Vendor	pom	developer org	Bedework Commercial Services	Medium
Vendor	pom	developer org	Spherical Cow Group	Medium
Vendor	pom	developer org URL	http://sphericalcowgroup.com/	Medium
Vendor	pom	developer org URL	https://bedework.com/	Medium
Vendor	pom	groupid	org.bedework	Highest
Vendor	pom	name	Bedework: logging classes	High
Vendor	pom	url	Bedework/bw-util-logging	Highest
Product	file	name	bw-util-logging	High
Product	jar	package name	bedework	Highest
Product	jar	package name	logging	Highest
Product	jar	package name	util	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Bedework: logging classes	High
Product	Manifest	implementation-url	https://github.com/Bedework/bw-util-logging	Low
Product	Manifest	os-arch	x86_64	Low
Product	Manifest	os-name	Mac OS X	Medium
Product	Manifest	specification-title	Bedework: logging classes	Medium
Product	pom	artifactid	bw-util-logging	Highest
Product	pom	developer name	Arlen Johnson	Low
Product	pom	developer name	Mike Douglass	Low
Product	pom	developer org	Bedework Commercial Services	Low
Product	pom	developer org	Spherical Cow Group	Low
Product	pom	developer org URL	http://sphericalcowgroup.com/	Low
Product	pom	developer org URL	https://bedework.com/	Low
Product	pom	groupid	org.bedework	Highest
Product	pom	name	Bedework: logging classes	High
Product	pom	url	Bedework/bw-util-logging	High
Version	file	version	6.0.0	High
Version	Manifest	Implementation-Version	6.0.0	High
Version	pom	version	6.0.0	Highest

Identifiers

pkg:maven/org.bedework/bw-util-logging@6.0.0 (Confidence:High)

bw-util-misc-6.0.0.jar

Description:

This project provides a number of utility classes and methods

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/bedework/bw-util-misc/6.0.0/bw-util-misc-6.0.0.jar
MD5: a54be794abde392b2c1f7fb2935ad372
SHA1: ca14c1131c38ac51caa478cb4ea5df738fc6f106
SHA256:a2243c42722fcaa848e6f0fca44634c0c5685e57bb0c2a2d2f394bf9543bd5ae
Referenced In Projects/Scopes:

Bedework: database orm independent modules:compile
Bedework: database hibernate modules:compile
Bedework: openjpa utility:compile
Bedework: jpa utility:compile

pkg:maven/org.bedework/bw-util-xml@6.0.0
pkg:maven/org.bedework.database/bw-hibernate@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-openjpa@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-jpa@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bw-util-misc	High
Vendor	jar	package name	bedework	Highest
Vendor	jar	package name	misc	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	implementation-url	https://github.com/Bedework/bw-util/bw-util-misc	Low
Vendor	Manifest	Implementation-Vendor	Bedework	High
Vendor	Manifest	os-arch	x86_64	Low
Vendor	Manifest	os-name	Mac OS X	Medium
Vendor	Manifest	specification-vendor	Bedework	Low
Vendor	pom	artifactid	bw-util-misc	Highest
Vendor	pom	artifactid	bw-util-misc	Low
Vendor	pom	developer name	Arlen Johnson	Medium
Vendor	pom	developer name	Mike Douglass	Medium
Vendor	pom	developer org	Bedework Commercial Services	Medium
Vendor	pom	developer org	Spherical Cow Group	Medium
Vendor	pom	developer org URL	http://sphericalcowgroup.com/	Medium
Vendor	pom	developer org URL	https://bedework.com/	Medium
Vendor	pom	groupid	org.bedework	Highest
Vendor	pom	name	Bedework: misc utils	High
Vendor	pom	url	Bedework/bw-util/bw-util-misc	Highest
Product	file	name	bw-util-misc	High
Product	jar	package name	bedework	Highest
Product	jar	package name	misc	Highest
Product	jar	package name	util	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Bedework: misc utils	High
Product	Manifest	implementation-url	https://github.com/Bedework/bw-util/bw-util-misc	Low
Product	Manifest	os-arch	x86_64	Low
Product	Manifest	os-name	Mac OS X	Medium
Product	Manifest	specification-title	Bedework: misc utils	Medium
Product	pom	artifactid	bw-util-misc	Highest
Product	pom	developer name	Arlen Johnson	Low
Product	pom	developer name	Mike Douglass	Low
Product	pom	developer org	Bedework Commercial Services	Low
Product	pom	developer org	Spherical Cow Group	Low
Product	pom	developer org URL	http://sphericalcowgroup.com/	Low
Product	pom	developer org URL	https://bedework.com/	Low
Product	pom	groupid	org.bedework	Highest
Product	pom	name	Bedework: misc utils	High
Product	pom	url	Bedework/bw-util/bw-util-misc	High
Version	file	version	6.0.0	High
Version	Manifest	Implementation-Version	6.0.0	High
Version	pom	version	6.0.0	Highest

Identifiers

pkg:maven/org.bedework/bw-util-misc@6.0.0 (Confidence:High)
cpe:2.3:a:utils_project:utils:6.0.0:*:*:*:*:*:*:* (Confidence:Low)

bw-util-xml-6.0.0.jar

Description:

This project provides a number of utility classes and methods

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/bedework/bw-util-xml/6.0.0/bw-util-xml-6.0.0.jar
MD5: 9511e1c44083306be4587dcacaea03a0
SHA1: a5486ab6b6da48523d7fc224662a3ddbbb26b090
SHA256:cd96fdeb127ccdf57f7ce99c63b27933b407b7b64cc4f723b79342c47908658a
Referenced In Projects/Scopes:

Bedework: database orm independent modules:compile
Bedework: database hibernate modules:compile
Bedework: openjpa utility:compile
Bedework: jpa utility:compile

pkg:maven/org.bedework.database/bw-db@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-hibernate@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-openjpa@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-db@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bw-util-xml	High
Vendor	jar	package name	bedework	Highest
Vendor	jar	package name	util	Highest
Vendor	jar	package name	xml	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	implementation-url	https://github.com/Bedework/bw-util/bw-util-xml	Low
Vendor	Manifest	Implementation-Vendor	Bedework	High
Vendor	Manifest	os-arch	x86_64	Low
Vendor	Manifest	os-name	Mac OS X	Medium
Vendor	Manifest	specification-vendor	Bedework	Low
Vendor	pom	artifactid	bw-util-xml	Highest
Vendor	pom	artifactid	bw-util-xml	Low
Vendor	pom	developer name	Arlen Johnson	Medium
Vendor	pom	developer name	Mike Douglass	Medium
Vendor	pom	developer org	Bedework Commercial Services	Medium
Vendor	pom	developer org	Spherical Cow Group	Medium
Vendor	pom	developer org URL	http://sphericalcowgroup.com/	Medium
Vendor	pom	developer org URL	https://bedework.com/	Medium
Vendor	pom	groupid	org.bedework	Highest
Vendor	pom	name	Bedework: util to handle xml	High
Vendor	pom	url	Bedework/bw-util/bw-util-xml	Highest
Product	file	name	bw-util-xml	High
Product	jar	package name	bedework	Highest
Product	jar	package name	util	Highest
Product	jar	package name	xml	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Bedework: util to handle xml	High
Product	Manifest	implementation-url	https://github.com/Bedework/bw-util/bw-util-xml	Low
Product	Manifest	os-arch	x86_64	Low
Product	Manifest	os-name	Mac OS X	Medium
Product	Manifest	specification-title	Bedework: util to handle xml	Medium
Product	pom	artifactid	bw-util-xml	Highest
Product	pom	developer name	Arlen Johnson	Low
Product	pom	developer name	Mike Douglass	Low
Product	pom	developer org	Bedework Commercial Services	Low
Product	pom	developer org	Spherical Cow Group	Low
Product	pom	developer org URL	http://sphericalcowgroup.com/	Low
Product	pom	developer org URL	https://bedework.com/	Low
Product	pom	groupid	org.bedework	Highest
Product	pom	name	Bedework: util to handle xml	High
Product	pom	url	Bedework/bw-util/bw-util-xml	High
Version	file	version	6.0.0	High
Version	Manifest	Implementation-Version	6.0.0	High
Version	pom	version	6.0.0	Highest

Identifiers

pkg:maven/org.bedework/bw-util-xml@6.0.0 (Confidence:High)

commons-lang3-3.17.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

  The code is tested using the latest revision of the JDK for supported
  LTS releases: 8, 11, 17 and 21 currently.
  See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
  
  Please ensure your build environment is up-to-date and kindly report any build issues.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.17.0/commons-lang3-3.17.0.jar
MD5: 7730df72b7fdff4a3a32d89a314f826a
SHA1: b17d2136f0460dcc0d2016ceefca8723bdf4ee70
SHA256:6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4
Referenced In Projects/Scopes:

Bedework: database orm independent modules:compile
Bedework: database hibernate modules:compile
Bedework: openjpa utility:compile
Bedework: jpa utility:compile

pkg:maven/org.bedework/bw-util-misc@6.0.0
pkg:maven/org.bedework/bw-util-misc@6.0.0
pkg:maven/org.bedework/bw-util-xml@6.0.0
pkg:maven/org.bedework/bw-util-misc@6.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-lang3	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	lang3	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.lang3	Medium
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-lang/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-lang3	Highest
Vendor	pom	artifactid	commons-lang3	Low
Vendor	pom	developer email	bayard@apache.org	Low
Vendor	pom	developer email	britter@apache.org	Low
Vendor	pom	developer email	chtompki@apache.org	Low
Vendor	pom	developer email	djones@apache.org	Low
Vendor	pom	developer email	dlr@finemaltcoding.com	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	jcarman@apache.org	Low
Vendor	pom	developer email	joerg.schaible@gmx.de	Low
Vendor	pom	developer email	lguibert@apache.org	Low
Vendor	pom	developer email	oheger@apache.org	Low
Vendor	pom	developer email	pbenedict@apache.org	Low
Vendor	pom	developer email	rdonkin@apache.org	Low
Vendor	pom	developer email	scolebourne@joda.org	Low
Vendor	pom	developer email	stevencaswell@apache.org	Low
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	britter	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	djones	Medium
Vendor	pom	developer id	dlr	Medium
Vendor	pom	developer id	fredrik	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jcarman	Medium
Vendor	pom	developer id	joehni	Medium
Vendor	pom	developer id	lguibert	Medium
Vendor	pom	developer id	mbenson	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer id	oheger	Medium
Vendor	pom	developer id	pbenedict	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	scaswell	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer name	Benedikt Ritter	Medium
Vendor	pom	developer name	Daniel Rall	Medium
Vendor	pom	developer name	Duncan Jones	Medium
Vendor	pom	developer name	Fredrik Westermarck	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	James Carman	Medium
Vendor	pom	developer name	Joerg Schaible	Medium
Vendor	pom	developer name	Loic Guibert	Medium
Vendor	pom	developer name	Matt Benson	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Oliver Heger	Medium
Vendor	pom	developer name	Paul Benedict	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	developer name	Steven Caswell	Medium
Vendor	pom	developer org	Carman Consulting, Inc.	Medium
Vendor	pom	developer org	CollabNet, Inc.	Medium
Vendor	pom	developer org	SITA ATS Ltd	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	name	Apache Commons Lang	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	url	https://commons.apache.org/proper/commons-lang/	Highest
Product	file	name	commons-lang3	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	lang3	Highest
Product	Manifest	automatic-module-name	org.apache.commons.lang3	Medium
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-lang/	Low
Product	Manifest	Bundle-Name	Apache Commons Lang	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Product	Manifest	Implementation-Title	Apache Commons Lang	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Apache Commons Lang	Medium
Product	pom	artifactid	commons-lang3	Highest
Product	pom	developer email	bayard@apache.org	Low
Product	pom	developer email	britter@apache.org	Low
Product	pom	developer email	chtompki@apache.org	Low
Product	pom	developer email	djones@apache.org	Low
Product	pom	developer email	dlr@finemaltcoding.com	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	jcarman@apache.org	Low
Product	pom	developer email	joerg.schaible@gmx.de	Low
Product	pom	developer email	lguibert@apache.org	Low
Product	pom	developer email	oheger@apache.org	Low
Product	pom	developer email	pbenedict@apache.org	Low
Product	pom	developer email	rdonkin@apache.org	Low
Product	pom	developer email	scolebourne@joda.org	Low
Product	pom	developer email	stevencaswell@apache.org	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	britter	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	djones	Low
Product	pom	developer id	dlr	Low
Product	pom	developer id	fredrik	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jcarman	Low
Product	pom	developer id	joehni	Low
Product	pom	developer id	lguibert	Low
Product	pom	developer id	mbenson	Low
Product	pom	developer id	niallp	Low
Product	pom	developer id	oheger	Low
Product	pom	developer id	pbenedict	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	scaswell	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer name	Benedikt Ritter	Low
Product	pom	developer name	Daniel Rall	Low
Product	pom	developer name	Duncan Jones	Low
Product	pom	developer name	Fredrik Westermarck	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	James Carman	Low
Product	pom	developer name	Joerg Schaible	Low
Product	pom	developer name	Loic Guibert	Low
Product	pom	developer name	Matt Benson	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Oliver Heger	Low
Product	pom	developer name	Paul Benedict	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	developer name	Steven Caswell	Low
Product	pom	developer org	Carman Consulting, Inc.	Low
Product	pom	developer org	CollabNet, Inc.	Low
Product	pom	developer org	SITA ATS Ltd	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	org.apache.commons	Highest
Product	pom	name	Apache Commons Lang	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	url	https://commons.apache.org/proper/commons-lang/	Medium
Version	file	version	3.17.0	High
Version	Manifest	Bundle-Version	3.17.0	High
Version	Manifest	Implementation-Version	3.17.0	High
Version	pom	parent-version	3.17.0	Low
Version	pom	version	3.17.0	Highest

Identifiers

pkg:maven/org.apache.commons/commons-lang3@3.17.0 (Confidence:High)
cpe:2.3:a:apache:commons_lang:3.17.0:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2025-48924

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a 
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

CWE-674 Uncontrolled Recursion

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

References:

OSSINDEX - [CVE-2025-48924] CWE-674: Uncontrolled Recursion
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-48924
OSSIndex - https://github.com/advisories/GHSA-j288-q9x7-2f5v
security@apache.org - MAILING_LIST,VENDOR_ADVISORY

Vulnerable Software & Versions: (show all)

commons-pool2-2.9.0.jar

Description:

The Apache Commons Object Pooling Library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/apache/commons/commons-pool2/2.9.0/commons-pool2-2.9.0.jar
MD5: 1f14cc5528953687f915bddf4fe150ec
SHA1: 58e9e8bbd29cf3e7861cb80c0a615770baffe840
SHA256:bc919b426bfafb31ecc45d6652a9f137462465d849fb3873d78d90c3f8d35b01
Referenced In Project/Scope: Bedework: openjpa utility:compile
pkg:maven/org.apache.openjpa/openjpa@4.1.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-pool2	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	pool2	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.pool2	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-pool/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-pool2	Medium
Vendor	Manifest	implementation-build	release@re855619858edd5aae1a6b49788bb7212eb77ec23; 2020-09-25 17:30:04+0000	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-pool2	Highest
Vendor	pom	artifactid	commons-pool2	Low
Vendor	pom	developer id	craigmcc	Medium
Vendor	pom	developer id	dirkv	Medium
Vendor	pom	developer id	dweinr1	Medium
Vendor	pom	developer id	geirm	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	mattsicker	Medium
Vendor	pom	developer id	morgand	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	rwaldhoff	Medium
Vendor	pom	developer id	sandymac	Medium
Vendor	pom	developer id	simonetripodi	Medium
Vendor	pom	developer name	Craig McClanahan	Medium
Vendor	pom	developer name	David Weinrich	Medium
Vendor	pom	developer name	Dirk Verbeeck	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Geir Magnusson	Medium
Vendor	pom	developer name	Matt Sicker	Medium
Vendor	pom	developer name	Morgan Delagrange	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Rodney Waldhoff	Medium
Vendor	pom	developer name	Sandy McArthur	Medium
Vendor	pom	developer name	Simone Tripodi	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	name	Apache Commons Pool	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	url	https://commons.apache.org/proper/commons-pool/	Highest
Product	file	name	commons-pool2	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	pool2	Highest
Product	Manifest	automatic-module-name	org.apache.commons.pool2	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-pool/	Low
Product	Manifest	Bundle-Name	Apache Commons Pool	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-pool2	Medium
Product	Manifest	implementation-build	release@re855619858edd5aae1a6b49788bb7212eb77ec23; 2020-09-25 17:30:04+0000	Low
Product	Manifest	Implementation-Title	Apache Commons Pool	High
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Product	Manifest	specification-title	Apache Commons Pool	Medium
Product	pom	artifactid	commons-pool2	Highest
Product	pom	developer id	craigmcc	Low
Product	pom	developer id	dirkv	Low
Product	pom	developer id	dweinr1	Low
Product	pom	developer id	geirm	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	mattsicker	Low
Product	pom	developer id	morgand	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	rwaldhoff	Low
Product	pom	developer id	sandymac	Low
Product	pom	developer id	simonetripodi	Low
Product	pom	developer name	Craig McClanahan	Low
Product	pom	developer name	David Weinrich	Low
Product	pom	developer name	Dirk Verbeeck	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Geir Magnusson	Low
Product	pom	developer name	Matt Sicker	Low
Product	pom	developer name	Morgan Delagrange	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Rodney Waldhoff	Low
Product	pom	developer name	Sandy McArthur	Low
Product	pom	developer name	Simone Tripodi	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	groupid	org.apache.commons	Highest
Product	pom	name	Apache Commons Pool	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	url	https://commons.apache.org/proper/commons-pool/	Medium
Version	file	version	2.9.0	High
Version	Manifest	Bundle-Version	2.9.0	High
Version	Manifest	Implementation-Version	2.9.0	High
Version	pom	parent-version	2.9.0	Low
Version	pom	version	2.9.0	Highest

Identifiers

pkg:maven/org.apache.commons/commons-pool2@2.9.0 (Confidence:High)

commons-text-1.13.0.jar

Description:

Apache Commons Text is a set of utility functions and reusable components for the purpose of processing
    and manipulating text that should be of use in a Java environment.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/apache/commons/commons-text/1.13.0/commons-text-1.13.0.jar
MD5: 4b4766452c04316e3ef6ffe3490d6b10
SHA1: ba2ed5521c491cabf7ecdb57f77922561c2e8958
SHA256:1e323a501127df78ed0987f345d69d65d0ea7fa3d4fb5b3f84aaeba3a8b20f38
Referenced In Projects/Scopes:

Bedework: database orm independent modules:compile
Bedework: database hibernate modules:compile
Bedework: openjpa utility:compile
Bedework: jpa utility:compile

pkg:maven/org.bedework/bw-util-misc@6.0.0
pkg:maven/org.bedework/bw-util-misc@6.0.0
pkg:maven/org.bedework/bw-util-xml@6.0.0
pkg:maven/org.bedework/bw-util-misc@6.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-text	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	text	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.text	Medium
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-text	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.text	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-text	Highest
Vendor	pom	artifactid	commons-text	Low
Vendor	pom	developer email	britter@apache.org	Low
Vendor	pom	developer email	chtompki@apache.org	Low
Vendor	pom	developer email	djones@apache.org	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	kinow@apache.org	Low
Vendor	pom	developer id	britter	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	djones	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	kinow	Medium
Vendor	pom	developer name	Benedikt Ritter	Medium
Vendor	pom	developer name	Bruno P. Kinoshita	Medium
Vendor	pom	developer name	Duncan Jones	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	name	Apache Commons Text	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	url	https://commons.apache.org/proper/commons-text	Highest
Product	file	name	commons-text	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	text	Highest
Product	Manifest	automatic-module-name	org.apache.commons.text	Medium
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-text	Low
Product	Manifest	Bundle-Name	Apache Commons Text	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.text	Medium
Product	Manifest	Implementation-Title	Apache Commons Text	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Apache Commons Text	Medium
Product	pom	artifactid	commons-text	Highest
Product	pom	developer email	britter@apache.org	Low
Product	pom	developer email	chtompki@apache.org	Low
Product	pom	developer email	djones@apache.org	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	kinow@apache.org	Low
Product	pom	developer id	britter	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	djones	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	kinow	Low
Product	pom	developer name	Benedikt Ritter	Low
Product	pom	developer name	Bruno P. Kinoshita	Low
Product	pom	developer name	Duncan Jones	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	org.apache.commons	Highest
Product	pom	name	Apache Commons Text	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	url	https://commons.apache.org/proper/commons-text	Medium
Version	file	version	1.13.0	High
Version	Manifest	Bundle-Version	1.13.0	High
Version	Manifest	Implementation-Version	1.13.0	High
Version	pom	parent-version	1.13.0	Low
Version	pom	version	1.13.0	Highest

Identifiers

pkg:maven/org.apache.commons/commons-text@1.13.0 (Confidence:High)
cpe:2.3:a:apache:commons_text:1.13.0:*:*:*:*:*:*:* (Confidence:Highest)

jackson-annotations-2.18.2.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.18.2/jackson-annotations-2.18.2.jar
MD5: 79d38d3c51068a2bbc40268d02f80763
SHA1: 985d77751ebc7fce5db115a986bc9aa82f973f4a
SHA256:581bd61000ef7648943f781ca05689e56d03f6052748365a8e2b3a9b5d3fa32f
Referenced In Projects/Scopes:

Bedework: database orm independent modules:compile
Bedework: database hibernate modules:compile
Bedework: openjpa utility:compile
Bedework: jpa utility:compile

pkg:maven/org.bedework/bw-util-logging@6.0.0
pkg:maven/org.bedework/bw-util-logging@6.0.0
pkg:maven/org.bedework/bw-util-logging@6.0.0
pkg:maven/org.bedework/bw-util-logging@6.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-annotations	High
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-annotations	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-annotations	Highest
Vendor	pom	artifactid	jackson-annotations	Low
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	name	Jackson-annotations	High
Vendor	pom	parent-artifactid	jackson-parent	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	url	FasterXML/jackson	Highest
Product	file	name	jackson-annotations	High
Product	hint analyzer	product	java8	Highest
Product	hint analyzer	product	modules	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Product	Manifest	Bundle-Name	Jackson-annotations	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-annotations	Medium
Product	Manifest	Implementation-Title	Jackson-annotations	High
Product	Manifest	specification-title	Jackson-annotations	Medium
Product	pom	artifactid	jackson-annotations	Highest
Product	pom	groupid	com.fasterxml.jackson.core	Highest
Product	pom	name	Jackson-annotations	High
Product	pom	parent-artifactid	jackson-parent	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	url	FasterXML/jackson	High
Version	file	version	2.18.2	High
Version	Manifest	Bundle-Version	2.18.2	High
Version	Manifest	Implementation-Version	2.18.2	High
Version	pom	parent-version	2.18.2	Low
Version	pom	version	2.18.2	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.18.2 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.18.2:*:*:*:*:*:*:* (Confidence:Low)

jakarta.annotation-api-3.0.0.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: https://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html

File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/3.0.0/jakarta.annotation-api-3.0.0.jar
MD5: 7faffaab962918da4cf5ddfd76609dd2
SHA1: 54f928fadec906a99d558536756d171917b9d936
SHA256:b01f55552284cfb149411e64eabca75e942d26d2e1786b32914250e4330afaa2
Referenced In Project/Scope: Bedework: openjpa utility:compile
pkg:maven/org.apache.openjpa/openjpa@4.1.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.annotation-api	High
Vendor	jar	package name	annotation	Highest
Vendor	jar	package name	jakarta	Highest
Vendor	Manifest	build-jdk-spec	18	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.annotation-api	Medium
Vendor	Manifest	extension-name	jakarta.annotation	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.annotation-api	Highest
Vendor	pom	artifactid	jakarta.annotation-api	Low
Vendor	pom	developer name	Dmitry Kornilov	Medium
Vendor	pom	developer name	Linda De Michiel	Medium
Vendor	pom	developer org	Oracle Corp.	Medium
Vendor	pom	groupid	jakarta.annotation	Highest
Vendor	pom	name	Jakarta Annotations API	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	https://projects.eclipse.org/projects/ee4j.ca	Highest
Product	file	name	jakarta.annotation-api	High
Product	jar	package name	annotation	Highest
Product	jar	package name	jakarta	Highest
Product	Manifest	build-jdk-spec	18	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta Annotations API	Medium
Product	Manifest	bundle-symbolicname	jakarta.annotation-api	Medium
Product	Manifest	extension-name	jakarta.annotation	Medium
Product	pom	artifactid	jakarta.annotation-api	Highest
Product	pom	developer name	Dmitry Kornilov	Low
Product	pom	developer name	Linda De Michiel	Low
Product	pom	developer org	Oracle Corp.	Low
Product	pom	groupid	jakarta.annotation	Highest
Product	pom	name	Jakarta Annotations API	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	https://projects.eclipse.org/projects/ee4j.ca	Medium
Version	file	version	3.0.0	High
Version	Manifest	Bundle-Version	3.0.0	High
Version	Manifest	Implementation-Version	3.0.0	High
Version	pom	parent-version	3.0.0	Low
Version	pom	version	3.0.0	Highest

Identifiers

pkg:maven/jakarta.annotation/jakarta.annotation-api@3.0.0 (Confidence:High)
cpe:2.3:a:oracle:projects:3.0.0:*:*:*:*:*:*:* (Confidence:Low)

jakarta.jms-api-3.1.0.jar

Description:

        Jakarta Messaging describes a means for Java applications to create, send, 
        and receive messages via loosely coupled, reliable asynchronous communication services.

License:

Eclipse Public License 2.0: https://projects.eclipse.org/license/epl-2.0
GNU General Public License, version 2 with the GNU Classpath Exception: https://projects.eclipse.org/license/secondary-gpl-2.0-cp

File Path: /home/runner/.m2/repository/jakarta/jms/jakarta.jms-api/3.1.0/jakarta.jms-api-3.1.0.jar
MD5: 68b9809056047472375bf10441b2a26f
SHA1: e194cf91a3f908e4846542849ac11a8e0b3c68ad
SHA256:6605e08075ab389c359451c7854808cf4b1575e1ea6317e534e9d4df088096df
Referenced In Project/Scope: Bedework: openjpa utility:compile
pkg:maven/org.apache.openjpa/openjpa@4.1.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.jms-api	High
Vendor	jar	package name	jakarta	Highest
Vendor	jar	package name	jms	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.jms-api	Medium
Vendor	Manifest	extension-name	jakarta.jms	Medium
Vendor	Manifest	Implementation-Vendor-Id	org.eclipse.ee4j.jms	Medium
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.jms-api	Highest
Vendor	pom	artifactid	jakarta.jms-api	Low
Vendor	pom	groupid	jakarta.jms	Highest
Vendor	pom	name	Jakarta Messaging API	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	https://projects.eclipse.org/projects/ee4j.jms	Highest
Product	file	name	jakarta.jms-api	High
Product	jar	package name	jakarta	Highest
Product	jar	package name	jms	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta Messaging API	Medium
Product	Manifest	bundle-symbolicname	jakarta.jms-api	Medium
Product	Manifest	extension-name	jakarta.jms	Medium
Product	pom	artifactid	jakarta.jms-api	Highest
Product	pom	groupid	jakarta.jms	Highest
Product	pom	name	Jakarta Messaging API	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	https://projects.eclipse.org/projects/ee4j.jms	Medium
Version	file	version	3.1.0	High
Version	Manifest	Bundle-Version	3.1.0	High
Version	Manifest	Implementation-Version	3.1.0	High
Version	pom	parent-version	3.1.0	Low
Version	pom	version	3.1.0	Highest

Identifiers

pkg:maven/jakarta.jms/jakarta.jms-api@3.1.0 (Confidence:High)

jakarta.persistence-api-3.1.0.jar

Description:

Jakarta Persistence 3.1 API jar

License:

Eclipse Public License v. 2.0: http://www.eclipse.org/legal/epl-2.0
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/runner/.m2/repository/jakarta/persistence/jakarta.persistence-api/3.1.0/jakarta.persistence-api-3.1.0.jar
MD5: 35a1b7dfb38cf44ff795be607b0e6b5b
SHA1: 66901fa1c373c6aff65c13791cc11da72060a8d6
SHA256:475389446d35c6f46c565728b756dc508c284644ea2690644e0d8e7e339d42fd
Referenced In Projects/Scopes:

Bedework: database orm independent modules:compile
Bedework: database hibernate modules:compile
Bedework: openjpa utility:compile
Bedework: jpa utility:compile

pkg:maven/org.bedework.database/bw-db@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-db@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-db@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-db@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.persistence-api	High
Vendor	jar	package name	jakarta	Highest
Vendor	jar	package name	persistence	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.persistence-api	Medium
Vendor	Manifest	extension-name	jakarta.persistence	Medium
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.persistence-api	Highest
Vendor	pom	artifactid	jakarta.persistence-api	Low
Vendor	pom	developer id	lukasj	Medium
Vendor	pom	developer name	Lukas Jungmann	Medium
Vendor	pom	developer org	Oracle, Inc.	Medium
Vendor	pom	groupid	jakarta.persistence	Highest
Vendor	pom	name	Jakarta Persistence API	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	eclipse-ee4j/jpa-api	Highest
Product	file	name	jakarta.persistence-api	High
Product	jar	package name	jakarta	Highest
Product	jar	package name	persistence	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta Persistence API jar	Medium
Product	Manifest	bundle-symbolicname	jakarta.persistence-api	Medium
Product	Manifest	extension-name	jakarta.persistence	Medium
Product	pom	artifactid	jakarta.persistence-api	Highest
Product	pom	developer id	lukasj	Low
Product	pom	developer name	Lukas Jungmann	Low
Product	pom	developer org	Oracle, Inc.	Low
Product	pom	groupid	jakarta.persistence	Highest
Product	pom	name	Jakarta Persistence API	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	eclipse-ee4j/jpa-api	High
Version	file	version	3.1.0	High
Version	Manifest	Bundle-Version	3.1.0	High
Version	Manifest	Implementation-Version	3.1.0	High
Version	pom	parent-version	3.1.0	Low
Version	pom	version	3.1.0	Highest

Identifiers

pkg:maven/jakarta.persistence/jakarta.persistence-api@3.1.0 (Confidence:High)

jakarta.transaction-api-2.0.1.jar

Description:

Jakarta Transactions

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html

File Path: /home/runner/.m2/repository/jakarta/transaction/jakarta.transaction-api/2.0.1/jakarta.transaction-api-2.0.1.jar
MD5: 5315974a3935e342b40849478e1c9966
SHA1: 51a520e3fae406abb84e2e1148e6746ce3f80a1a
SHA256:50c0a7c760c13ae6c042acf182b28f0047413db95b4636fb8879bcffab5ba875
Referenced In Project/Scope: Bedework: openjpa utility:compile
pkg:maven/org.apache.openjpa/openjpa@4.1.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.transaction-api	High
Vendor	jar	package name	jakarta	Highest
Vendor	jar	package name	transaction	Highest
Vendor	Manifest	automatic-module-name	jakarta.transaction	Medium
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://github.com/eclipse-ee4j	Low
Vendor	Manifest	bundle-symbolicname	jakarta.transaction-api	Medium
Vendor	Manifest	extension-name	jakarta.transaction	Medium
Vendor	Manifest	Implementation-Vendor	EE4J Community	High
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	pom	artifactid	jakarta.transaction-api	Highest
Vendor	pom	artifactid	jakarta.transaction-api	Low
Vendor	pom	developer id	stephen_felts	Medium
Vendor	pom	developer name	Stephen Felts	Medium
Vendor	pom	developer org	Oracle, Inc.	Medium
Vendor	pom	groupid	jakarta.transaction	Highest
Vendor	pom	name	API	High
Vendor	pom	name	${extension.name} API	High
Vendor	pom	organization name	EE4J Community	High
Vendor	pom	organization url	eclipse-ee4j	Medium
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	https://projects.eclipse.org/projects/ee4j.jta	Highest
Product	file	name	jakarta.transaction-api	High
Product	jar	package name	jakarta	Highest
Product	jar	package name	transaction	Highest
Product	Manifest	automatic-module-name	jakarta.transaction	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://github.com/eclipse-ee4j	Low
Product	Manifest	Bundle-Name	jakarta.transaction API	Medium
Product	Manifest	bundle-symbolicname	jakarta.transaction-api	Medium
Product	Manifest	extension-name	jakarta.transaction	Medium
Product	pom	artifactid	jakarta.transaction-api	Highest
Product	pom	developer id	stephen_felts	Low
Product	pom	developer name	Stephen Felts	Low
Product	pom	developer org	Oracle, Inc.	Low
Product	pom	groupid	jakarta.transaction	Highest
Product	pom	name	API	High
Product	pom	name	${extension.name} API	High
Product	pom	organization name	EE4J Community	Low
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	eclipse-ee4j	High
Product	pom	url	https://projects.eclipse.org/projects/ee4j.jta	Medium
Version	file	version	2.0.1	High
Version	Manifest	Bundle-Version	2.0.1	High
Version	Manifest	Implementation-Version	2.0.1	High
Version	pom	parent-version	2.0.1	Low
Version	pom	version	2.0.1	Highest

Identifiers

pkg:maven/jakarta.transaction/jakarta.transaction-api@2.0.1 (Confidence:High)
cpe:2.3:a:oracle:projects:2.0.1:*:*:*:*:*:*:* (Confidence:Low)

openjpa-4.1.1.jar (shaded: org.apache.openjpa:openjpa-kernel:4.1.1)

Description:

OpenJPA Kernel

File Path: /home/runner/.m2/repository/org/apache/openjpa/openjpa/4.1.1/openjpa-4.1.1.jar/META-INF/maven/org.apache.openjpa/openjpa-kernel/pom.xml
MD5: f2a4f67cd10646806f86393a00d77445
SHA1: 3330e7f86f34e9df130322312a1e9cbf3af91c59
SHA256:5fe9360ba0c918f3662d3db51693bf950082afaf32ff6ec99f3d402b51a88414
Referenced In Project/Scope: Bedework: openjpa utility:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	openjpa-kernel	Low
Vendor	pom	groupid	org.apache.openjpa	Highest
Vendor	pom	name	OpenJPA Kernel	High
Vendor	pom	parent-artifactid	openjpa-parent	Low
Product	pom	artifactid	openjpa-kernel	Highest
Product	pom	groupid	org.apache.openjpa	Highest
Product	pom	name	OpenJPA Kernel	High
Product	pom	parent-artifactid	openjpa-parent	Medium
Version	pom	version	4.1.1	Highest

Related Dependencies

openjpa-4.1.1.jar (shaded: org.apache.openjpa:openjpa-jdbc:4.1.1)
- File Path: /home/runner/.m2/repository/org/apache/openjpa/openjpa/4.1.1/openjpa-4.1.1.jar/META-INF/maven/org.apache.openjpa/openjpa-jdbc/pom.xml
- MD5: 041f663fc5ff88c3f9ca91426df21d36
- SHA1: 738fd1ef2dcf8c072de5466e8f85d78749502dd1
- SHA256: 41bab5d01042a92dac9840cbcccc7c8bfd2c76446540f46e92d5442a9e91b60c
- pkg:maven/org.apache.openjpa/openjpa-jdbc@4.1.1
openjpa-4.1.1.jar (shaded: org.apache.openjpa:openjpa-lib:4.1.1)
- File Path: /home/runner/.m2/repository/org/apache/openjpa/openjpa/4.1.1/openjpa-4.1.1.jar/META-INF/maven/org.apache.openjpa/openjpa-lib/pom.xml
- MD5: ffd952211c338a3a94ce605f42ff229b
- SHA1: 683285463ea6f3f88c23be0dd5b376007fbbf3c5
- SHA256: c0c6acba60bb9ab06e38f929d4facf199e88e070667d7545e38b8581fca9813f
- pkg:maven/org.apache.openjpa/openjpa-lib@4.1.1
openjpa-4.1.1.jar (shaded: org.apache.openjpa:openjpa-persistence-jdbc:4.1.1)
- File Path: /home/runner/.m2/repository/org/apache/openjpa/openjpa/4.1.1/openjpa-4.1.1.jar/META-INF/maven/org.apache.openjpa/openjpa-persistence-jdbc/pom.xml
- MD5: 0c968ddf18bf20f4b656694880c978dc
- SHA1: fb543e4b7b280d065129dc381bb541977634af69
- SHA256: 23e4ffea5b999b72f28a7c34493bcf196a02d5b466c120cb04934b8478357764
- pkg:maven/org.apache.openjpa/openjpa-persistence-jdbc@4.1.1
openjpa-4.1.1.jar (shaded: org.apache.openjpa:openjpa-persistence:4.1.1)
- File Path: /home/runner/.m2/repository/org/apache/openjpa/openjpa/4.1.1/openjpa-4.1.1.jar/META-INF/maven/org.apache.openjpa/openjpa-persistence/pom.xml
- MD5: 69122c501ab1703efbf9aec84ac73e93
- SHA1: 7528c6aec4fc781a410f2668719e1400b724a5b3
- SHA256: b88e70889b93919ea808e13eb80b6cbebfaf52cc4c02a96288cd3841f440386f
- pkg:maven/org.apache.openjpa/openjpa-persistence@4.1.1
openjpa-4.1.1.jar (shaded: org.apache.openjpa:openjpa-slice:4.1.1)
- File Path: /home/runner/.m2/repository/org/apache/openjpa/openjpa/4.1.1/openjpa-4.1.1.jar/META-INF/maven/org.apache.openjpa/openjpa-slice/pom.xml
- MD5: d0343134672862eeadd6b21d708173bb
- SHA1: 870d01d59f1d662aa15b349dbbfdb603bed53f1d
- SHA256: c55424246cdfaa52a377c85efc06a2a16bf8b1cd4b1bd85e0f6af8c0ae357266
- pkg:maven/org.apache.openjpa/openjpa-slice@4.1.1
openjpa-4.1.1.jar (shaded: org.apache.openjpa:openjpa-xmlstore:4.1.1)
- File Path: /home/runner/.m2/repository/org/apache/openjpa/openjpa/4.1.1/openjpa-4.1.1.jar/META-INF/maven/org.apache.openjpa/openjpa-xmlstore/pom.xml
- MD5: 44797532990b755e387d864a4b4f8ce8
- SHA1: 9aaa883e82829e9484e73f006b4c3f104a3f48fd
- SHA256: 45d9f4c24a80182f0f2d7038f955c509f9af87e1e815e3343d7f7d7658b35949
- pkg:maven/org.apache.openjpa/openjpa-xmlstore@4.1.1

Identifiers

pkg:maven/org.apache.openjpa/openjpa-kernel@4.1.1 (Confidence:High)
cpe:2.3:a:apache:openjpa:4.1.1:*:*:*:*:*:*:* (Confidence:Highest)

openjpa-4.1.1.jar

Description:

Apache OpenJPA implementation of Jakarta JPA 3.1

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/apache/openjpa/openjpa/4.1.1/openjpa-4.1.1.jar
MD5: 156d456ada7011b67c82adbaa094a68d
SHA1: 29a4cc3a375a6eb11caa1c27babf7f28c45aa3e2
SHA256:d72e339d46a43cdcc80bbb332174f0d6ef4a3c03fede7b2fb3d64dd9027b21ea
Referenced In Project/Scope: Bedework: openjpa utility:compile
pkg:maven/org.bedework.database/bw-openjpa@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	openjpa	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	openjpa	Highest
Vendor	Manifest	automatic-module-name	org.apache.openjpa	Medium
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	http://openjpa.apache.org/openjpa	Low
Vendor	Manifest	bundle-symbolicname	org.apache.openjpa	Medium
Vendor	Manifest	can-redefine-classes	true	Low
Vendor	Manifest	can-retransform-classes	true	Low
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	openjpa	Highest
Vendor	pom	artifactid	openjpa	Low
Vendor	pom	groupid	org.apache.openjpa	Highest
Vendor	pom	name	OpenJPA Aggregate Jar	High
Vendor	pom	parent-artifactid	openjpa-parent	Low
Product	file	name	openjpa	High
Product	jar	package name	apache	Highest
Product	jar	package name	openjpa	Highest
Product	jar	package name	persistence	Highest
Product	Manifest	automatic-module-name	org.apache.openjpa	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	http://openjpa.apache.org/openjpa	Low
Product	Manifest	Bundle-Name	OpenJPA Aggregate Jar	Medium
Product	Manifest	bundle-symbolicname	org.apache.openjpa	Medium
Product	Manifest	can-redefine-classes	true	Low
Product	Manifest	can-retransform-classes	true	Low
Product	Manifest	Implementation-Title	OpenJPA Aggregate Jar	High
Product	Manifest	specification-title	Jakarta Persistence	Medium
Product	pom	artifactid	openjpa	Highest
Product	pom	groupid	org.apache.openjpa	Highest
Product	pom	name	OpenJPA Aggregate Jar	High
Product	pom	parent-artifactid	openjpa-parent	Medium
Version	file	version	4.1.1	High
Version	Manifest	Bundle-Version	4.1.1	High
Version	Manifest	Implementation-Version	4.1.1	High
Version	pom	version	4.1.1	Highest

Identifiers

pkg:maven/org.apache.openjpa/openjpa@4.1.1 (Confidence:High)
cpe:2.3:a:apache:openjpa:4.1.1:*:*:*:*:*:*:* (Confidence:Highest)

org.bedework.database:bw-db:6.1.0-SNAPSHOT

Description:

This project provides a number of database utility classes and methods

License:

Apache License Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/work/bw-database/bw-database/bw-db/pom.xml

Referenced In Projects/Scopes:

Bedework: database hibernate modules
Bedework: jpa utility
Bedework: openjpa utility

pkg:maven/org.bedework.database/bw-hibernate@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-openjpa@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-jpa@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	pom	High
Vendor	project	artifactid	bw-db	Low
Vendor	project	groupid	org.bedework.database	Highest
Product	file	name	pom	High
Product	project	artifactid	bw-db	Highest
Product	project	groupid	org.bedework.database	Low

Identifiers

pkg:maven/org.bedework.database/bw-db@6.1.0-SNAPSHOT (Confidence:Highest)

org.bedework.database:bw-jpa:6.1.0-SNAPSHOT

Description:

jpa utility classes

License:

Apache License Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/work/bw-database/bw-database/bw-jpa/pom.xml

Referenced In Projects/Scopes:

Bedework: database hibernate modules
Bedework: openjpa utility

pkg:maven/org.bedework.database/bw-openjpa@6.1.0-SNAPSHOT
pkg:maven/org.bedework.database/bw-hibernate@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	pom	High
Vendor	project	artifactid	bw-jpa	Low
Vendor	project	groupid	org.bedework.database	Highest
Product	file	name	pom	High
Product	project	artifactid	bw-jpa	Highest
Product	project	groupid	org.bedework.database	Low

Identifiers

pkg:maven/org.bedework.database/bw-jpa@6.1.0-SNAPSHOT (Confidence:Highest)

xbean-asm9-shaded-4.20.jar

Description:

Repackaged and shaded asm jars

License:

http://asm.ow2.org/license.html
http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/apache/xbean/xbean-asm9-shaded/4.20/xbean-asm9-shaded-4.20.jar
MD5: e5e46dfa7753743138e247e5796647a5
SHA1: 17f4dc86c438d1f4775eda3cf656f0040ea451e7
SHA256:2af1dd4d9e801aa65f960a1dc43376bcd408da4e244600aa6da18bcf8b904190
Referenced In Project/Scope: Bedework: openjpa utility:compile
pkg:maven/org.apache.openjpa/openjpa@4.1.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	xbean-asm9-shaded	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	asm9	Highest
Vendor	jar	package name	xbean	Highest
Vendor	Manifest	automatic-module-name	org.apache.xbean.asm9.shaded	Medium
Vendor	Manifest	bundle-docurl	http://geronimo.apache.org/maven/xbean/4.20/xbean-asm9-shaded	Low
Vendor	Manifest	bundle-symbolicname	org.apache.xbean.asm9-shaded	Medium
Vendor	pom	artifactid	xbean-asm9-shaded	Highest
Vendor	pom	artifactid	xbean-asm9-shaded	Low
Vendor	pom	groupid	org.apache.xbean	Highest
Vendor	pom	name	Apache XBean :: ASM shaded (repackaged)	High
Vendor	pom	parent-artifactid	xbean	Low
Product	file	name	xbean-asm9-shaded	High
Product	jar	package name	apache	Highest
Product	jar	package name	asm9	Highest
Product	jar	package name	xbean	Highest
Product	Manifest	automatic-module-name	org.apache.xbean.asm9.shaded	Medium
Product	Manifest	bundle-docurl	http://geronimo.apache.org/maven/xbean/4.20/xbean-asm9-shaded	Low
Product	Manifest	Bundle-Name	Apache XBean :: ASM shaded (repackaged)	Medium
Product	Manifest	bundle-symbolicname	org.apache.xbean.asm9-shaded	Medium
Product	Manifest	Implementation-Title	Apache XBean :: ASM shaded (repackaged)	High
Product	pom	artifactid	xbean-asm9-shaded	Highest
Product	pom	groupid	org.apache.xbean	Highest
Product	pom	name	Apache XBean :: ASM shaded (repackaged)	High
Product	pom	parent-artifactid	xbean	Medium
Version	file	version	4.20	High
Version	Manifest	Implementation-Version	4.20	High
Version	pom	version	4.20	Highest

Identifiers

pkg:maven/org.apache.xbean/xbean-asm9-shaded@4.20 (Confidence:High)

How to read the report | Suppressing false positives | Getting Help: github issues Sponsor

Project: Bedework: database specific modules

org.bedework.database:bw-database:6.1.0-SNAPSHOT

Summary

Dependencies (vulnerable)

bw-base-2.0.0.jar

Evidence

Identifiers

bw-util-config-6.0.0.jar

Evidence

Identifiers

bw-util-jmx-6.0.0.jar

Evidence

Identifiers

bw-util-logging-6.0.0.jar

Evidence

Identifiers

bw-util-misc-6.0.0.jar

Evidence

Identifiers

bw-util-xml-6.0.0.jar

Evidence

Identifiers

commons-lang3-3.17.0.jar

Evidence

Identifiers

Published Vulnerabilities

commons-pool2-2.9.0.jar

Evidence

Identifiers

commons-text-1.13.0.jar

Evidence

Identifiers

jackson-annotations-2.18.2.jar

Evidence

Identifiers

jakarta.annotation-api-3.0.0.jar

Evidence

Identifiers

jakarta.jms-api-3.1.0.jar

Evidence

Identifiers

jakarta.persistence-api-3.1.0.jar

Evidence

Identifiers

jakarta.transaction-api-2.0.1.jar

Evidence

Identifiers

openjpa-4.1.1.jar (shaded: org.apache.openjpa:openjpa-kernel:4.1.1)

Evidence

Related Dependencies

Identifiers

openjpa-4.1.1.jar

Evidence

Identifiers

org.bedework.database:bw-db:6.1.0-SNAPSHOT

Evidence

Identifiers

org.bedework.database:bw-jpa:6.1.0-SNAPSHOT

Evidence

Identifiers

xbean-asm9-shaded-4.20.jar

Evidence

Identifiers

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor