Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 12.1.3
Report Generated On: Mon, 4 Aug 2025 03:45:39 GMT
Dependencies Scanned: 18 (17 unique)
Vulnerable Dependencies: 1
Vulnerabilities Found: 1
Vulnerabilities Suppressed: 0
...
NVD API Last Checked: 2025-08-04T03:45:26Z
NVD API Last Modified: 2025-08-04T02:15:27Z

Summary

Summary of Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Highest Severity	CVE Count	Confidence	Evidence Count
bw-access-6.0.0.jar		pkg:maven/org.bedework/bw-access@6.0.0		0		42
bw-base-2.0.0.jar		pkg:maven/org.bedework/bw-base@2.0.0		0		42
bw-util-caching-6.0.0.jar		pkg:maven/org.bedework/bw-util-caching@6.0.0		0		44
bw-util-config-6.0.0.jar		pkg:maven/org.bedework/bw-util-config@6.0.0		0		44
bw-util-jmx-6.0.0.jar		pkg:maven/org.bedework/bw-util-jmx@6.0.0		0		44
bw-util-logging-6.0.0.jar		pkg:maven/org.bedework/bw-util-logging@6.0.0		0		44
bw-util-misc-6.0.0.jar	cpe:2.3:a:utils_project:utils:6.0.0:::::::*	pkg:maven/org.bedework/bw-util-misc@6.0.0		0	Low	44
bw-util-servlet-6.0.0.jar		pkg:maven/org.bedework/bw-util-servlet@6.0.0		0		44
bw-util-xml-6.0.0.jar		pkg:maven/org.bedework/bw-util-xml@6.0.0		0		44
commons-lang3-3.17.0.jar	cpe:2.3:a:apache:commons_lang:3.17.0:::::::*	pkg:maven/org.apache.commons/commons-lang3@3.17.0	MEDIUM	1	Highest	145
commons-text-1.13.0.jar	cpe:2.3:a:apache:commons_text:1.13.0:::::::*	pkg:maven/org.apache.commons/commons-text@1.13.0		0	Highest	73
jackson-core-2.18.2.jar	cpe:2.3:a:fasterxml:jackson-modules-java8:2.18.2:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-core@2.18.2		0	Low	47
jackson-databind-2.18.2.jar	cpe:2.3:a:fasterxml:jackson-databind:2.18.2:::::::* cpe:2.3:a:fasterxml:jackson-modules-java8:2.18.2:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.2		0	Highest	41
jakarta.activation-api-2.1.3.jar		pkg:maven/jakarta.activation/jakarta.activation-api@2.1.3		0		45
jakarta.xml.bind-api-4.0.2.jar		pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.2		0		31
jakarta.xml.soap-api-3.0.2.jar		pkg:maven/jakarta.xml.soap/jakarta.xml.soap-api@3.0.2		0		42
jakarta.xml.ws-api-4.0.2.jar	cpe:2.3:a:web_project:web:4.0.2:::::::*	pkg:maven/jakarta.xml.ws/jakarta.xml.ws-api@4.0.2		0	Low	59

Dependencies (vulnerable)

bw-access-6.0.0.jar

Description:

This project provides access control as defined by WebDAV and CalDAV

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/bedework/bw-access/6.0.0/bw-access-6.0.0.jar
MD5: 497dcebda26b38054945121c243e4b8f
SHA1: 5689f702c91eddb5b6fe62255775d283212f1821
SHA256:1f99c757955d4b585a2acd3193ef54212ff5b2cec0459f7b8ec43a15e3adddc8
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/org.bedework/bw-webdav@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bw-access	High
Vendor	jar	package name	access	Highest
Vendor	jar	package name	bedework	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	implementation-url	https://github.com/Bedework/bw-access	Low
Vendor	Manifest	Implementation-Vendor	Bedework	High
Vendor	Manifest	os-arch	x86_64	Low
Vendor	Manifest	os-name	Mac OS X	Medium
Vendor	Manifest	specification-vendor	Bedework	Low
Vendor	pom	artifactid	bw-access	Highest
Vendor	pom	artifactid	bw-access	Low
Vendor	pom	developer name	Arlen Johnson	Medium
Vendor	pom	developer name	Mike Douglass	Medium
Vendor	pom	developer org	Bedework Commercial Services	Medium
Vendor	pom	developer org	Spherical Cow Group	Medium
Vendor	pom	developer org URL	http://sphericalcowgroup.com/	Medium
Vendor	pom	developer org URL	https://bedework.com/	Medium
Vendor	pom	groupid	org.bedework	Highest
Vendor	pom	name	Bedework: DAV access control support	High
Vendor	pom	url	Bedework/bw-access	Highest
Product	file	name	bw-access	High
Product	jar	package name	access	Highest
Product	jar	package name	bedework	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Bedework: DAV access control support	High
Product	Manifest	implementation-url	https://github.com/Bedework/bw-access	Low
Product	Manifest	os-arch	x86_64	Low
Product	Manifest	os-name	Mac OS X	Medium
Product	Manifest	specification-title	Bedework: DAV access control support	Medium
Product	pom	artifactid	bw-access	Highest
Product	pom	developer name	Arlen Johnson	Low
Product	pom	developer name	Mike Douglass	Low
Product	pom	developer org	Bedework Commercial Services	Low
Product	pom	developer org	Spherical Cow Group	Low
Product	pom	developer org URL	http://sphericalcowgroup.com/	Low
Product	pom	developer org URL	https://bedework.com/	Low
Product	pom	groupid	org.bedework	Highest
Product	pom	name	Bedework: DAV access control support	High
Product	pom	url	Bedework/bw-access	High
Version	file	version	6.0.0	High
Version	Manifest	Implementation-Version	6.0.0	High
Version	pom	version	6.0.0	Highest

Identifiers

pkg:maven/org.bedework/bw-access@6.0.0 (Confidence:High)

bw-base-2.0.0.jar

Description:

This project provides base classes, types and methods

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/bedework/bw-base/2.0.0/bw-base-2.0.0.jar
MD5: 0480624145ad4fc5daeba898b7132099
SHA1: b24b7279e0475bb3c8c84e37af400ad87877c955
SHA256:10d27642e3bf1f2f4f85320293b5041b7e34cba02cc2656f29e79f75cee97cc5
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/org.bedework/bw-webdav@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bw-base	High
Vendor	jar	package name	base	Highest
Vendor	jar	package name	bedework	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	implementation-url	https://github.com/Bedework/bw-base	Low
Vendor	Manifest	Implementation-Vendor	Bedework	High
Vendor	Manifest	os-arch	x86_64	Low
Vendor	Manifest	os-name	Mac OS X	Medium
Vendor	Manifest	specification-vendor	Bedework	Low
Vendor	pom	artifactid	bw-base	Highest
Vendor	pom	artifactid	bw-base	Low
Vendor	pom	developer name	Arlen Johnson	Medium
Vendor	pom	developer name	Mike Douglass	Medium
Vendor	pom	developer org	Bedework Commercial Services	Medium
Vendor	pom	developer org	Spherical Cow Group	Medium
Vendor	pom	developer org URL	http://sphericalcowgroup.com/	Medium
Vendor	pom	developer org URL	https://bedework.com/	Medium
Vendor	pom	groupid	org.bedework	Highest
Vendor	pom	name	Bedework: base classes	High
Vendor	pom	url	Bedework/bw-base	Highest
Product	file	name	bw-base	High
Product	jar	package name	base	Highest
Product	jar	package name	bedework	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Bedework: base classes	High
Product	Manifest	implementation-url	https://github.com/Bedework/bw-base	Low
Product	Manifest	os-arch	x86_64	Low
Product	Manifest	os-name	Mac OS X	Medium
Product	Manifest	specification-title	Bedework: base classes	Medium
Product	pom	artifactid	bw-base	Highest
Product	pom	developer name	Arlen Johnson	Low
Product	pom	developer name	Mike Douglass	Low
Product	pom	developer org	Bedework Commercial Services	Low
Product	pom	developer org	Spherical Cow Group	Low
Product	pom	developer org URL	http://sphericalcowgroup.com/	Low
Product	pom	developer org URL	https://bedework.com/	Low
Product	pom	groupid	org.bedework	Highest
Product	pom	name	Bedework: base classes	High
Product	pom	url	Bedework/bw-base	High
Version	file	version	2.0.0	High
Version	Manifest	Implementation-Version	2.0.0	High
Version	pom	version	2.0.0	Highest

Identifiers

pkg:maven/org.bedework/bw-base@2.0.0 (Confidence:High)

bw-util-caching-6.0.0.jar

Description:

This project provides a number of utility classes and methods

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/bedework/bw-util-caching/6.0.0/bw-util-caching-6.0.0.jar
MD5: 44bc8428b5ae09dcd7b595cae4a97d8c
SHA1: b7dcd007403e6ab183abf3deeccf9965d9a45012
SHA256:2e13d843d2d80ec209937c153fc1995ad5ee47b51bd5b9565153c753ddb589f5
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/org.bedework/bw-access@6.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bw-util-caching	High
Vendor	jar	package name	bedework	Highest
Vendor	jar	package name	caching	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	implementation-url	https://github.com/Bedework/bw-util/bw-util-caching	Low
Vendor	Manifest	Implementation-Vendor	Bedework	High
Vendor	Manifest	os-arch	x86_64	Low
Vendor	Manifest	os-name	Mac OS X	Medium
Vendor	Manifest	specification-vendor	Bedework	Low
Vendor	pom	artifactid	bw-util-caching	Highest
Vendor	pom	artifactid	bw-util-caching	Low
Vendor	pom	developer name	Arlen Johnson	Medium
Vendor	pom	developer name	Mike Douglass	Medium
Vendor	pom	developer org	Bedework Commercial Services	Medium
Vendor	pom	developer org	Spherical Cow Group	Medium
Vendor	pom	developer org URL	http://sphericalcowgroup.com/	Medium
Vendor	pom	developer org URL	https://bedework.com/	Medium
Vendor	pom	groupid	org.bedework	Highest
Vendor	pom	name	Bedework: util to handle caching	High
Vendor	pom	url	Bedework/bw-util/bw-util-caching	Highest
Product	file	name	bw-util-caching	High
Product	jar	package name	bedework	Highest
Product	jar	package name	caching	Highest
Product	jar	package name	util	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Bedework: util to handle caching	High
Product	Manifest	implementation-url	https://github.com/Bedework/bw-util/bw-util-caching	Low
Product	Manifest	os-arch	x86_64	Low
Product	Manifest	os-name	Mac OS X	Medium
Product	Manifest	specification-title	Bedework: util to handle caching	Medium
Product	pom	artifactid	bw-util-caching	Highest
Product	pom	developer name	Arlen Johnson	Low
Product	pom	developer name	Mike Douglass	Low
Product	pom	developer org	Bedework Commercial Services	Low
Product	pom	developer org	Spherical Cow Group	Low
Product	pom	developer org URL	http://sphericalcowgroup.com/	Low
Product	pom	developer org URL	https://bedework.com/	Low
Product	pom	groupid	org.bedework	Highest
Product	pom	name	Bedework: util to handle caching	High
Product	pom	url	Bedework/bw-util/bw-util-caching	High
Version	file	version	6.0.0	High
Version	Manifest	Implementation-Version	6.0.0	High
Version	pom	version	6.0.0	Highest

Identifiers

pkg:maven/org.bedework/bw-util-caching@6.0.0 (Confidence:High)

bw-util-config-6.0.0.jar

Description:

This project provides a number of utility configuration classes and methods

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/bedework/bw-util-config/6.0.0/bw-util-config-6.0.0.jar
MD5: 974d4ee4953df439fc3753869cc469da
SHA1: c1f787f23f0c5028280a457d0709418ea332fe09
SHA256:97ee0ce50094f85f881d63fb423dfb7ae1973843ac6028f0488860394553aa60
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/org.bedework/bw-util-servlet@6.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bw-util-config	High
Vendor	jar	package name	bedework	Highest
Vendor	jar	package name	config	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	implementation-url	https://github.com/Bedework/bw-util-conf/bw-util-config	Low
Vendor	Manifest	Implementation-Vendor	Bedework	High
Vendor	Manifest	os-arch	x86_64	Low
Vendor	Manifest	os-name	Mac OS X	Medium
Vendor	Manifest	specification-vendor	Bedework	Low
Vendor	pom	artifactid	bw-util-config	Highest
Vendor	pom	artifactid	bw-util-config	Low
Vendor	pom	developer name	Arlen Johnson	Medium
Vendor	pom	developer name	Mike Douglass	Medium
Vendor	pom	developer org	Bedework Commercial Services	Medium
Vendor	pom	developer org	Spherical Cow Group	Medium
Vendor	pom	developer org URL	http://sphericalcowgroup.com/	Medium
Vendor	pom	developer org URL	https://bedework.com/	Medium
Vendor	pom	groupid	org.bedework	Highest
Vendor	pom	name	Bedework: base configuration classes	High
Vendor	pom	url	Bedework/bw-util-conf/bw-util-config	Highest
Product	file	name	bw-util-config	High
Product	jar	package name	bedework	Highest
Product	jar	package name	config	Highest
Product	jar	package name	util	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Bedework: base configuration classes	High
Product	Manifest	implementation-url	https://github.com/Bedework/bw-util-conf/bw-util-config	Low
Product	Manifest	os-arch	x86_64	Low
Product	Manifest	os-name	Mac OS X	Medium
Product	Manifest	specification-title	Bedework: base configuration classes	Medium
Product	pom	artifactid	bw-util-config	Highest
Product	pom	developer name	Arlen Johnson	Low
Product	pom	developer name	Mike Douglass	Low
Product	pom	developer org	Bedework Commercial Services	Low
Product	pom	developer org	Spherical Cow Group	Low
Product	pom	developer org URL	http://sphericalcowgroup.com/	Low
Product	pom	developer org URL	https://bedework.com/	Low
Product	pom	groupid	org.bedework	Highest
Product	pom	name	Bedework: base configuration classes	High
Product	pom	url	Bedework/bw-util-conf/bw-util-config	High
Version	file	version	6.0.0	High
Version	Manifest	Implementation-Version	6.0.0	High
Version	pom	version	6.0.0	Highest

Identifiers

pkg:maven/org.bedework/bw-util-config@6.0.0 (Confidence:High)

bw-util-jmx-6.0.0.jar

Description:

This project provides a number of utility configuration classes and methods

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/bedework/bw-util-jmx/6.0.0/bw-util-jmx-6.0.0.jar
MD5: e7ffae94c51d5c62aa657c7f321607b5
SHA1: cbfbb6e89fa5adac492adcc48866cfec62cc932d
SHA256:60b3d4ce24901fc1ab0b741be3413efaffb263f99f368062618478c67e7fd3b9
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/org.bedework/bw-util-servlet@6.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bw-util-jmx	High
Vendor	jar	package name	bedework	Highest
Vendor	jar	package name	jmx	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	implementation-url	https://github.com/Bedework/bw-util-conf/bw-util-jmx	Low
Vendor	Manifest	Implementation-Vendor	Bedework	High
Vendor	Manifest	os-arch	x86_64	Low
Vendor	Manifest	os-name	Mac OS X	Medium
Vendor	Manifest	specification-vendor	Bedework	Low
Vendor	pom	artifactid	bw-util-jmx	Highest
Vendor	pom	artifactid	bw-util-jmx	Low
Vendor	pom	developer name	Arlen Johnson	Medium
Vendor	pom	developer name	Mike Douglass	Medium
Vendor	pom	developer org	Bedework Commercial Services	Medium
Vendor	pom	developer org	Spherical Cow Group	Medium
Vendor	pom	developer org URL	http://sphericalcowgroup.com/	Medium
Vendor	pom	developer org URL	https://bedework.com/	Medium
Vendor	pom	groupid	org.bedework	Highest
Vendor	pom	name	Bedework: JMX config classes	High
Vendor	pom	url	Bedework/bw-util-conf/bw-util-jmx	Highest
Product	file	name	bw-util-jmx	High
Product	jar	package name	bedework	Highest
Product	jar	package name	jmx	Highest
Product	jar	package name	util	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Bedework: JMX config classes	High
Product	Manifest	implementation-url	https://github.com/Bedework/bw-util-conf/bw-util-jmx	Low
Product	Manifest	os-arch	x86_64	Low
Product	Manifest	os-name	Mac OS X	Medium
Product	Manifest	specification-title	Bedework: JMX config classes	Medium
Product	pom	artifactid	bw-util-jmx	Highest
Product	pom	developer name	Arlen Johnson	Low
Product	pom	developer name	Mike Douglass	Low
Product	pom	developer org	Bedework Commercial Services	Low
Product	pom	developer org	Spherical Cow Group	Low
Product	pom	developer org URL	http://sphericalcowgroup.com/	Low
Product	pom	developer org URL	https://bedework.com/	Low
Product	pom	groupid	org.bedework	Highest
Product	pom	name	Bedework: JMX config classes	High
Product	pom	url	Bedework/bw-util-conf/bw-util-jmx	High
Version	file	version	6.0.0	High
Version	Manifest	Implementation-Version	6.0.0	High
Version	pom	version	6.0.0	Highest

Identifiers

pkg:maven/org.bedework/bw-util-jmx@6.0.0 (Confidence:High)

bw-util-logging-6.0.0.jar

Description:

This project provides logging utility classes and methods

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/bedework/bw-util-logging/6.0.0/bw-util-logging-6.0.0.jar
MD5: 2c63b9031e2d0852a00e57753320b409
SHA1: a12c15e6670f1298c8c4779d08b24595e921aceb
SHA256:e26bbaf5a5dcad998990fdc647f448b2e2dcac6eb628be6945fe24d53759b745
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/org.bedework/bw-webdav@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bw-util-logging	High
Vendor	jar	package name	bedework	Highest
Vendor	jar	package name	logging	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	implementation-url	https://github.com/Bedework/bw-util-logging	Low
Vendor	Manifest	Implementation-Vendor	Bedework	High
Vendor	Manifest	os-arch	x86_64	Low
Vendor	Manifest	os-name	Mac OS X	Medium
Vendor	Manifest	specification-vendor	Bedework	Low
Vendor	pom	artifactid	bw-util-logging	Highest
Vendor	pom	artifactid	bw-util-logging	Low
Vendor	pom	developer name	Arlen Johnson	Medium
Vendor	pom	developer name	Mike Douglass	Medium
Vendor	pom	developer org	Bedework Commercial Services	Medium
Vendor	pom	developer org	Spherical Cow Group	Medium
Vendor	pom	developer org URL	http://sphericalcowgroup.com/	Medium
Vendor	pom	developer org URL	https://bedework.com/	Medium
Vendor	pom	groupid	org.bedework	Highest
Vendor	pom	name	Bedework: logging classes	High
Vendor	pom	url	Bedework/bw-util-logging	Highest
Product	file	name	bw-util-logging	High
Product	jar	package name	bedework	Highest
Product	jar	package name	logging	Highest
Product	jar	package name	util	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Bedework: logging classes	High
Product	Manifest	implementation-url	https://github.com/Bedework/bw-util-logging	Low
Product	Manifest	os-arch	x86_64	Low
Product	Manifest	os-name	Mac OS X	Medium
Product	Manifest	specification-title	Bedework: logging classes	Medium
Product	pom	artifactid	bw-util-logging	Highest
Product	pom	developer name	Arlen Johnson	Low
Product	pom	developer name	Mike Douglass	Low
Product	pom	developer org	Bedework Commercial Services	Low
Product	pom	developer org	Spherical Cow Group	Low
Product	pom	developer org URL	http://sphericalcowgroup.com/	Low
Product	pom	developer org URL	https://bedework.com/	Low
Product	pom	groupid	org.bedework	Highest
Product	pom	name	Bedework: logging classes	High
Product	pom	url	Bedework/bw-util-logging	High
Version	file	version	6.0.0	High
Version	Manifest	Implementation-Version	6.0.0	High
Version	pom	version	6.0.0	Highest

Identifiers

pkg:maven/org.bedework/bw-util-logging@6.0.0 (Confidence:High)

bw-util-misc-6.0.0.jar

Description:

This project provides a number of utility classes and methods

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/bedework/bw-util-misc/6.0.0/bw-util-misc-6.0.0.jar
MD5: a54be794abde392b2c1f7fb2935ad372
SHA1: ca14c1131c38ac51caa478cb4ea5df738fc6f106
SHA256:a2243c42722fcaa848e6f0fca44634c0c5685e57bb0c2a2d2f394bf9543bd5ae
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/org.bedework/bw-webdav@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bw-util-misc	High
Vendor	jar	package name	bedework	Highest
Vendor	jar	package name	misc	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	implementation-url	https://github.com/Bedework/bw-util/bw-util-misc	Low
Vendor	Manifest	Implementation-Vendor	Bedework	High
Vendor	Manifest	os-arch	x86_64	Low
Vendor	Manifest	os-name	Mac OS X	Medium
Vendor	Manifest	specification-vendor	Bedework	Low
Vendor	pom	artifactid	bw-util-misc	Highest
Vendor	pom	artifactid	bw-util-misc	Low
Vendor	pom	developer name	Arlen Johnson	Medium
Vendor	pom	developer name	Mike Douglass	Medium
Vendor	pom	developer org	Bedework Commercial Services	Medium
Vendor	pom	developer org	Spherical Cow Group	Medium
Vendor	pom	developer org URL	http://sphericalcowgroup.com/	Medium
Vendor	pom	developer org URL	https://bedework.com/	Medium
Vendor	pom	groupid	org.bedework	Highest
Vendor	pom	name	Bedework: misc utils	High
Vendor	pom	url	Bedework/bw-util/bw-util-misc	Highest
Product	file	name	bw-util-misc	High
Product	jar	package name	bedework	Highest
Product	jar	package name	misc	Highest
Product	jar	package name	util	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Bedework: misc utils	High
Product	Manifest	implementation-url	https://github.com/Bedework/bw-util/bw-util-misc	Low
Product	Manifest	os-arch	x86_64	Low
Product	Manifest	os-name	Mac OS X	Medium
Product	Manifest	specification-title	Bedework: misc utils	Medium
Product	pom	artifactid	bw-util-misc	Highest
Product	pom	developer name	Arlen Johnson	Low
Product	pom	developer name	Mike Douglass	Low
Product	pom	developer org	Bedework Commercial Services	Low
Product	pom	developer org	Spherical Cow Group	Low
Product	pom	developer org URL	http://sphericalcowgroup.com/	Low
Product	pom	developer org URL	https://bedework.com/	Low
Product	pom	groupid	org.bedework	Highest
Product	pom	name	Bedework: misc utils	High
Product	pom	url	Bedework/bw-util/bw-util-misc	High
Version	file	version	6.0.0	High
Version	Manifest	Implementation-Version	6.0.0	High
Version	pom	version	6.0.0	Highest

Identifiers

pkg:maven/org.bedework/bw-util-misc@6.0.0 (Confidence:High)
cpe:2.3:a:utils_project:utils:6.0.0:*:*:*:*:*:*:* (Confidence:Low)

bw-util-servlet-6.0.0.jar

Description:

Network (http, DAV,servlet etc) related utilities

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/bedework/bw-util-servlet/6.0.0/bw-util-servlet-6.0.0.jar
MD5: e5a0f2c1dd1773dc9b7947d5e3511b2a
SHA1: 73ea43b83be937e3bdb6612420bd2ff7c6382d57
SHA256:aa4ebbe3ffbbdc8ce2be7fd5bd130c47e607a3000bec2f496f9d2bd30cc7b874
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/org.bedework/bw-webdav@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bw-util-servlet	High
Vendor	jar	package name	bedework	Highest
Vendor	jar	package name	servlet	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	implementation-url	https://github.com/Bedework/bw-util-network/bw-util-servlet	Low
Vendor	Manifest	Implementation-Vendor	Bedework	High
Vendor	Manifest	os-arch	x86_64	Low
Vendor	Manifest	os-name	Mac OS X	Medium
Vendor	Manifest	specification-vendor	Bedework	Low
Vendor	pom	artifactid	bw-util-servlet	Highest
Vendor	pom	artifactid	bw-util-servlet	Low
Vendor	pom	developer name	Arlen Johnson	Medium
Vendor	pom	developer name	Mike Douglass	Medium
Vendor	pom	developer org	Bedework Commercial Services	Medium
Vendor	pom	developer org	Spherical Cow Group	Medium
Vendor	pom	developer org URL	http://sphericalcowgroup.com/	Medium
Vendor	pom	developer org URL	https://bedework.com/	Medium
Vendor	pom	groupid	org.bedework	Highest
Vendor	pom	name	Bedework: network util - servlet support	High
Vendor	pom	url	Bedework/bw-util-network/bw-util-servlet	Highest
Product	file	name	bw-util-servlet	High
Product	jar	package name	bedework	Highest
Product	jar	package name	servlet	Highest
Product	jar	package name	util	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Bedework: network util - servlet support	High
Product	Manifest	implementation-url	https://github.com/Bedework/bw-util-network/bw-util-servlet	Low
Product	Manifest	os-arch	x86_64	Low
Product	Manifest	os-name	Mac OS X	Medium
Product	Manifest	specification-title	Bedework: network util - servlet support	Medium
Product	pom	artifactid	bw-util-servlet	Highest
Product	pom	developer name	Arlen Johnson	Low
Product	pom	developer name	Mike Douglass	Low
Product	pom	developer org	Bedework Commercial Services	Low
Product	pom	developer org	Spherical Cow Group	Low
Product	pom	developer org URL	http://sphericalcowgroup.com/	Low
Product	pom	developer org URL	https://bedework.com/	Low
Product	pom	groupid	org.bedework	Highest
Product	pom	name	Bedework: network util - servlet support	High
Product	pom	url	Bedework/bw-util-network/bw-util-servlet	High
Version	file	version	6.0.0	High
Version	Manifest	Implementation-Version	6.0.0	High
Version	pom	version	6.0.0	Highest

Identifiers

pkg:maven/org.bedework/bw-util-servlet@6.0.0 (Confidence:High)

bw-util-xml-6.0.0.jar

Description:

This project provides a number of utility classes and methods

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/bedework/bw-util-xml/6.0.0/bw-util-xml-6.0.0.jar
MD5: 9511e1c44083306be4587dcacaea03a0
SHA1: a5486ab6b6da48523d7fc224662a3ddbbb26b090
SHA256:cd96fdeb127ccdf57f7ce99c63b27933b407b7b64cc4f723b79342c47908658a
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/org.bedework/bw-webdav@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bw-util-xml	High
Vendor	jar	package name	bedework	Highest
Vendor	jar	package name	util	Highest
Vendor	jar	package name	xml	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	implementation-url	https://github.com/Bedework/bw-util/bw-util-xml	Low
Vendor	Manifest	Implementation-Vendor	Bedework	High
Vendor	Manifest	os-arch	x86_64	Low
Vendor	Manifest	os-name	Mac OS X	Medium
Vendor	Manifest	specification-vendor	Bedework	Low
Vendor	pom	artifactid	bw-util-xml	Highest
Vendor	pom	artifactid	bw-util-xml	Low
Vendor	pom	developer name	Arlen Johnson	Medium
Vendor	pom	developer name	Mike Douglass	Medium
Vendor	pom	developer org	Bedework Commercial Services	Medium
Vendor	pom	developer org	Spherical Cow Group	Medium
Vendor	pom	developer org URL	http://sphericalcowgroup.com/	Medium
Vendor	pom	developer org URL	https://bedework.com/	Medium
Vendor	pom	groupid	org.bedework	Highest
Vendor	pom	name	Bedework: util to handle xml	High
Vendor	pom	url	Bedework/bw-util/bw-util-xml	Highest
Product	file	name	bw-util-xml	High
Product	jar	package name	bedework	Highest
Product	jar	package name	util	Highest
Product	jar	package name	xml	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Bedework: util to handle xml	High
Product	Manifest	implementation-url	https://github.com/Bedework/bw-util/bw-util-xml	Low
Product	Manifest	os-arch	x86_64	Low
Product	Manifest	os-name	Mac OS X	Medium
Product	Manifest	specification-title	Bedework: util to handle xml	Medium
Product	pom	artifactid	bw-util-xml	Highest
Product	pom	developer name	Arlen Johnson	Low
Product	pom	developer name	Mike Douglass	Low
Product	pom	developer org	Bedework Commercial Services	Low
Product	pom	developer org	Spherical Cow Group	Low
Product	pom	developer org URL	http://sphericalcowgroup.com/	Low
Product	pom	developer org URL	https://bedework.com/	Low
Product	pom	groupid	org.bedework	Highest
Product	pom	name	Bedework: util to handle xml	High
Product	pom	url	Bedework/bw-util/bw-util-xml	High
Version	file	version	6.0.0	High
Version	Manifest	Implementation-Version	6.0.0	High
Version	pom	version	6.0.0	Highest

Identifiers

pkg:maven/org.bedework/bw-util-xml@6.0.0 (Confidence:High)

commons-lang3-3.17.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

  The code is tested using the latest revision of the JDK for supported
  LTS releases: 8, 11, 17 and 21 currently.
  See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
  
  Please ensure your build environment is up-to-date and kindly report any build issues.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.17.0/commons-lang3-3.17.0.jar
MD5: 7730df72b7fdff4a3a32d89a314f826a
SHA1: b17d2136f0460dcc0d2016ceefca8723bdf4ee70
SHA256:6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/org.bedework/bw-util-misc@6.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-lang3	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	lang3	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.lang3	Medium
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-lang/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-lang3	Highest
Vendor	pom	artifactid	commons-lang3	Low
Vendor	pom	developer email	bayard@apache.org	Low
Vendor	pom	developer email	britter@apache.org	Low
Vendor	pom	developer email	chtompki@apache.org	Low
Vendor	pom	developer email	djones@apache.org	Low
Vendor	pom	developer email	dlr@finemaltcoding.com	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	jcarman@apache.org	Low
Vendor	pom	developer email	joerg.schaible@gmx.de	Low
Vendor	pom	developer email	lguibert@apache.org	Low
Vendor	pom	developer email	oheger@apache.org	Low
Vendor	pom	developer email	pbenedict@apache.org	Low
Vendor	pom	developer email	rdonkin@apache.org	Low
Vendor	pom	developer email	scolebourne@joda.org	Low
Vendor	pom	developer email	stevencaswell@apache.org	Low
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	britter	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	djones	Medium
Vendor	pom	developer id	dlr	Medium
Vendor	pom	developer id	fredrik	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jcarman	Medium
Vendor	pom	developer id	joehni	Medium
Vendor	pom	developer id	lguibert	Medium
Vendor	pom	developer id	mbenson	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer id	oheger	Medium
Vendor	pom	developer id	pbenedict	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	scaswell	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer name	Benedikt Ritter	Medium
Vendor	pom	developer name	Daniel Rall	Medium
Vendor	pom	developer name	Duncan Jones	Medium
Vendor	pom	developer name	Fredrik Westermarck	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	James Carman	Medium
Vendor	pom	developer name	Joerg Schaible	Medium
Vendor	pom	developer name	Loic Guibert	Medium
Vendor	pom	developer name	Matt Benson	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Oliver Heger	Medium
Vendor	pom	developer name	Paul Benedict	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	developer name	Steven Caswell	Medium
Vendor	pom	developer org	Carman Consulting, Inc.	Medium
Vendor	pom	developer org	CollabNet, Inc.	Medium
Vendor	pom	developer org	SITA ATS Ltd	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	name	Apache Commons Lang	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	url	https://commons.apache.org/proper/commons-lang/	Highest
Product	file	name	commons-lang3	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	lang3	Highest
Product	Manifest	automatic-module-name	org.apache.commons.lang3	Medium
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-lang/	Low
Product	Manifest	Bundle-Name	Apache Commons Lang	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Product	Manifest	Implementation-Title	Apache Commons Lang	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Apache Commons Lang	Medium
Product	pom	artifactid	commons-lang3	Highest
Product	pom	developer email	bayard@apache.org	Low
Product	pom	developer email	britter@apache.org	Low
Product	pom	developer email	chtompki@apache.org	Low
Product	pom	developer email	djones@apache.org	Low
Product	pom	developer email	dlr@finemaltcoding.com	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	jcarman@apache.org	Low
Product	pom	developer email	joerg.schaible@gmx.de	Low
Product	pom	developer email	lguibert@apache.org	Low
Product	pom	developer email	oheger@apache.org	Low
Product	pom	developer email	pbenedict@apache.org	Low
Product	pom	developer email	rdonkin@apache.org	Low
Product	pom	developer email	scolebourne@joda.org	Low
Product	pom	developer email	stevencaswell@apache.org	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	britter	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	djones	Low
Product	pom	developer id	dlr	Low
Product	pom	developer id	fredrik	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jcarman	Low
Product	pom	developer id	joehni	Low
Product	pom	developer id	lguibert	Low
Product	pom	developer id	mbenson	Low
Product	pom	developer id	niallp	Low
Product	pom	developer id	oheger	Low
Product	pom	developer id	pbenedict	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	scaswell	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer name	Benedikt Ritter	Low
Product	pom	developer name	Daniel Rall	Low
Product	pom	developer name	Duncan Jones	Low
Product	pom	developer name	Fredrik Westermarck	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	James Carman	Low
Product	pom	developer name	Joerg Schaible	Low
Product	pom	developer name	Loic Guibert	Low
Product	pom	developer name	Matt Benson	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Oliver Heger	Low
Product	pom	developer name	Paul Benedict	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	developer name	Steven Caswell	Low
Product	pom	developer org	Carman Consulting, Inc.	Low
Product	pom	developer org	CollabNet, Inc.	Low
Product	pom	developer org	SITA ATS Ltd	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	org.apache.commons	Highest
Product	pom	name	Apache Commons Lang	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	url	https://commons.apache.org/proper/commons-lang/	Medium
Version	file	version	3.17.0	High
Version	Manifest	Bundle-Version	3.17.0	High
Version	Manifest	Implementation-Version	3.17.0	High
Version	pom	parent-version	3.17.0	Low
Version	pom	version	3.17.0	Highest

Identifiers

pkg:maven/org.apache.commons/commons-lang3@3.17.0 (Confidence:High)
cpe:2.3:a:apache:commons_lang:3.17.0:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2025-48924

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a 
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

CWE-674 Uncontrolled Recursion

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

References:

OSSINDEX - [CVE-2025-48924] CWE-674: Uncontrolled Recursion
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-48924
OSSIndex - https://github.com/advisories/GHSA-j288-q9x7-2f5v
security@apache.org - MAILING_LIST,VENDOR_ADVISORY

Vulnerable Software & Versions: (show all)

commons-text-1.13.0.jar

Description:

Apache Commons Text is a set of utility functions and reusable components for the purpose of processing
    and manipulating text that should be of use in a Java environment.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/apache/commons/commons-text/1.13.0/commons-text-1.13.0.jar
MD5: 4b4766452c04316e3ef6ffe3490d6b10
SHA1: ba2ed5521c491cabf7ecdb57f77922561c2e8958
SHA256:1e323a501127df78ed0987f345d69d65d0ea7fa3d4fb5b3f84aaeba3a8b20f38
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/org.bedework/bw-util-misc@6.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-text	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	text	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.text	Medium
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-text	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.text	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-text	Highest
Vendor	pom	artifactid	commons-text	Low
Vendor	pom	developer email	britter@apache.org	Low
Vendor	pom	developer email	chtompki@apache.org	Low
Vendor	pom	developer email	djones@apache.org	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	kinow@apache.org	Low
Vendor	pom	developer id	britter	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	djones	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	kinow	Medium
Vendor	pom	developer name	Benedikt Ritter	Medium
Vendor	pom	developer name	Bruno P. Kinoshita	Medium
Vendor	pom	developer name	Duncan Jones	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	name	Apache Commons Text	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	url	https://commons.apache.org/proper/commons-text	Highest
Product	file	name	commons-text	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	text	Highest
Product	Manifest	automatic-module-name	org.apache.commons.text	Medium
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-text	Low
Product	Manifest	Bundle-Name	Apache Commons Text	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.text	Medium
Product	Manifest	Implementation-Title	Apache Commons Text	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Apache Commons Text	Medium
Product	pom	artifactid	commons-text	Highest
Product	pom	developer email	britter@apache.org	Low
Product	pom	developer email	chtompki@apache.org	Low
Product	pom	developer email	djones@apache.org	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	kinow@apache.org	Low
Product	pom	developer id	britter	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	djones	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	kinow	Low
Product	pom	developer name	Benedikt Ritter	Low
Product	pom	developer name	Bruno P. Kinoshita	Low
Product	pom	developer name	Duncan Jones	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	org.apache.commons	Highest
Product	pom	name	Apache Commons Text	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	url	https://commons.apache.org/proper/commons-text	Medium
Version	file	version	1.13.0	High
Version	Manifest	Bundle-Version	1.13.0	High
Version	Manifest	Implementation-Version	1.13.0	High
Version	pom	parent-version	1.13.0	Low
Version	pom	version	1.13.0	Highest

Identifiers

pkg:maven/org.apache.commons/commons-text@1.13.0 (Confidence:High)
cpe:2.3:a:apache:commons_text:1.13.0:*:*:*:*:*:*:* (Confidence:Highest)

jackson-core-2.18.2.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.18.2/jackson-core-2.18.2.jar
MD5: bf935e6eca3a57defa13918661905cb0
SHA1: fb64ccac5c27dca8819418eb4e443a9f496d9ee7
SHA256:d8054ae7c0d1c2d2f55d28e46026ebe5892881f3fab5f439233184381c3b4a1f
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/org.bedework/bw-util-servlet@6.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-core	High
Vendor	jar	package name	base	Highest
Vendor	jar	package name	com	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	jar	package name	json	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-core	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-core	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-core	Highest
Vendor	pom	artifactid	jackson-core	Low
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	name	Jackson-core	High
Vendor	pom	parent-artifactid	jackson-base	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	url	FasterXML/jackson-core	Highest
Product	file	name	jackson-core	High
Product	hint analyzer	product	java8	Highest
Product	hint analyzer	product	modules	Highest
Product	jar	package name	base	Highest
Product	jar	package name	com	Highest
Product	jar	package name	core	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	jar	package name	json	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-core	Low
Product	Manifest	Bundle-Name	Jackson-core	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-core	Medium
Product	Manifest	Implementation-Title	Jackson-core	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Jackson-core	Medium
Product	pom	artifactid	jackson-core	Highest
Product	pom	groupid	com.fasterxml.jackson.core	Highest
Product	pom	name	Jackson-core	High
Product	pom	parent-artifactid	jackson-base	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	url	FasterXML/jackson-core	High
Version	file	version	2.18.2	High
Version	Manifest	Bundle-Version	2.18.2	High
Version	Manifest	Implementation-Version	2.18.2	High
Version	pom	version	2.18.2	Highest

Related Dependencies

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-core@2.18.2 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.18.2:*:*:*:*:*:*:* (Confidence:Low)

jackson-databind-2.18.2.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.18.2/jackson-databind-2.18.2.jar
MD5: 1b56887bcd3eaea1ff710eb673e610b0
SHA1: deef8697b92141fb6caf7aa86966cff4eec9b04f
SHA256:4b364e6850dc89172fcf1d4dd26b8ff5488eda44ff4657e22dd265203dd5ab3c
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/org.bedework/bw-util-servlet@6.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-databind	High
Vendor	jar	package name	databind	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-databind	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-databind	Highest
Vendor	pom	artifactid	jackson-databind	Low
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	name	jackson-databind	High
Vendor	pom	parent-artifactid	jackson-base	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	url	FasterXML/jackson	Highest
Product	file	name	jackson-databind	High
Product	hint analyzer	product	java8	Highest
Product	hint analyzer	product	modules	Highest
Product	jar	package name	databind	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Product	Manifest	Bundle-Name	jackson-databind	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-databind	Medium
Product	Manifest	Implementation-Title	jackson-databind	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	jackson-databind	Medium
Product	pom	artifactid	jackson-databind	Highest
Product	pom	groupid	com.fasterxml.jackson.core	Highest
Product	pom	name	jackson-databind	High
Product	pom	parent-artifactid	jackson-base	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	url	FasterXML/jackson	High
Version	file	version	2.18.2	High
Version	Manifest	Bundle-Version	2.18.2	High
Version	Manifest	Implementation-Version	2.18.2	High
Version	pom	version	2.18.2	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.2 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-databind:2.18.2:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.18.2:*:*:*:*:*:*:* (Confidence:Low)

jakarta.activation-api-2.1.3.jar

Description:

  Specification

License:

EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/runner/.m2/repository/jakarta/activation/jakarta.activation-api/2.1.3/jakarta.activation-api-2.1.3.jar
MD5: 76e7b680375ea9f40f3ddbd702efcd25
SHA1: fa165bd70cda600368eee31555222776a46b881f
SHA256:01b176d718a169263e78290691fc479977186bcc6b333487325084d6586f4627
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/jakarta.xml.ws/jakarta.xml.ws-api@4.0.2

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.activation-api	High
Vendor	jar	package name	activation	Highest
Vendor	jar	package name	jakarta	Highest
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.activation-api	Medium
Vendor	Manifest	extension-name	jakarta.activation	Medium
Vendor	Manifest	implementation-build-id	7f7d358	Low
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.activation-api	Highest
Vendor	pom	artifactid	jakarta.activation-api	Low
Vendor	pom	developer email	bill.shannon@oracle.com	Low
Vendor	pom	developer id	shannon	Medium
Vendor	pom	developer name	Bill Shannon	Medium
Vendor	pom	developer org	Oracle	Medium
Vendor	pom	groupid	jakarta.activation	Highest
Vendor	pom	name	Jakarta Activation API	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	jakartaee/jaf-api	Highest
Vendor	pom (hint)	developer org	sun	Medium
Product	file	name	jakarta.activation-api	High
Product	jar	package name	activation	Highest
Product	jar	package name	jakarta	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta Activation API	Medium
Product	Manifest	bundle-symbolicname	jakarta.activation-api	Medium
Product	Manifest	extension-name	jakarta.activation	Medium
Product	Manifest	implementation-build-id	7f7d358	Low
Product	Manifest	Implementation-Title	Jakarta Activation API	High
Product	Manifest	specification-title	Jakarta Activation Specification	Medium
Product	pom	artifactid	jakarta.activation-api	Highest
Product	pom	developer email	bill.shannon@oracle.com	Low
Product	pom	developer id	shannon	Low
Product	pom	developer name	Bill Shannon	Low
Product	pom	developer org	Oracle	Low
Product	pom	groupid	jakarta.activation	Highest
Product	pom	name	Jakarta Activation API	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	jakartaee/jaf-api	High
Version	file	version	2.1.3	High
Version	Manifest	Bundle-Version	2.1.3	High
Version	pom	parent-version	2.1.3	Low
Version	pom	version	2.1.3	Highest

Identifiers

pkg:maven/jakarta.activation/jakarta.activation-api@2.1.3 (Confidence:High)

jakarta.xml.bind-api-4.0.2.jar

Description:

Jakarta XML Binding API 4.0 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/runner/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/4.0.2/jakarta.xml.bind-api-4.0.2.jar
MD5: 0c8f9991081def819435c3ff36e4d93f
SHA1: 6cd5a999b834b63238005b7144136379dc36cad2
SHA256:0d6bcfe47763e85047acf7c398336dc84ff85ebcad0a7cb6f3b9d3e981245406
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/jakarta.xml.ws/jakarta.xml.ws-api@4.0.2

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.xml.bind-api	High
Vendor	jar	package name	bind	Highest
Vendor	jar	package name	jakarta	Highest
Vendor	jar	package name	xml	Highest
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.xml.bind-api	Medium
Vendor	Manifest	extension-name	jakarta.xml.bind	Medium
Vendor	Manifest	implementation-build-id	ca43d8b	Low
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.xml.bind-api	Highest
Vendor	pom	artifactid	jakarta.xml.bind-api	Low
Vendor	pom	groupid	jakarta.xml.bind	Highest
Vendor	pom	name	Jakarta XML Binding API	High
Vendor	pom	parent-artifactid	jakarta.xml.bind-api-parent	Low
Product	file	name	jakarta.xml.bind-api	High
Product	jar	package name	bind	Highest
Product	jar	package name	jakarta	Highest
Product	jar	package name	xml	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta XML Binding API	Medium
Product	Manifest	bundle-symbolicname	jakarta.xml.bind-api	Medium
Product	Manifest	extension-name	jakarta.xml.bind	Medium
Product	Manifest	implementation-build-id	ca43d8b	Low
Product	pom	artifactid	jakarta.xml.bind-api	Highest
Product	pom	groupid	jakarta.xml.bind	Highest
Product	pom	name	Jakarta XML Binding API	High
Product	pom	parent-artifactid	jakarta.xml.bind-api-parent	Medium
Version	file	version	4.0.2	High
Version	Manifest	Bundle-Version	4.0.2	High
Version	Manifest	Implementation-Version	4.0.2	High
Version	pom	version	4.0.2	Highest

Identifiers

pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.2 (Confidence:High)

jakarta.xml.soap-api-3.0.2.jar

Description:

Provides the API for creating and building SOAP messages.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/runner/.m2/repository/jakarta/xml/soap/jakarta.xml.soap-api/3.0.2/jakarta.xml.soap-api-3.0.2.jar
MD5: b75eb22ffc46058b28d78874902dd2d3
SHA1: 0445830286faf84fe40a3f47ccd7537d69cd58c4
SHA256:62ecd5c3b5c107779e5ffe84922594c381f7a8e397320a05c3ee3957b5b7863f
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/jakarta.xml.ws/jakarta.xml.ws-api@4.0.2

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.xml.soap-api	High
Vendor	jar	package name	jakarta	Highest
Vendor	jar	package name	soap	Highest
Vendor	jar	package name	xml	Highest
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.xml.soap-api	Medium
Vendor	Manifest	extension-name	jakarta.xml.soap	Medium
Vendor	Manifest	implementation-build-id	03ea41a	Low
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.xml.soap-api	Highest
Vendor	pom	artifactid	jakarta.xml.soap-api	Low
Vendor	pom	developer id	lukasj	Medium
Vendor	pom	developer name	Lukas Jungmann	Medium
Vendor	pom	developer org	Oracle, Inc.	Medium
Vendor	pom	groupid	jakarta.xml.soap	Highest
Vendor	pom	name	Jakarta SOAP with Attachments API	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	jakartaee/saaj-api	Highest
Product	file	name	jakarta.xml.soap-api	High
Product	jar	package name	jakarta	Highest
Product	jar	package name	soap	Highest
Product	jar	package name	xml	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta SOAP with Attachments API	Medium
Product	Manifest	bundle-symbolicname	jakarta.xml.soap-api	Medium
Product	Manifest	extension-name	jakarta.xml.soap	Medium
Product	Manifest	implementation-build-id	03ea41a	Low
Product	pom	artifactid	jakarta.xml.soap-api	Highest
Product	pom	developer id	lukasj	Low
Product	pom	developer name	Lukas Jungmann	Low
Product	pom	developer org	Oracle, Inc.	Low
Product	pom	groupid	jakarta.xml.soap	Highest
Product	pom	name	Jakarta SOAP with Attachments API	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	jakartaee/saaj-api	High
Version	file	version	3.0.2	High
Version	Manifest	Bundle-Version	3.0.2	High
Version	Manifest	Implementation-Version	3.0.2	High
Version	pom	parent-version	3.0.2	Low
Version	pom	version	3.0.2	Highest

Identifiers

pkg:maven/jakarta.xml.soap/jakarta.xml.soap-api@3.0.2 (Confidence:High)

jakarta.xml.ws-api-4.0.2.jar

Description:

Jakarta XML Web Services API

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/runner/.m2/repository/jakarta/xml/ws/jakarta.xml.ws-api/4.0.2/jakarta.xml.ws-api-4.0.2.jar
MD5: 9a41e8d9a62fb837d2228d47684a57da
SHA1: 331ecab874ee75b48db661a331319958cb04edec
SHA256:ae500d776eeb64471cd3e3bdfcd6a9e7de6d8f866be6d7e9b2f9ca606d68c203
Referenced In Project/Scope: Bedework: A generic WebDAV servlet:compile
pkg:maven/org.bedework/bw-webdav@6.1.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.xml.ws-api	High
Vendor	hint analyzer	vendor	web services	Medium
Vendor	jar	package name	jakarta	Highest
Vendor	jar	package name	ws	Highest
Vendor	jar	package name	xml	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.xml.ws-api	Medium
Vendor	Manifest	extension-name	jakarta.xml.ws	Medium
Vendor	Manifest	implementation-build-id	4.0.2-RELEASE-a70d205	Low
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.xml.ws-api	Highest
Vendor	pom	artifactid	jakarta.xml.ws-api	Low
Vendor	pom	developer email	lukas.jungmann@oracle.com	Low
Vendor	pom	developer email	Roman.Grigoriadi@oracle.com	Low
Vendor	pom	developer email	zheng.jun.li@oracle.com	Low
Vendor	pom	developer id	bravehorsie	Medium
Vendor	pom	developer id	zhengjl	Medium
Vendor	pom	developer name	Lukas Jungmann	Medium
Vendor	pom	developer name	Roman Grigoriadi	Medium
Vendor	pom	developer name	Zheng Jun Li	Medium
Vendor	pom	developer org	Oracle Corporation	Medium
Vendor	pom	groupid	jakarta.xml.ws	Highest
Vendor	pom	name	Jakarta XML Web Services API	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	jakartaee/jax-ws-api	Highest
Product	file	name	jakarta.xml.ws-api	High
Product	hint analyzer	product	web services	Medium
Product	jar	package name	jakarta	Highest
Product	jar	package name	ws	Highest
Product	jar	package name	xml	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta XML Web Services API	Medium
Product	Manifest	bundle-symbolicname	jakarta.xml.ws-api	Medium
Product	Manifest	extension-name	jakarta.xml.ws	Medium
Product	Manifest	implementation-build-id	4.0.2-RELEASE-a70d205	Low
Product	pom	artifactid	jakarta.xml.ws-api	Highest
Product	pom	developer email	lukas.jungmann@oracle.com	Low
Product	pom	developer email	Roman.Grigoriadi@oracle.com	Low
Product	pom	developer email	zheng.jun.li@oracle.com	Low
Product	pom	developer id	bravehorsie	Low
Product	pom	developer id	zhengjl	Low
Product	pom	developer name	Lukas Jungmann	Low
Product	pom	developer name	Roman Grigoriadi	Low
Product	pom	developer name	Zheng Jun Li	Low
Product	pom	developer org	Oracle Corporation	Low
Product	pom	groupid	jakarta.xml.ws	Highest
Product	pom	name	Jakarta XML Web Services API	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	jakartaee/jax-ws-api	High
Version	file	version	4.0.2	High
Version	Manifest	Bundle-Version	4.0.2	High
Version	Manifest	Implementation-Version	4.0.2	High
Version	pom	parent-version	4.0.2	Low
Version	pom	version	4.0.2	Highest

Identifiers

pkg:maven/jakarta.xml.ws/jakarta.xml.ws-api@4.0.2 (Confidence:High)
cpe:2.3:a:web_project:web:4.0.2:*:*:*:*:*:*:* (Confidence:Low)

How to read the report | Suppressing false positives | Getting Help: github issues Sponsor

Project: Bedework: A generic WebDAV servlet

org.bedework:bw-webdav:6.1.0-SNAPSHOT

Summary

Dependencies (vulnerable)

bw-access-6.0.0.jar

Evidence

Identifiers

bw-base-2.0.0.jar

Evidence

Identifiers

bw-util-caching-6.0.0.jar

Evidence

Identifiers

bw-util-config-6.0.0.jar

Evidence

Identifiers

bw-util-jmx-6.0.0.jar

Evidence

Identifiers

bw-util-logging-6.0.0.jar

Evidence

Identifiers

bw-util-misc-6.0.0.jar

Evidence

Identifiers

bw-util-servlet-6.0.0.jar

Evidence

Identifiers

bw-util-xml-6.0.0.jar

Evidence

Identifiers

commons-lang3-3.17.0.jar

Evidence

Identifiers

Published Vulnerabilities

commons-text-1.13.0.jar

Evidence

Identifiers

jackson-core-2.18.2.jar

Evidence

Related Dependencies

Identifiers

jackson-databind-2.18.2.jar

Evidence

Identifiers

jakarta.activation-api-2.1.3.jar

Evidence

Identifiers

jakarta.xml.bind-api-4.0.2.jar

Evidence

Identifiers

jakarta.xml.soap-api-3.0.2.jar

Evidence

Identifiers

jakarta.xml.ws-api-4.0.2.jar

Evidence

Identifiers

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor