Feature #7799: automated vulnerability scanning - Runtime Infrastructure - Golden Code Redmine

Feature #7799

automated vulnerability scanning

Added by Greg Shah 8 months ago. Updated 12 days ago.

Status:

WIP

Priority:

Normal

Assignee:

Tomasz Domin

Target version:

Start date:

Due date:

% Done:

billable:

vendor_id:

GCD

mvnrepository_snakeyaml_1.15_vunerabilities_20230913.png (15 KB) Greg Shah, 09/13/2023 03:45 PM

dependency-check-report.csv (140 KB) Tomasz Domin, 02/19/2024 07:07 AM

Related issues

History

#1 Updated by Greg Shah 8 months ago

File mvnrepository_snakeyaml_1.15_vunerabilities_20230913.png added

We plan to update all of our dependencies to the latest stable levels as part of work on #6692 (Java 17). That will clear a large number of security problems. But it doesn't solve the longer term issue that we need a proces sto keep these up to date.

I want to implement the best practice of routinely scanning for vulnerabilities and moving to new versions of code that avoid those vulnerabilities. There are commercial services that can help with this, but they are expensive.

There are also vulnerability reports available in Maven which we can probably use to implement our own checks.

For example, from https://mvnrepository.com/ you can search on "snakeyaml" and find this page:

https://mvnrepository.com/artifact/org.yaml/snakeyaml

If you scroll way down to the really old version we use (1.15) you will see this:

The data is public. If there is an open source tool to check this, I'd like to investigate using it. If not, perhaps we can build our own using the maven API and our list of dependencies.

#2 Updated by Greg Shah 8 months ago

Related to Feature #6692: move FWD to Java 17 added

#3 Updated by Tomasz Domin 2 months ago

Assignee set to Tomasz Domin
Status changed from New to WIP
File dependency-check-report.csv added

I've implemented vulnerability checks in #6692 with org.owasp.dependencycheck plugin.
A sample report for FWD 6692a/14987 has been attached attached. By default only fwdAllRuntime configuration is checked.
It does not look bad, still waiting for JS libraries updates.

One or more dependencies were identified with known vulnerabilities in p2j_6692a:

bootstrap-3.3.7-dist.zip: bootstrap.js (pkg:javascript/bootstrap@3.3.7) : CVE-2016-10735, CVE-2018-14041, CVE-2018-14042, CVE-2018-20676, CVE-2018-20677, CVE-2019-8331, Bootstrap before 4.0.0 is end-of-life and no longer maintained.
bootstrap-3.3.7-dist.zip: bootstrap.min.js (pkg:javascript/bootstrap@3.3.7) : CVE-2016-10735, CVE-2018-14041, CVE-2018-14042, CVE-2018-20676, CVE-2018-20677, CVE-2019-8331, Bootstrap before 4.0.0 is end-of-life and no longer maintained.
codegen-2.2.3.jar (pkg:maven/org.eclipse.emf/codegen@2.2.3, cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*) : CVE-2023-4218
codegen-ecore-2.2.3.jar (pkg:maven/org.eclipse.emf/codegen-ecore@2.2.3, cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*) : CVE-2023-4218
common-2.2.3.jar (pkg:maven/org.eclipse.emf/common@2.2.3, cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*) : CVE-2023-4218
commons-httpclient-3.1.jar (pkg:maven/commons-httpclient/commons-httpclient@3.1, cpe:2.3:a:apache:commons-httpclient:3.1:*:*:*:*:*:*:*, cpe:2.3:a:apache:httpclient:3.1:*:*:*:*:*:*:*) : CVE-2012-5783, CVE-2020-13956
dom4j-1.6.1.jar (pkg:maven/dom4j/dom4j@1.6.1, cpe:2.3:a:dom4j_project:dom4j:1.6.1:*:*:*:*:*:*:*) : CVE-2020-10683, CVE-2018-1000632
ecore-2.2.3.jar (pkg:maven/org.eclipse.emf/ecore@2.2.3, cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*) : CVE-2023-4218
ecore-change-2.2.3.jar (pkg:maven/org.eclipse.emf/ecore-change@2.2.3, cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*) : CVE-2023-4218
ecore-xmi-2.2.3.jar (pkg:maven/org.eclipse.emf/ecore-xmi@2.2.3, cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*) : CVE-2023-4218
fwd-h2-1.40-trunk.jar (pkg:maven/com.goldencode/fwd-h2@1.40-trunk, cpe:2.3:a:h2database:h2:1.40:*:*:*:*:*:*:*) : CVE-2021-42392, CVE-2022-23221, CVE-2021-23463, CVE-2022-45868
fwd-imageio-bmp-3.1.2.jar (pkg:maven/com.twelvemonkeys.imageio/fwd-imageio-bmp@3.1.2, cpe:2.3:a:twelvemonkeys_project:twelvemonkeys:3.1.2:*:*:*:*:*:*:*) : CVE-2021-23792
gremlin-shaded-3.7.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.15.2, cpe:2.3:a:fasterxml:jackson-databind:2.15.2:*:*:*:*:*:*:*, cpe:2.3:a:fasterxml:jackson-modules-java8:2.15.2:*:*:*:*:*:*:*) : CVE-2023-35116
gwtbootstrap3-1.0.1.jar: bootstrap-3.4.1.min.cache.js (pkg:javascript/bootstrap@3.4.1.min.cache) : Bootstrap before 4.0.0 is end-of-life and no longer maintained.
gwtbootstrap3-1.0.1.jar: jquery-1.12.4.min.cache.js (pkg:javascript/jquery@1.12.4.min.cache) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
gwtbootstrap3-extras-1.0.2.jar: bootstrap-select-1.12.4.min.cache.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ar_AR.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ar_AR.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-bg_BG.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-bg_BG.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-cro_CRO.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-cro_CRO.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-cs_CZ.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-cs_CZ.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-da_DK.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-da_DK.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-de_DE.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-de_DE.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-en_US.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-en_US.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-es_CL.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-es_CL.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-et_EE.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-et_EE.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-eu.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-eu.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-fa_IR.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-fa_IR.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-fi_FI.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-fi_FI.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-fr_FR.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-fr_FR.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-hu_HU.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-hu_HU.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-id_ID.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-id_ID.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-it_IT.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-it_IT.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ja_JP.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ja_JP.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-kh_KM.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-kh_KM.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ko_KR.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ko_KR.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-lt_LT.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-lt_LT.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-nb_NO.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-nb_NO.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-nl_NL.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-nl_NL.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-pl_PL.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-pl_PL.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-pt_BR.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-pt_BR.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-pt_PT.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-pt_PT.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ro_RO.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ro_RO.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ru_RU.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ru_RU.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-sk_SK.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-sk_SK.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-sl_SI.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-sl_SI.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-sv_SE.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-sv_SE.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-tr_TR.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-tr_TR.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ua_UA.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ua_UA.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-vi_VN.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-vi_VN.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-zh_CN.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-zh_CN.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-zh_TW.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-zh_TW.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: jquery-ui-1.11.2.custom.min.cache.js (pkg:javascript/jquery-ui@1.11.2) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
gwtbootstrap3-extras-1.0.2.jar: moment-2.9.0.min.cache.js (pkg:javascript/moment.js@2.9.0.min.cache) : CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, Regular Expression Denial of Service (ReDoS)
gwtbootstrap3-extras-1.0.2.jar: typeahead.jquery-0.10.5.min.cache.js (pkg:javascript/jquery@0.10.5.min.cache) : CVE-2012-6708, CVE-2020-7656, CVE-2011-4969, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
itext-2.1.7.jar (pkg:maven/com.lowagie/itext@2.1.7) : CVE-2017-9096
itextpdf-5.5.13.3.jar (pkg:maven/com.itextpdf/itextpdf@5.5.13.3, cpe:2.3:a:itextpdf:itext:5.5.13.3:*:*:*:*:*:*:*) : CVE-2022-24196, CVE-2022-24197
ivy-2.5.1.jar (pkg:maven/org.apache.ivy/ivy@2.5.1, cpe:2.3:a:apache:ant:2.5.1:*:*:*:*:*:*:*, cpe:2.3:a:apache:ivy:2.5.1:*:*:*:*:*:*:*) : CVE-2022-46751
jquery-3.2.1.zip: jquery-3.2.1.js (pkg:javascript/jquery@3.2.1) : CVE-2019-11358, CVE-2020-11022, CVE-2020-11023
jquery-ui-1.12.1.custom.zip: jquery-ui.js (pkg:javascript/jquery-ui@1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
jquery-ui-1.12.1.custom.zip: jquery-ui.min.js (pkg:javascript/jquery-ui@1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
jquery-ui-1.12.1.custom.zip: jquery.js (pkg:javascript/jquery@1.12.4) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
log4j-1.2.17.jar (pkg:maven/log4j/log4j@1.2.17, cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*) : CVE-2019-17571, CVE-2020-9493, CVE-2022-23305, CVE-2022-23302, CVE-2022-23307, CVE-2021-4104, CVE-2023-26464
quartz-2.3.2.jar (pkg:maven/org.quartz-scheduler/quartz@2.3.2, cpe:2.3:a:softwareag:quartz:2.3.2:*:*:*:*:*:*:*) : CVE-2023-39017
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
xercesImpl-2.12.2.jar (pkg:maven/xerces/xercesImpl@2.12.2, cpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*) : CVE-2017-10355
xsd-2.2.3.jar (pkg:maven/org.eclipse.xsd/xsd@2.2.3, cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*) : CVE-2023-4218

#4 Updated by Tomasz Domin 12 days ago

A report for FWD 6692a/15172, there should be less vulnerabilities, but in meantime a new ones has been discovered so components need upgraded again.

apache-mime4j-core-0.8.9.jar (pkg:maven/org.apache.james/apache-mime4j-core@0.8.9) : CVE-2024-21742
bcprov-jdk18on-1.77.jar (pkg:maven/org.bouncycastle/bcprov-jdk18on@1.77, cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.77:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.77:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.77:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.77:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.77:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.77:*:*:*:*:*:*:*) : CVE-2024-29857, CVE-2024-30171, CVE-2024-30172
bootstrap-3.4.1.jar (pkg:javascript/bootstrap@3.4.1, pkg:maven/org.webjars/bootstrap@3.4.1) : Bootstrap before 4.0.0 is end-of-life and no longer maintained.
codegen-2.2.3.jar (pkg:maven/org.eclipse.emf/codegen@2.2.3, cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*) : CVE-2023-4218
codegen-ecore-2.2.3.jar (pkg:maven/org.eclipse.emf/codegen-ecore@2.2.3, cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*) : CVE-2023-4218
common-2.2.3.jar (pkg:maven/org.eclipse.emf/common@2.2.3, cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*) : CVE-2023-4218
commons-configuration-1.10.jar (pkg:maven/commons-configuration/commons-configuration@1.10, cpe:2.3:a:apache:commons_configuration:1.10:*:*:*:*:*:*:*) : CVE-2024-29131, CVE-2024-29133
commons-configuration2-2.9.0.jar (pkg:maven/org.apache.commons/commons-configuration2@2.9.0, cpe:2.3:a:apache:commons_configuration:2.9.0:*:*:*:*:*:*:*) : CVE-2024-29131, CVE-2024-29133
commons-httpclient-3.1.jar (pkg:maven/commons-httpclient/commons-httpclient@3.1, cpe:2.3:a:apache:commons-httpclient:3.1:*:*:*:*:*:*:*, cpe:2.3:a:apache:httpclient:3.1:*:*:*:*:*:*:*) : CVE-2012-5783, CVE-2020-13956
ecore-2.2.3.jar (pkg:maven/org.eclipse.emf/ecore@2.2.3, cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*) : CVE-2023-4218
ecore-change-2.2.3.jar (pkg:maven/org.eclipse.emf/ecore-change@2.2.3, cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*) : CVE-2023-4218
ecore-xmi-2.2.3.jar (pkg:maven/org.eclipse.emf/ecore-xmi@2.2.3, cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*) : CVE-2023-4218
fwd-h2-1.45-trunk.jar (pkg:maven/com.goldencode/fwd-h2@1.45-trunk, cpe:2.3:a:h2database:h2:1.45:*:*:*:*:*:*:*) : CVE-2021-42392, CVE-2022-23221, CVE-2021-23463, CVE-2022-45868
gremlin-shaded-3.7.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.15.2, cpe:2.3:a:fasterxml:jackson-databind:2.15.2:*:*:*:*:*:*:*, cpe:2.3:a:fasterxml:jackson-modules-java8:2.15.2:*:*:*:*:*:*:*) : CVE-2023-35116
gwtbootstrap3-1.0.1.jar: bootstrap-3.4.1.min.cache.js (pkg:javascript/bootstrap@3.4.1.min.cache) : Bootstrap before 4.0.0 is end-of-life and no longer maintained.
gwtbootstrap3-1.0.1.jar: jquery-1.12.4.min.cache.js (pkg:javascript/jquery@1.12.4.min.cache) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
gwtbootstrap3-extras-1.0.2.jar: bootstrap-select-1.12.4.min.cache.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ar_AR.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ar_AR.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-bg_BG.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-bg_BG.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-cro_CRO.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-cro_CRO.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-cs_CZ.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-cs_CZ.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-da_DK.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-da_DK.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-de_DE.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-de_DE.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-en_US.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-en_US.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-es_CL.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-es_CL.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-et_EE.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-et_EE.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-eu.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-eu.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-fa_IR.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-fa_IR.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-fi_FI.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-fi_FI.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-fr_FR.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-fr_FR.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-hu_HU.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-hu_HU.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-id_ID.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-id_ID.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-it_IT.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-it_IT.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ja_JP.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ja_JP.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-kh_KM.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-kh_KM.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ko_KR.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ko_KR.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-lt_LT.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-lt_LT.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-nb_NO.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-nb_NO.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-nl_NL.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-nl_NL.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-pl_PL.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-pl_PL.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-pt_BR.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-pt_BR.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-pt_PT.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-pt_PT.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ro_RO.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ro_RO.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ru_RU.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ru_RU.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-sk_SK.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-sk_SK.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-sl_SI.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-sl_SI.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-sv_SE.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-sv_SE.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-tr_TR.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-tr_TR.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ua_UA.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-ua_UA.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-vi_VN.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-vi_VN.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-zh_CN.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-zh_CN.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-zh_TW.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: defaults-zh_TW.min.js (pkg:javascript/bootstrap-select@1.12.4) : CVE-2019-20921
gwtbootstrap3-extras-1.0.2.jar: jquery-ui-1.11.2.custom.min.cache.js (pkg:javascript/jquery-ui@1.11.2) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
gwtbootstrap3-extras-1.0.2.jar: moment-2.9.0.min.cache.js (pkg:javascript/moment.js@2.9.0.min.cache) : CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, Regular Expression Denial of Service (ReDoS)
gwtbootstrap3-extras-1.0.2.jar: typeahead.jquery-0.10.5.min.cache.js (pkg:javascript/jquery@0.10.5.min.cache) : CVE-2012-6708, CVE-2020-7656, CVE-2011-4969, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
itextpdf-5.5.6.jar (pkg:maven/com.itextpdf/itextpdf@5.5.6, cpe:2.3:a:itextpdf:itext:5.5.6:*:*:*:*:*:*:*) : CVE-2017-9096, CVE-2022-24196, CVE-2022-24197
ivy-2.5.1.jar (pkg:maven/org.apache.ivy/ivy@2.5.1, cpe:2.3:a:apache:ant:2.5.1:*:*:*:*:*:*:*, cpe:2.3:a:apache:ivy:2.5.1:*:*:*:*:*:*:*) : CVE-2022-46751
jfreechart-1.0.19.jar (pkg:maven/org.jfree/jfreechart@1.0.19, cpe:2.3:a:time_project:time:1.0.19:*:*:*:*:*:*:*) : CVE-2023-52070, CVE-2024-22949, CVE-2024-23076
postgresql-42.7.1.jar (pkg:maven/org.postgresql/postgresql@42.7.1, cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.7.1:*:*:*:*:*:*:*) : CVE-2024-1597
quartz-2.3.2.jar (pkg:maven/org.quartz-scheduler/quartz@2.3.2, cpe:2.3:a:softwareag:quartz:2.3.2:*:*:*:*:*:*:*) : CVE-2023-39017
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
xercesImpl-2.12.2.jar (pkg:maven/xerces/xercesImpl@2.12.2, cpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*) : CVE-2017-10355
xsd-2.2.3.jar (pkg:maven/org.eclipse.xsd/xsd@2.2.3, cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*) : CVE-2023-4218

Also available in: Atom PDF

Project

General

Profile

FWD » Core Development » Runtime Infrastructure

Issues

Custom queries