Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 5.2.1
Report Generated On: Tue, 24 Sep 2019 22:29:52 -0700
Dependencies Scanned: 8 (2 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD CVE Checked: 2019-09-24T22:00:09
NVD CVE Modified: 2019-09-24T17:02:28
VersionCheckOn: 2019-09-24T22:00:09

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Highest Severity	CVE Count	Confidence	Evidence Count
aopalliance-1.0.jar		pkg:maven/aopalliance/aopalliance@1.0		0		19
spring-core-5.1.9.RELEASE.jar	cpe:2.3:a:pivotal_software:spring_framework:5.1.9.release:::::::* cpe:2.3:a:springsource:spring_framework:5.1.9.release:::::::* cpe:2.3:a:vmware:springsource_spring_framework:5.1.9:::::::*	pkg:maven/org.springframework/spring-core@5.1.9.RELEASE		0	Highest	30

Dependencies

aopalliance-1.0.jar

Description:

AOP Alliance

License:

Public Domain

File Path: /Users/rexhoffman/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope:AdviseContext:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	aopalliance	Low
Vendor	jar	package name	aopalliance	Low
Vendor	jar	package name	aop	Highest
Vendor	pom	groupid	aopalliance	Highest
Vendor	file	name	aopalliance	High
Vendor	jar	package name	intercept	Low
Vendor	pom	url	http://aopalliance.sourceforge.net	Highest
Vendor	pom	name	AOP alliance	High
Vendor	jar	package name	aopalliance	Highest
Product	pom	url	http://aopalliance.sourceforge.net	Medium
Product	jar	package name	aop	Highest
Product	file	name	aopalliance	High
Product	jar	package name	intercept	Low
Product	pom	artifactid	aopalliance	Highest
Product	pom	groupid	aopalliance	Low
Product	pom	name	AOP alliance	High
Product	jar	package name	aopalliance	Highest
Version	pom	version	1.0	Highest
Version	file	version	1.0	Highest

Identifiers

pkg:maven/aopalliance/aopalliance@1.0 (Confidence:High)

spring-core-5.1.9.RELEASE.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /Users/rexhoffman/.m2/repository/org/springframework/spring-core/5.1.9.RELEASE/spring-core-5.1.9.RELEASE.jar
MD5: fad0a88be0f6d46008bd84ebb153ebce
SHA1: dc3815439579b4fa0c19970e6b8e5d774af8d988
SHA256:427406f5423e032e08e5d43e5d3eccfbc83350b0d7c6ec22db839755ff1120de
Referenced In Project/Scope:AdviseContext:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	core	Highest
Vendor	pom	url	spring-projects/spring-framework	Highest
Vendor	jar	package name	springframework	Highest
Vendor	Manifest	automatic-module-name	spring.core	Medium
Vendor	pom	groupid	springframework	Highest
Vendor	pom	artifactid	spring-core	Low
Vendor	pom	name	Spring Core	High
Vendor	pom	organization name	Spring IO	High
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	pom	groupid	org.springframework	Highest
Vendor	file	name	spring-core	High
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	io	Highest
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	pom	organization url	https://projects.spring.io/spring-framework	Medium
Product	jar	package name	core	Highest
Product	pom	url	spring-projects/spring-framework	High
Product	jar	package name	springframework	Highest
Product	pom	organization name	Spring IO	Low
Product	Manifest	automatic-module-name	spring.core	Medium
Product	pom	name	Spring Core	High
Product	pom	organization url	https://projects.spring.io/spring-framework	Low
Product	hint analyzer	product	springsource_spring_framework	Highest
Product	file	name	spring-core	High
Product	Manifest	Implementation-Title	spring-core	High
Product	jar	package name	io	Highest
Product	pom	artifactid	spring-core	Highest
Product	pom	groupid	springframework	Low
Version	pom	version	5.1.9.RELEASE	Highest
Version	Manifest	Implementation-Version	5.1.9.RELEASE	High

Related Dependencies

spring-beans-5.1.9.RELEASE.jar
- File Path: /Users/rexhoffman/.m2/repository/org/springframework/spring-beans/5.1.9.RELEASE/spring-beans-5.1.9.RELEASE.jar
- MD5: 26a027230943159f49b79c9521d0e592
- SHA1: 05a03b3983108d73978aec2fa3e681aedad6782c
- SHA256: e53ac6c352a41050c9f2186590157bbe61899428f3d62bab772f1ef96f141237
- pkg:maven/org.springframework/spring-beans@5.1.9.RELEASE
spring-expression-5.1.9.RELEASE.jar
- File Path: /Users/rexhoffman/.m2/repository/org/springframework/spring-expression/5.1.9.RELEASE/spring-expression-5.1.9.RELEASE.jar
- MD5: b689570e1cdc5979c1faa27719beaabe
- SHA1: db3a2468c1b7d697ec3b3ec6e5652dc282994fe3
- SHA256: e13b81f767f4a1b64194c854b03af7ef7987cc48fe98203e5f3b9a259d18bee0
- pkg:maven/org.springframework/spring-expression@5.1.9.RELEASE
spring-jcl-5.1.9.RELEASE.jar
- File Path: /Users/rexhoffman/.m2/repository/org/springframework/spring-jcl/5.1.9.RELEASE/spring-jcl-5.1.9.RELEASE.jar
- MD5: 8e0f77930c11ea66237ea479b08750d9
- SHA1: 7c372790c999777d20f364960cf557dd74f890cf
- SHA256: e6f5a8162bc57aec3d9260fec9efc019cee904de2b0c5a6abe02598a17d10456
- pkg:maven/org.springframework/spring-jcl@5.1.9.RELEASE
spring-context-5.1.9.RELEASE.jar
- File Path: /Users/rexhoffman/.m2/repository/org/springframework/spring-context/5.1.9.RELEASE/spring-context-5.1.9.RELEASE.jar
- MD5: ea09f1711c340d526e9d417242f8dc16
- SHA1: c37f8fe15a5ae4ea1f351bd46167fd492a84eefa
- SHA256: 129e4c38c34c0a541073f1c9614892a7f44e967101230632a060c0d9a8bae187
- pkg:maven/org.springframework/spring-context@5.1.9.RELEASE
spring-context-support-5.1.9.RELEASE.jar
- File Path: /Users/rexhoffman/.m2/repository/org/springframework/spring-context-support/5.1.9.RELEASE/spring-context-support-5.1.9.RELEASE.jar
- MD5: 1978d6511a94a8712e55cbb884ea7154
- SHA1: 156dac24edaf3b73a2cd24682d8fbc7d82b70423
- SHA256: 77167b19fe5c9d3c57280932fefce3a69d5dab7c79a1f3b296f5866344e92189
- pkg:maven/org.springframework/spring-context-support@5.1.9.RELEASE
spring-aop-5.1.9.RELEASE.jar
- File Path: /Users/rexhoffman/.m2/repository/org/springframework/spring-aop/5.1.9.RELEASE/spring-aop-5.1.9.RELEASE.jar
- MD5: ff12a2b6d156f02dfd7edfd5bebada3f
- SHA1: bc2312ffad02251b9d472e4a7c0e472a58f50fbf
- SHA256: 91e07b10b52c3e5370e90866af1dc4f9d3d4d193ca4b9100667e0df577c37a8d
- pkg:maven/org.springframework/spring-aop@5.1.9.RELEASE

Identifiers

pkg:maven/org.springframework/spring-core@5.1.9.RELEASE (Confidence:High)
cpe:2.3:a:pivotal_software:spring_framework:5.1.9.release:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:springsource:spring_framework:5.1.9.release:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:springsource_spring_framework:5.1.9:*:*:*:*:*:*:* (Confidence:Low)

How to read the report | Suppressing false positives | Getting Help: github issues

Project: AdviseContext

com.github.advisedtesting:AdviseContext:1.3.1

Summary

Dependencies

aopalliance-1.0.jar

Evidence

Identifiers

spring-core-5.1.9.RELEASE.jar

Evidence

Related Dependencies

Identifiers