Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: jTrust Test PKI

be.fedict.jtrust:jtrust-testpki:2.1.0

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
bcpkix-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/bcpkix-jdk15on@1.70 0Low66
bcprov-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.70:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcprov-jdk15on@1.70 0Low60
bcutil-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/bcutil-jdk15on@1.70 0Low50
commons-io-2.11.0.jarcpe:2.3:a:apache:commons_io:2.11.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.11.0 0Highest123
javax.servlet-api-3.1.0.jarcpe:2.3:a:oracle:java_se:3.1.0:*:*:*:*:*:*:*pkg:maven/javax.servlet/javax.servlet-api@3.1.0 0Medium49
jetty-io-9.4.51.v20230217.jarcpe:2.3:a:eclipse:jetty:9.4.51:20230217:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.51:20230217:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.51:20230217:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-io@9.4.51.v20230217 0Highest39
jetty-server-9.4.51.v20230217.jarcpe:2.3:a:eclipse:jetty:9.4.51:20230217:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.51:20230217:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:9.4.51:20230217:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.51:20230217:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-server@9.4.51.v20230217 0Highest39
slf4j-api-1.7.36.jarpkg:maven/org.slf4j/slf4j-api@1.7.36 029

Dependencies

bcpkix-jdk15on-1.70.jar

Description:

The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /Users/fcorneli/.m2/repository/org/bouncycastle/bcpkix-jdk15on/1.70/bcpkix-jdk15on-1.70.jar
MD5: 2c383f50d41937eae4fd32c35d8668cd
SHA1: f81e5af49571a9d5a109a88f239a73ce87055417
SHA256:e5b9cb821df57f70b0593358e89c0e8d7266515da9d088af6c646f63d433c07c
Referenced In Project/Scope: jTrust Test PKI:compile
bcpkix-jdk15on-1.70.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/be.fedict.jtrust/jtrust-testpki@2.1.0

Identifiers

bcprov-jdk15on-1.70.jar

Description:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /Users/fcorneli/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.70/bcprov-jdk15on-1.70.jar
MD5: 1809d0449a6374279c01fdd3be26cd92
SHA1: 4636a0d01f74acaf28082fb62b317f1080118371
SHA256:8f3c20e3e2d565d26f33e8d4857a37d0d7f8ac39b62a7026496fcab1bdac30d4
Referenced In Project/Scope: jTrust Test PKI:compile
bcprov-jdk15on-1.70.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/be.fedict.jtrust/jtrust-testpki@2.1.0

Identifiers

  • pkg:maven/org.bouncycastle/bcprov-jdk15on@1.70  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.70:*:*:*:*:*:*:*  (Confidence:Low)  

bcutil-jdk15on-1.70.jar

Description:

The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.5 and up.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /Users/fcorneli/.m2/repository/org/bouncycastle/bcutil-jdk15on/1.70/bcutil-jdk15on-1.70.jar
MD5: 805173dfb0891331dbe69d0e53371af4
SHA1: 54280e7195a7430d7911ded93fc01e07300b9526
SHA256:52dc5551b0257666526c5095424567fed7dc7b00d2b1ba7bd52298411112b1d0
Referenced In Project/Scope: jTrust Test PKI:compile
bcutil-jdk15on-1.70.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.bouncycastle/bcpkix-jdk15on@1.70

Identifiers

commons-io-2.11.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/fcorneli/.m2/repository/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar
MD5: 3b4b7ccfaeceeac240b804839ee1a1ca
SHA1: a2503f302b11ebde7ebc3df41daebe0e4eea3689
SHA256:961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908
Referenced In Project/Scope: jTrust Test PKI:compile
commons-io-2.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/be.fedict.jtrust/jtrust-testpki@2.1.0

Identifiers

javax.servlet-api-3.1.0.jar

Description:

Java(TM) Servlet 3.1 API Design Specification

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /Users/fcorneli/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256:af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Project/Scope: jTrust Test PKI:compile
javax.servlet-api-3.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jetty/jetty-server@9.4.51.v20230217

Identifiers

jetty-io-9.4.51.v20230217.jar

Description:

Jetty module for Jetty :: IO Utility

License:

http://www.apache.org/licenses/LICENSE-2.0, https://www.eclipse.org/org/documents/epl-v10.php
File Path: /Users/fcorneli/.m2/repository/org/eclipse/jetty/jetty-io/9.4.51.v20230217/jetty-io-9.4.51.v20230217.jar
MD5: f030b7fc7ff17b80aad37f8d79b9816d
SHA1: a11a0713b17334a5b6e694602fbd1a9457cb5fdd
SHA256:b73b26c5a531b02af0d775f0574c2889665449168723e4322d36de6e8e74848f
Referenced In Project/Scope: jTrust Test PKI:compile
jetty-io-9.4.51.v20230217.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jetty/jetty-server@9.4.51.v20230217

Identifiers

jetty-server-9.4.51.v20230217.jar

Description:

The core jetty server artifact.

License:

http://www.apache.org/licenses/LICENSE-2.0, https://www.eclipse.org/org/documents/epl-v10.php
File Path: /Users/fcorneli/.m2/repository/org/eclipse/jetty/jetty-server/9.4.51.v20230217/jetty-server-9.4.51.v20230217.jar
MD5: 43bcc211c126b7cd06b966940c84f569
SHA1: d0572c8460eb26adf8420e78535d95859c89a936
SHA256:72f19a7f88e91244d5170045d7d44143508845b01196f87b2a1b56a5ad16d378
Referenced In Project/Scope: jTrust Test PKI:compile
jetty-server-9.4.51.v20230217.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/be.fedict.jtrust/jtrust-testpki@2.1.0

Identifiers

slf4j-api-1.7.36.jar

Description:

The slf4j API

File Path: /Users/fcorneli/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Referenced In Project/Scope: jTrust Test PKI:compile
slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/be.fedict.jtrust/jtrust-testpki@2.1.0

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.