afdesk
commented
2 years ago hi @jvitrifork! thanks for your report! I'll try to investigate this issue and resolve it.
Closed jvitrifork closed 2 years ago
afdesk
commented
2 years ago hi @jvitrifork! thanks for your report! I'll try to investigate this issue and resolve it.
afdesk
commented
2 years ago I've downloaded jackson-databind-2.10.3.jar and then run trivy -d fs ..
my result:
Java (jar)
==========
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
+---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------+
| com.fasterxml.jackson.core:jackson-databind | CVE-2020-25649 | HIGH | 2.10.3 | 2.6.7.4, 2.9.10.7, 2.10.5.1 | jackson-databind: FasterXML |
| | | | | | DOMDeserializer insecure |
| | | | | | entity expansion is vulnerable |
| | | | | | to XML external entity... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-25649 |
+---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------+@jvitrifork could you show your logs? thanks for help!
afdesk
commented
2 years ago hi @jvitrifork!
I've downloaded all your jar files and run trivy -d fs .
the result is next:
2021-11-30T22:32:16.751+0600 DEBUG Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
2021-11-30T22:32:16.774+0600 DEBUG cache dir: /home/user/.cache/trivy
2021-11-30T22:32:16.775+0600 DEBUG DB update was skipped because DB is the latest
2021-11-30T22:32:16.775+0600 DEBUG DB Schema: 1, Type: 1, UpdatedAt: 2021-11-30 12:42:38.989837802 +0000 UTC, NextUpdate: 2021-11-30 18:42:38.989837502 +0000 UTC, DownloadedAt: 2021-11-30 14:34:06.971463561 +0000 UTC
2021-11-30T22:32:16.775+0600 DEBUG Vulnerability type: [os library]
2021-11-30T22:32:16.776+0600 DEBUG Parsing Java artifacts... {"file": "jackson-dataformat-smile-2.10.3.jar"}
2021-11-30T22:32:16.776+0600 DEBUG Parsing Java artifacts... {"file": "jackson-dataformat-msgpack-0.8.21.jar"}
2021-11-30T22:32:16.783+0600 DEBUG Parsing Java artifacts... {"file": "jackson-dataformat-yaml-2.10.3.jar"}
2021-11-30T22:32:16.784+0600 DEBUG Parsing Java artifacts... {"file": "jackson-module-parameter-names-2.10.3.jar"}
2021-11-30T22:32:16.785+0600 DEBUG Parsing Java artifacts... {"file": "jackson-dataformat-xml-2.10.3.jar"}
2021-11-30T22:32:16.794+0600 DEBUG Parsing Java artifacts... {"file": "jackson-dataformat-cbor-2.10.3.jar"}
2021-11-30T22:32:16.798+0600 DEBUG Parsing Java artifacts... {"file": "jackson-coreutils-1.6.jar"}
2021-11-30T22:32:16.798+0600 DEBUG Parsing Java artifacts... {"file": "jackson-datatype-jsr310-2.10.3.jar"}
2021-11-30T22:32:16.799+0600 DEBUG Parsing Java artifacts... {"file": "jackson-core-2.10.3.jar"}
2021-11-30T22:32:16.800+0600 DEBUG Parsing Java artifacts... {"file": "jackson-datatype-jdk8-2.10.3.jar"}
2021-11-30T22:32:16.800+0600 DEBUG Parsing Java artifacts... {"file": "jackson-databind-2.10.3.jar"}
2021-11-30T22:32:16.802+0600 DEBUG Parsing Java artifacts... {"file": "jackson-module-jaxb-annotations-2.10.3.jar"}
2021-11-30T22:32:17.492+0600 DEBUG OS is not detected and vulnerabilities in OS packages are not detected.
2021-11-30T22:32:17.492+0600 DEBUG Detected OS: unknown
2021-11-30T22:32:17.492+0600 INFO Number of language-specific files: 1
2021-11-30T22:32:17.492+0600 INFO Detecting jar vulnerabilities...
2021-11-30T22:32:17.492+0600 DEBUG Detecting library vulnerabilities, type: jar, path:
Java (jar)
==========
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
+---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------+
| com.fasterxml.jackson.core:jackson-databind | CVE-2020-25649 | HIGH | 2.10.3 | 2.6.7.4, 2.9.10.7, 2.10.5.1 | jackson-databind: FasterXML |
| | | | | | DOMDeserializer insecure |
| | | | | | entity expansion is vulnerable |
| | | | | | to XML external entity... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-25649 |
+---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------+
maybe I missed something?...
jvitrifork
commented
2 years ago Hmmm ... your results list another CVE ... It must be something locally. I'll dig deeper
afdesk
commented
2 years ago Hmmm ... your results list another CVE ... It must be something locally. I'll dig deeper
let me know if i can help you more
MartinKirchner
commented
2 years ago I have the same issue with jackson-databind-2.11.0.jar. Trivy detects it as 2.3.3. Furthermore it detects "org.eclipse.jetty:jetty-http 8.1.15.v20140411" "org.eclipse.jetty:jetty-io 8.1.15.v20140411" "org.eclipse.jetty:jetty-server 8.1.15.v20140411" "org.eclipse.jetty:jetty-util 8.1.15.v20140411" which are also not part of the WAR.
I unzipped my WAR and ran trivy:
$ trivy -d fs .
2021-12-13T15:41:37.317+0100 [35mDEBUG[0m Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
2021-12-13T15:41:37.322+0100 [35mDEBUG[0m cache dir: /home/kirchner/.cache/trivy
2021-12-13T15:41:37.322+0100 [35mDEBUG[0m DB update was skipped because DB is the latest
2021-12-13T15:41:37.323+0100 [35mDEBUG[0m DB Schema: 1, Type: 1, UpdatedAt: 2021-12-13 12:44:58.725271349 +0000 UTC, NextUpdate: 2021-12-13 18:44:58.725270949 +0000 UTC, DownloadedAt: 2021-12-13 14:40:29.3203539 +0000 UTC
2021-12-13T15:41:37.323+0100 [35mDEBUG[0m Vulnerability type: [os library]
2021-12-13T15:41:37.338+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/accessors-smart-2.4.7.jar"}
2021-12-13T15:41:37.348+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/amqp-client-5.9.0.jar"}
2021-12-13T15:41:37.353+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/android-json-0.0.20131108.vaadin1.jar"}
2021-12-13T15:41:37.355+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/animal-sniffer-annotations-1.14.jar"}
2021-12-13T15:41:37.358+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/annotations-13.0.jar"}
2021-12-13T15:41:37.360+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/annotations-3.0.1.jar"}
2021-12-13T15:41:37.362+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/annotations-9.6.0.jar"}
2021-12-13T15:41:37.366+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/antlr-2.7.7.jar"}
2021-12-13T15:41:37.371+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/antlr-runtime-3.2.jar"}
2021-12-13T15:41:37.373+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/aopalliance-1.0.jar"}
2021-12-13T15:41:37.376+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/apache-mailet-api-2.5.0.jar"}
2021-12-13T15:41:37.379+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/apache-mailet-base-2.5.0.jar"}
2021-12-13T15:41:37.381+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/api-9.6.0.jar"}
2021-12-13T15:41:37.383+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/api-smartaction-4.8.jar"}
2021-12-13T15:41:37.469+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/app.base.weshare-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:37.673+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/app.weshareprofile-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:37.679+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/app.wespace-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:37.692+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/asm-9.1.jar"}
2021-12-13T15:41:37.702+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/atmosphere-runtime-2.4.30.vaadin3.jar"}
2021-12-13T15:41:37.709+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/attoparser-2.0.5.RELEASE.jar"}
2021-12-13T15:41:37.714+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/auth-server-licenses-1.8.1.jar"}
2021-12-13T15:41:37.716+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/backend.connector.customize-0.9.0.jar"}
2021-12-13T15:41:37.725+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/backend.htmlsupport-9.6.0.jar"}
2021-12-13T15:41:37.731+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/backend.metadata-9.6.0.jar"}
2021-12-13T15:41:37.734+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/backend.rest-9.6.0.jar"}
2021-12-13T15:41:37.740+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-anim-1.14.jar"}
2021-12-13T15:41:37.746+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-awt-util-1.14.jar"}
2021-12-13T15:41:37.753+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-bridge-1.14.jar"}
2021-12-13T15:41:37.757+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-codec-1.14.jar"}
2021-12-13T15:41:37.760+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-constants-1.14.jar"}
2021-12-13T15:41:37.764+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-css-1.14.jar"}
2021-12-13T15:41:37.768+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-dom-1.14.jar"}
2021-12-13T15:41:37.772+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-ext-1.14.jar"}
2021-12-13T15:41:37.775+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-gvt-1.14.jar"}
2021-12-13T15:41:37.778+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-i18n-1.14.jar"}
2021-12-13T15:41:37.781+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-parser-1.14.jar"}
2021-12-13T15:41:37.783+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-rasterizer-1.14.jar"}
2021-12-13T15:41:37.787+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-script-1.14.jar"}
2021-12-13T15:41:37.789+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-shared-resources-1.14.jar"}
2021-12-13T15:41:37.793+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-svg-dom-1.14.jar"}
2021-12-13T15:41:37.799+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-svggen-1.14.jar"}
2021-12-13T15:41:37.803+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-svgrasterizer-1.14.jar"}
2021-12-13T15:41:37.808+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-transcoder-1.14.jar"}
2021-12-13T15:41:37.811+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-util-1.14.jar"}
2021-12-13T15:41:37.815+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/batik-xml-1.14.jar"}
2021-12-13T15:41:37.841+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/bcprov-jdk15on-1.61.jar"}
2021-12-13T15:41:37.846+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/builders-0.2.0.jar"}
2021-12-13T15:41:37.857+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/caffeine-2.8.1.jar"}
2021-12-13T15:41:37.861+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/cfg4j-core-4.4.0.jar"}
2021-12-13T15:41:37.866+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/checker-qual-2.5.2.jar"}
2021-12-13T15:41:37.874+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/chromeinspector-21.3.0.jar"}
2021-12-13T15:41:37.942+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/ckeditor-0.1.1.jar"}
2021-12-13T15:41:37.950+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/classgraph-4.8.36.jar"}
2021-12-13T15:41:37.954+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/classpathscan-9.6.0.jar"}
2021-12-13T15:41:37.957+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/com.rosaloves.bitlyj-2.0.0.jar"}
2021-12-13T15:41:37.963+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/com.springsource.org.htmlparser-1.6.0.jar"}
2021-12-13T15:41:38.076+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/common-9.6.0.jar"}
2021-12-13T15:41:38.087+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-beanutils-1.9.4.jar"}
2021-12-13T15:41:38.090+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-cli-1.4.jar"}
2021-12-13T15:41:38.094+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-codec-1.15.jar"}
2021-12-13T15:41:38.099+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-collections-3.2.2.jar"}
2021-12-13T15:41:38.106+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-collections4-4.4.jar"}
2021-12-13T15:41:38.112+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-compress-1.21.jar"}
2021-12-13T15:41:38.118+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-digester-2.1.jar"}
2021-12-13T15:41:38.121+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-email-1.5.jar"}
2021-12-13T15:41:38.124+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-fileupload-1.3.3.jar"}
2021-12-13T15:41:38.128+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-io-2.8.0.jar"}
2021-12-13T15:41:38.133+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-lang-2.6.jar"}
2021-12-13T15:41:38.138+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-lang3-3.12.0.jar"}
2021-12-13T15:41:38.141+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-logging-1.2.jar"}
2021-12-13T15:41:38.153+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-math3-3.6.1.jar"}
2021-12-13T15:41:38.158+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-modeler-2.0.1.jar"}
2021-12-13T15:41:38.167+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/commons-pool2-2.9.0.jar"}
2021-12-13T15:41:38.282+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/component.backend.connector-9.6.0.jar"}
2021-12-13T15:41:38.290+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/component.contract-9.6.0.jar"}
2021-12-13T15:41:38.298+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/component.core-9.6.0.jar"}
2021-12-13T15:41:38.302+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/component.push.receiver-9.6.0.jar"}
2021-12-13T15:41:38.314+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/component.renderer-9.6.0.jar"}
2021-12-13T15:41:38.331+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/component.renderer.data-9.6.0.jar"}
2021-12-13T15:41:38.336+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/composition-9.6.0.jar"}
2021-12-13T15:41:38.340+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/configuration-9.6.0.jar"}
2021-12-13T15:41:38.342+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/configuration.open-9.6.0.jar"}
2021-12-13T15:41:38.344+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/configuration.open.embedded-9.6.0.jar"}
2021-12-13T15:41:38.349+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/configuration.smartwe-9.6.0.jar"}
2021-12-13T15:41:38.351+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/content-type-2.1.jar"}
2021-12-13T15:41:38.363+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/crafty.endpoint.open-9.6.0.jar"}
2021-12-13T15:41:38.367+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/crafty.json-9.6.0.jar"}
2021-12-13T15:41:38.371+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/cryptacular-1.1.1.jar"}
2021-12-13T15:41:38.375+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/curvesapi-1.06.jar"}
2021-12-13T15:41:38.378+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/dagger-2.17.jar"}
2021-12-13T15:41:38.382+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/data.converters-9.6.0.jar"}
2021-12-13T15:41:38.386+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/datetime-9.6.0.jar"}
...
2021-12-13T15:41:39.019+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "de.cas.open.org.jvnet.jaxb2_commons-0.5.2.jar"}
...
...
2021-12-13T15:41:39.978+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/dom4j-2.1.3.jar"}
2021-12-13T15:41:39.989+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/ecj-4.2.1-1.jar"}
2021-12-13T15:41:40.033+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/ehcache-2.10.1.jar"}
2021-12-13T15:41:40.038+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/error_prone_annotations-2.1.3.jar"}
2021-12-13T15:41:40.045+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "net/sf/ehcache/pool/sizeof/sizeof-agent.jar"}
2021-12-13T15:41:40.047+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/ez-vcard-0.9.9-1.jar"}
2021-12-13T15:41:40.047+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "de.cas.open.supercsv-1.52.51.jar"}
2021-12-13T15:41:40.052+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/ezmorph-1.0.4.jar"}
2021-12-13T15:41:40.054+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/failureaccess-1.0.1.jar"}
2021-12-13T15:41:40.059+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/fast-classpath-scanner-3.1.7.jar"}
2021-12-13T15:41:40.064+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/FastInfoset-1.2.18.jar"}
2021-12-13T15:41:40.066+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/feature.open-9.6.0.jar"}
2021-12-13T15:41:40.070+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/fest-reflect-1.4.1.jar"}
2021-12-13T15:41:40.073+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/fest-util-1.2.4.jar"}
2021-12-13T15:41:40.076+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/flute-1.3.0.gg2.jar"}
2021-12-13T15:41:40.087+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/freemarker-2.3.28.jar"}
2021-12-13T15:41:40.091+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/gcm-server-1.0.0.jar"}
2021-12-13T15:41:40.094+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/gentyref-1.2.0.vaadin1.jar"}
2021-12-13T15:41:40.098+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/gmbal-4.0.1.jar"}
2021-12-13T15:41:40.104+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/graal-sdk-21.3.0.jar"}
2021-12-13T15:41:40.163+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/gson-2.8.6.jar"}
2021-12-13T15:41:40.181+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/guava-26.0-jre.jar"}
2021-12-13T15:41:40.191+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/guava-gwt-27.1-jre.jar"}
2021-12-13T15:41:40.199+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/guice-5.0.1.jar"}
2021-12-13T15:41:40.354+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/guice-servlet-5.0.1.jar"}
2021-12-13T15:41:40.425+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/gwt-elemental-2.8.2.jar"}
2021-12-13T15:41:40.482+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "sizeof-agent.jar"}
2021-12-13T15:41:40.483+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/gwt-graphics-1.0.0.jar"}
2021-12-13T15:41:40.549+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "ecj-4.2.1-1.jar"}
2021-12-13T15:41:40.552+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/gwt-user-2.8.2.jar"}
2021-12-13T15:41:40.570+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/HdrHistogram-2.1.12.jar"}
2021-12-13T15:41:40.589+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/httpclient-4.5.13.jar"}
2021-12-13T15:41:40.597+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/httpcore-4.4.13.jar"}
2021-12-13T15:41:40.599+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/i18n-9.6.0.jar"}
2021-12-13T15:41:40.602+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/iban4j-3.2.0.jar"}
2021-12-13T15:41:40.625+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "ez-vcard-0.9.9-1.jar"}
2021-12-13T15:41:40.654+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/icu4j-69.1.jar"}
2021-12-13T15:41:40.658+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/istack-commons-runtime-3.0.8.jar"}
2021-12-13T15:41:40.672+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/itext-2.0.8.jar"}
2021-12-13T15:41:40.675+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/j2objc-annotations-1.1.jar"}
2021-12-13T15:41:40.679+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jackson-annotations-2.11.0.jar"}
2021-12-13T15:41:40.684+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jackson-core-2.11.0.jar"}
2021-12-13T15:41:40.693+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jackson-databind-2.11.0.jar"}
2021-12-13T15:41:40.697+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jackson-dataformat-yaml-2.11.0.jar"}
2021-12-13T15:41:40.700+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jackson-datatype-jdk8-2.11.0.jar"}
2021-12-13T15:41:40.708+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jackson-datatype-jsr310-2.11.0.jar"}
2021-12-13T15:41:40.712+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jakarta.activation-1.2.2.jar"}
2021-12-13T15:41:40.715+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jakarta.activation-api-1.2.2.jar"}
2021-12-13T15:41:40.719+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jakarta.annotation-api-1.3.5.jar"}
2021-12-13T15:41:40.722+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jakarta.jws-api-1.1.1.jar"}
2021-12-13T15:41:40.728+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jakarta.mail-1.6.5.jar"}
2021-12-13T15:41:40.732+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jakarta.servlet-api-4.0.3.jar"}
2021-12-13T15:41:40.735+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jakarta.validation-api-2.0.2.jar"}
2021-12-13T15:41:40.739+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jakarta.websocket-api-1.1.2.jar"}
2021-12-13T15:41:40.742+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jakarta.xml.bind-api-2.3.3.jar"}
2021-12-13T15:41:40.745+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jakarta.xml.soap-api-1.4.2.jar"}
2021-12-13T15:41:40.750+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jakarta.xml.ws-api-2.3.3.jar"}
2021-12-13T15:41:40.761+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jasperreports-2.0.5.jar"}
2021-12-13T15:41:40.765+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jasypt-1.9.2.jar"}
2021-12-13T15:41:40.770+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/java-support-7.3.0.jar"}
2021-12-13T15:41:40.773+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/javapoet-1.11.1.jar"}
2021-12-13T15:41:40.780+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/javassist-3.24.1-GA.jar"}
2021-12-13T15:41:40.784+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/javax.annotation-api-1.3.2.jar"}
2021-12-13T15:41:40.787+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/javax.inject-1.jar"}
2021-12-13T15:41:40.793+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/javax.servlet-api-3.1.0.jar"}
2021-12-13T15:41:40.807+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jaxb-runtime-2.3.3.jar"}
2021-12-13T15:41:40.815+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jaxen-1.2.0.jar"}
2021-12-13T15:41:40.835+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jaxws-rt-2.3.3.jar"}
2021-12-13T15:41:40.838+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jcip-annotations-1.0-1.jar"}
2021-12-13T15:41:40.842+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jcl-over-slf4j-1.7.30.jar"}
2021-12-13T15:41:40.847+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jcommon-1.0.12.jar"}
2021-12-13T15:41:40.851+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jdom2-2.0.6.jar"}
2021-12-13T15:41:40.862+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jfreechart-1.0.9.jar"}
2021-12-13T15:41:40.892+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jgrapht-core-1.3.0.jar"}
2021-12-13T15:41:40.899+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jheaps-0.9.jar"}
2021-12-13T15:41:40.909+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jna-4.5.1.jar"}
2021-12-13T15:41:40.923+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jna-platform-4.5.1.jar"}
2021-12-13T15:41:40.946+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "gwt-graphics-1.0.0.jar"}
2021-12-13T15:41:41.026+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/joda-time-2.3.jar"}
2021-12-13T15:41:41.038+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/js-1.7R2.jar"}
2021-12-13T15:41:41.062+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "gwt-graphics-1.0.0.jar", "artifact": "com.github.jjYBdx4IL.gwt:gwt-graphics:1.0.0"}
2021-12-13T15:41:41.121+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/js-21.3.0.jar"}
2021-12-13T15:41:41.128+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/js-scriptengine-21.3.0.jar"}
2021-12-13T15:41:41.241+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jsinterop-annotations-1.0.2-sources.jar"}
2021-12-13T15:41:41.247+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jsinterop-annotations-1.0.2.jar"}
2021-12-13T15:41:41.274+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/json-lib-2.2.2-jdk15.jar"}
2021-12-13T15:41:41.298+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/json-simple-1.1.1.jar"}
2021-12-13T15:41:41.302+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/json-smart-2.4.7.jar"}
2021-12-13T15:41:41.308+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jsoup-1.14.2.jar"}
2021-12-13T15:41:41.312+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jsr305-3.0.1.jar"}
2021-12-13T15:41:41.315+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jul-to-slf4j-1.7.30.jar"}
2021-12-13T15:41:41.317+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/jusecase-0.4.0.jar"}
2021-12-13T15:41:41.326+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/kotlin-stdlib-1.3.71.jar"}
2021-12-13T15:41:41.332+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/kotlin-stdlib-common-1.3.70.jar"}
2021-12-13T15:41:41.472+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/lang-tag-1.5.jar"}
2021-12-13T15:41:41.477+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/LatencyUtils-2.0.3.jar"}
2021-12-13T15:41:41.482+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/libphonenumber-8.12.23.jar"}
2021-12-13T15:41:41.486+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/log4j-over-slf4j-1.7.30.jar"}
2021-12-13T15:41:41.491+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/logback-classic-1.2.3.jar"}
2021-12-13T15:41:41.496+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/logback-core-1.2.3.jar"}
2021
2021-12-13T15:41:41.520+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/logstash-logback-encoder-6.6.jar"}
2021-12-13T15:41:41.526+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/management-api-3.2.2.jar"}
2021-12-13T15:41:41.532+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/mariadb-java-client-2.2.6.jar"}
2021-12-13T15:41:41.535+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/metrics-core-4.1.0.jar"}
2021-12-13T15:41:41.538+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/metrics-healthchecks-4.1.0.jar"}
2021-12-13T15:41:41.541+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/metrics-jmx-4.1.0.jar"}
2021-12-13T15:41:41.544+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/metrics-json-4.1.0.jar"}
2021-12-13T15:41:41.547+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/metrics-jvm-4.1.0.jar"}
2021-12-13T15:41:41.549+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/metrics-servlets-4.1.0.jar"}
2021-12-13T15:41:41.556+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/micrometer-core-1.7.0.jar"}
2021-12-13T15:41:41.559+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/micrometer-jvm-extras-0.2.0.jar"}
2021-12-13T15:41:41.562+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/micrometer-registry-prometheus-1.7.0.jar"}
2021-12-13T15:41:41.596+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/microsoft-graph-2.7.0.jar"}
2021-12-13T15:41:41.601+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/microsoft-graph-core-1.0.8.jar"}
2021-12-13T15:41:41.622+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/mimepull-1.9.11.jar"}
2021-12-13T15:41:41.671+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/monitoring.session-0.9.0.jar"}
2021-12-13T15:41:41.683+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/nimbus-jose-jwt-9.12.1.jar"}
2021-12-13T15:41:41.694+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/oauth2-oidc-sdk-9.15.jar"}
2021-12-13T15:41:41.703+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/okhttp-4.7.2.jar"}
2021-12-13T15:41:41.712+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/okio-2.6.0.jar"}
2021-12-13T15:41:41.717+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/opensaml-core-3.3.0.jar"}
2021-12-13T15:41:41.720+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/opensaml-profile-api-3.3.0.jar"}
2021-12-13T15:41:41.726+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/opensaml-saml-api-3.3.0.jar"}
2021-12-13T15:41:41.735+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/opensaml-saml-impl-3.3.0.jar"}
2021-12-13T15:41:41.739+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/opensaml-security-api-3.3.0.jar"}
2021-12-13T15:41:41.742+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/opensaml-security-impl-3.3.0.jar"}
2021-12-13T15:41:41.746+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/opensaml-soap-api-3.3.0.jar"}
2021-12-13T15:41:41.750+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/opensaml-xacml-api-3.3.0.jar"}
2021-12-13T15:41:41.755+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/opensaml-xacml-impl-3.3.0.jar"}
2021-12-13T15:41:41.757+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/opensaml-xacml-saml-api-3.3.0.jar"}
2021-12-13T15:41:41.760+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/opensaml-xacml-saml-impl-3.3.0.jar"}
2021-12-13T15:41:41.764+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/opensaml-xmlsec-api-3.3.0.jar"}
2021-12-13T15:41:41.769+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/opensaml-xmlsec-impl-3.3.0.jar"}
2021-12-13T15:41:41.777+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.core.commands-3.9.700.jar"}
2021-12-13T15:41:41.781+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.core.contenttype-3.7.600.jar"}
2021-12-13T15:41:41.785+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.core.expressions-3.6.700.jar"}
2021-12-13T15:41:41.792+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.core.filesystem-1.7.700.jar"}
2021-12-13T15:41:42.008+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.core.jobs-3.10.700.jar"}
2021-12-13T15:41:42.023+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.core.resources-3.13.700.jar"}
2021-12-13T15:41:42.025+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "ant_tasks/resources-ant.jar"}
2021-12-13T15:41:42.063+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.core.runtime-3.17.100.jar"}
2021-12-13T15:41:42.073+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.core.variables-3.4.800.jar"}
2021-12-13T15:41:42.151+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.debug.core-3.15.0.jar"}
2021-12-13T15:41:42.169+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.emf.codegen-2.19.0.jar"}
2021-12-13T15:41:42.227+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.emf.codegen.ecore-2.21.0.jar"}
2021-12-13T15:41:42.234+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.emf.codegen.ecore.xtext-1.4.0.jar"}
2021-12-13T15:41:42.244+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.emf.common-2.18.0.jar"}
2021-12-13T15:41:42.253+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.emf.compare-3.5.3.CAS1.jar"}
2021-12-13T15:41:42.486+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.emf.ecore-2.21.0.jar"}
2021-12-13T15:41:42.498+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "resources-ant.jar"}
2021-12-13T15:41:42.575+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.emf.ecore.change-2.14.0.jar"}
2021-12-13T15:41:42.611+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.emf.ecore.xcore-1.13.0.jar"}
2021-12-13T15:41:42.654+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.emf.codegen-2.19.0.jar"}
2021-12-13T15:41:42.678+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.emf.codegen.ecore-2.21.0.jar"}
2021-12-13T15:41:42.687+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.emf.common-2.18.0.jar"}
2021-12-13T15:41:42.696+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.emf.ecore.xcore.lib-1.4.0.jar"}
2021-12-13T15:41:42.701+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.emf.codegen.ecore.xtext-1.4.0.jar"}
2021-12-13T15:41:42.716+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.emf.compare-3.5.3.CAS1.jar"}
2021-12-13T15:41:42.767+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.emf.codegen-2.19.0.jar", "artifact": "org.eclipse.emf:org.eclipse.emf.codegen:2.19.0"}
2021-12-13T15:41:42.767+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.emf.ecore.xmi-2.16.0.jar"}
2021-12-13T15:41:42.791+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.emf.codegen.ecore-2.21.0.jar", "artifact": "org.eclipse.emf:org.eclipse.emf.codegen.ecore:2.21.0"}
2021-12-13T15:41:42.792+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.emf.edit-2.16.0.jar"}
2021-12-13T15:41:42.796+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.emf.common-2.18.0.jar", "artifact": "org.eclipse.emf:org.eclipse.emf.common:2.18.0"}
2021-12-13T15:41:42.798+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.emf.mwe2.runtime-2.11.2.jar"}
2021-12-13T15:41:42.807+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.emf.query-1.7.0.jar"}
2021-12-13T15:41:42.822+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.emf.codegen.ecore.xtext-1.4.0.jar", "artifact": "org.eclipse.emf:org.eclipse.emf.codegen.ecore.xtext:1.4.0"}
2021-12-13T15:41:42.822+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.equinox.app-1.4.400.jar"}
2021-12-13T15:41:42.978+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.equinox.common-3.11.0.jar"}
2021-12-13T15:41:43.019+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.emf.ecore-2.21.0.jar"}
2021-12-13T15:41:43.023+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.emf.ecore.change-2.14.0.jar"}
2021-12-13T15:41:43.086+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.emf.ecore.xcore-1.13.0.jar"}
2021-12-13T15:41:43.133+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.emf.ecore.xcore.lib-1.4.0.jar"}
2021-12-13T15:41:43.137+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.emf.ecore-2.21.0.jar", "artifact": "org.eclipse.emf:org.eclipse.emf.ecore:2.21.0"}
2021-12-13T15:41:43.137+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.equinox.preferences-3.7.700.jar"}
2021-12-13T15:41:43.137+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.emf.ecore.change-2.14.0.jar", "artifact": "org.eclipse.birt.runtime:org.eclipse.emf.ecore.change:2.14.0"}
2021-12-13T15:41:43.144+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.equinox.registry-3.8.700.jar"}
2021-12-13T15:41:43.206+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.emf.ecore.xcore-1.13.0.jar", "artifact": "org.eclipse.emf:org.eclipse.emf.ecore.xcore:1.13.0"}
2021-12-13T15:41:43.206+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.jdt.core-3.21.0.jar"}
2021-12-13T15:41:43.223+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.emf.ecore.xmi-2.16.0.jar"}
2021-12-13T15:41:43.231+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "jdtCompilerAdapter.jar"}
2021-12-13T15:41:43.243+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.emf.ecore.xcore.lib-1.4.0.jar", "artifact": "org.eclipse.emf:org.eclipse.emf.ecore.xcore.lib:1.4.0"}
2021-12-13T15:41:43.244+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.jdt.debug-3.15.0.jar"}
2021-12-13T15:41:43.248+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.emf.edit-2.16.0.jar"}
2021-12-13T15:41:43.249+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "jdi.jar"}
2021-12-13T15:41:43.264+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.jdt.launching-3.17.0.jar"}
2021-12-13T15:41:43.265+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "lib/javaagent-shaded.jar"}
2021-12-13T15:41:43.271+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.emf.query-1.7.0.jar"}
2021-12-13T15:41:43.340+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.emf.ecore.xmi-2.16.0.jar", "artifact": "org.eclipse.emf:org.eclipse.emf.ecore.xmi:2.16.0"}
2021-12-13T15:41:43.341+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.osgi-3.15.200.jar"}
2021-12-13T15:41:43.365+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.emf.edit-2.16.0.jar", "artifact": "org.eclipse.emf:org.eclipse.emf.edit:2.16.0"}
2021-12-13T15:41:43.367+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.text-3.10.100.jar"}
2021-12-13T15:41:43.387+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.xtend.lib-2.21.0.jar"}
2021-12-13T15:41:43.412+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.xtend.lib.macro-2.21.0.jar"}
2021-12-13T15:41:43.572+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.xtext-2.21.0.jar"}
2021-12-13T15:41:43.588+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.xtext.common.types-2.21.0.jar"}
2021-12-13T15:41:43.606+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.xtext.ecore-2.21.0.jar"}
2021-12-13T15:41:43.677+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "jdtCompilerAdapter.jar"}
2021-12-13T15:41:43.714+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "jdi.jar"}
2021-12-13T15:41:43.714+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "jdimodel.jar"}
2021-12-13T15:41:43.721+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "javaagent-shaded.jar"}
2021-12-13T15:41:43.721+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "lib/launchingsupport.jar"}
2021-12-13T15:41:43.795+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.xtext.util-2.21.0.jar"}
2021-12-13T15:41:43.813+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.xtext.xbase-2.21.0.jar"}
2021-12-13T15:41:43.820+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/org.eclipse.xtext.xbase.lib-2.21.0.jar"}
2021-12-13T15:41:43.837+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "launchingsupport.jar"}
2021-12-13T15:41:43.851+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "jdimodel.jar"}
2021-12-13T15:41:43.951+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/owasp-java-html-sanitizer-20211018.2.jar"}
2021-12-13T15:41:43.958+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/pfl-basic-4.1.0.jar"}
2021-12-13T15:41:43.959+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.xtend.lib.macro-2.21.0.jar"}
2021-12-13T15:41:43.961+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/pfl-tf-4.1.0.jar"}
2021-12-13T15:41:43.973+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.xtend.lib-2.21.0.jar"}
2021-12-13T15:41:43.978+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/poi-5.0.0.jar"}
2021-12-13T15:41:43.991+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/poi-ooxml-5.0.0.jar"}
2021-12-13T15:41:44.068+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.xtend.lib.macro-2.21.0.jar", "artifact": "org.eclipse.xtend:org.eclipse.xtend.lib.macro:2.21.0"}
2021-12-13T15:41:44.068+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/poi-ooxml-lite-5.0.0.jar"}
2021-12-13T15:41:44.090+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.xtend.lib-2.21.0.jar", "artifact": "org.eclipse.xtend:org.eclipse.xtend.lib:2.21.0"}
2021-12-13T15:41:44.090+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/policy-2.7.10.jar"}
2021-12-13T15:41:44.096+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/profiler-1.0.2.jar"}
2021-12-13T15:41:44.103+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/profiler-21.3.0.jar"}
2021-12-13T15:41:44.152+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.xtext-2.21.0.jar"}
2021-12-13T15:41:44.157+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.xtext.common.types-2.21.0.jar"}
2021-12-13T15:41:44.272+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.xtext.common.types-2.21.0.jar", "artifact": "org.eclipse.xtext:org.eclipse.xtext.common.types:2.21.0"}
2021-12-13T15:41:44.272+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.xtext-2.21.0.jar", "artifact": "org.eclipse.xtext:org.eclipse.xtext:2.21.0"}
2021-12-13T15:41:44.273+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/rabbitmq.base-2.9.0.jar"}
2021-12-13T15:41:44.277+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/rabbitmq.base.spring-2.9.0.jar"}
2021-12-13T15:41:44.280+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/rabbitmq.connect-9.6.0.jar"}
2021-12-13T15:41:44.282+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/rabbitmq.event-2.9.0.jar"}
2021-12-13T15:41:44.284+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.xtext.ecore-2.21.0.jar"}
2021-12-13T15:41:44.285+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/rabbitmq.event.spring-2.9.0.jar"}
2021-12-13T15:41:44.290+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/rabbitmq.healthcheck-2.9.0.jar"}
2021-12-13T15:41:44.295+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/rabbitmq.push-2.9.0.jar"}
2021-12-13T15:41:44.299+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/rabbitmq.push.spring-2.9.0.jar"}
2021-12-13T15:41:44.304+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/rabbitmq.system-2.9.0.jar"}
2021-12-13T15:41:44.309+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/rabbitmq.system-9.6.0.jar"}
2021-12-13T15:41:44.315+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/rabbitmq.system.spring-2.9.0.jar"}
2021-12-13T15:41:44.321+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/reactive-9.6.0.jar"}
2021-12-13T15:41:44.326+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/reactive-streams-1.0.3.jar"}
2021-12-13T15:41:44.338+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.xtext.util-2.21.0.jar"}
2021-12-13T15:41:44.340+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/reactor-core-3.4.0.jar"}
2021-12-13T15:41:44.388+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.xtext.xbase.lib-2.21.0.jar"}
2021-12-13T15:41:44.400+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.xtext.ecore-2.21.0.jar", "artifact": "org.eclipse.xtext:org.eclipse.xtext.ecore:2.21.0"}
2021-12-13T15:41:44.400+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/redux-9.6.0.jar"}
2021-12-13T15:41:44.409+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/reflections-0.9.10.jar"}
2021-12-13T15:41:44.410+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "org.eclipse.xtext.xbase-2.21.0.jar"}
2021-12-13T15:41:44.429+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/regex-21.3.0.jar"}
2021-12-13T15:41:44.504+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.xtext.xbase.lib-2.21.0.jar", "artifact": "org.eclipse.xtext:org.eclipse.xtext.xbase.lib:2.21.0"}
2021-12-13T15:41:44.504+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/restrain-0.1.jar"}
2021-12-13T15:41:44.530+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.xtext.xbase-2.21.0.jar", "artifact": "org.eclipse.xtext:org.eclipse.xtext.xbase:2.21.0"}
2021-12-13T15:41:44.531+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/rome-1.6.0.jar"}
2021-12-13T15:41:44.531+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "rome-utils-1.6.0.jar"}
2021-12-13T15:41:44.535+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/rome-utils-1.6.0.jar"}
2021-12-13T15:41:44.552+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/rxjava-3.0.4.jar"}
2021-12-13T15:41:44.564+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/saaj-impl-1.5.2.jar"}
2021-12-13T15:41:44.567+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/sac-1.3.jar"}
2021-12-13T15:41:44.572+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/scribejava-apis-6.9.0.jar"}
2021-12-13T15:41:44.578+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/scribejava-core-6.9.0.jar"}
2021-12-13T15:41:44.581+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/scripting.api-7.0.2.jar"}
2021-12-13T15:41:44.593+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "org.eclipse.xtext.util-2.21.0.jar", "artifact": "org.eclipse.xtext:org.eclipse.xtext.util:2.21.0"}
2021-12-13T15:41:44.596+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/scripting.ast-7.0.2.jar"}
2021-12-13T15:41:44.603+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/scripting.ast.analyze-7.0.2.jar"}
2021-12-13T15:41:44.609+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/scripting.core-7.0.2.jar"}
2021-12-13T15:41:44.613+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/scripting.emf-7.0.2.jar"}
2021-12-13T15:41:44.619+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/scripting.integration-7.0.2.jar"}
2021-12-13T15:41:44.624+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/scripting.libraries.standard-7.0.2.jar"}
2021-12-13T15:41:44.630+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/secondstring-1.0.0.jar"}
2021-12-13T15:41:44.639+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/simpleclient-0.10.0.jar"}
2021-12-13T15:41:44.642+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/simpleclient_caffeine-0.7.0.jar"}
2021-12-13T15:41:44.645+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/simpleclient_common-0.10.0.jar"}
2021-12-13T15:41:44.649+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/slf4j-api-1.7.30.jar"}
2021-12-13T15:41:44.652+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/smartdesignx.appointment-0.9.0.jar"}
2021-12-13T15:41:44.656+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/smartdesignx.vam.event.base-0.9.0.jar"}
2021-12-13T15:41:44.661+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/smartdesignx.vam.registration.base-0.9.0.jar"}
2021-12-13T15:41:44.666+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/smartgrid.app.base-3.0.1.jar"}
2021-12-13T15:41:44.670+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/smartgrid.common-3.0.1.jar"}
2021-12-13T15:41:44.675+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/smartgrid.model-3.0.1.jar"}
2021-12-13T15:41:44.680+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/smartgrid.server-3.0.1.jar"}
2021-12-13T15:41:44.684+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/smartgrid.server.api-3.0.1.jar"}
2021-12-13T15:41:44.692+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/smartgrid.widget.vaadin-3.0.1.jar"}
2021-12-13T15:41:44.703+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/snakeyaml-1.27.jar"}
2021-12-13T15:41:44.709+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/soccerbet-repository-api-0.0.8.jar"}
2021-12-13T15:41:44.714+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/SparseBitSet-1.2.jar"}
2021-12-13T15:41:44.720+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-amqp-2.3.7.jar"}
2021-12-13T15:41:44.728+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-aop-5.3.7.jar"}
2021-12-13T15:41:44.738+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-beans-5.3.7.jar"}
2021-12-13T15:41:44.778+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-boot-2.5.0.jar"}
2021-12-13T15:41:44.791+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-boot-autoconfigure-2.5.0.jar"}
2021-12-13T15:41:44.867+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-context-5.3.7.jar"}
2021-12-13T15:41:44.973+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "restrain-0.1.jar"}
2021-12-13T15:41:45.018+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-context-support-5.3.7.jar"}
2021-12-13T15:41:45.090+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-core-5.3.7.jar"}
2021-12-13T15:41:45.143+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-expression-5.3.7.jar"}
2021-12-13T15:41:45.157+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-jcl-5.3.7.jar"}
2021-12-13T15:41:45.178+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-jdbc-5.3.7.jar"}
2021-12-13T15:41:45.190+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "secondstring-1.0.0.jar"}
2021-12-13T15:41:45.194+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-messaging-5.3.7.jar"}
2021-12-13T15:41:45.216+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-oxm-5.3.7.jar"}
2021-12-13T15:41:45.248+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-plugin-core-1.2.0.RELEASE.jar"}
2021-12-13T15:41:45.255+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-rabbit-2.3.7.jar"}
2021-12-13T15:41:45.306+0100 [35mDEBUG[0m POM was determined in a heuristic way {"file": "secondstring-1.0.0.jar", "artifact": "org.openrefine.dependencies:secondstring:1.0.0"}
2021-12-13T15:41:45.306+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-retry-1.3.1.jar"}
2021-12-13T15:41:45.313+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-security-core-5.5.0.jar"}
2021-12-13T15:41:45.323+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-security-crypto-5.5.0.jar"}
2021-12-13T15:41:45.485+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-tx-5.3.7.jar"}
2021-12-13T15:41:45.528+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-tx-cache-decorator-1.0.4.jar"}
2021-12-13T15:41:45.542+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-web-5.3.7.jar"}
2021-12-13T15:41:45.607+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-webmvc-5.3.7.jar"}
2021-12-13T15:41:45.617+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-ws-core-3.0.7.RELEASE.jar"}
2021-12-13T15:41:45.622+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-ws-security-3.0.7.RELEASE.jar"}
2021-12-13T15:41:45.625+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/spring-xml-3.0.7.RELEASE.jar"}
2021-12-13T15:41:45.630+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/springdoc-openapi-common-1.5.9.jar"}
2021-12-13T15:41:45.633+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/springdoc-openapi-webmvc-core-1.5.9.jar"}
2021-12-13T15:41:45.636+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/stax-ex-1.8.3.jar"}
2021-12-13T15:41:45.640+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/stax2-api-4.1.jar"}
2021-12-13T15:41:45.643+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/streambuffer-1.5.9.jar"}
2021-12-13T15:41:45.647+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/stringtemplate-3.2.jar"}
2021-12-13T15:41:45.651+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/swagger-annotations-2.1.9.jar"}
2021-12-13T15:41:45.655+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/swagger-core-2.1.9.jar"}
2021-12-13T15:41:45.658+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/swagger-integration-2.1.9.jar"}
2021-12-13T15:41:45.662+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/swagger-models-2.1.9.jar"}
2021-12-13T15:41:45.666+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/thumbnailator-0.4.15.jar"}
2021-12-13T15:41:45.675+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/thymeleaf-3.0.11.RELEASE.jar"}
2021-12-13T15:41:45.681+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/thymeleaf-spring5-3.0.11.RELEASE.jar"}
2021-12-13T15:41:45.687+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/tika-core-1.23.jar"}
2021-12-13T15:41:45.693+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/tomcat-jdbc-9.0.1.jar"}
2021-12-13T15:41:45.698+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/tomcat-juli-9.0.1.jar"}
2021-12-13T15:41:45.761+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/truffle-api-21.3.0.jar"}
2021-12-13T15:41:45.779+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/twitter4j-core-4.0.4.jar"}
2021-12-13T15:41:45.782+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/txw2-2.3.3.jar"}
2021-12-13T15:41:45.787+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/type-parser-0.5.0.jar"}
2021-12-13T15:41:45.791+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/typetools-0.4.4.jar"}
2021-12-13T15:41:45.796+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/unbescape-1.1.6.RELEASE.jar"}
2021-12-13T15:41:45.934+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin-client-8.13.0.jar"}
2021-12-13T15:41:45.948+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin-compatibility-client-8.13.0.jar"}
2021-12-13T15:41:45.955+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin-compatibility-server-8.13.0.jar"}
2021-12-13T15:41:45.959+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin-compatibility-shared-8.13.0.jar"}
2021-12-13T15:41:45.970+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin-compatibility-themes-8.13.0.jar"}
2021-12-13T15:41:45.973+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin-push-8.13.0.jar"}
2021-12-13T15:41:45.979+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin-sass-compiler-0.9.13.jar"}
2021-12-13T15:41:45.994+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin-server-8.13.0.jar"}
2021-12-13T15:41:46.000+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin-shared-8.13.0.jar"}
2021-12-13T15:41:46.004+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin-slf4j-jdk14-1.6.1.jar"}
2021-12-13T15:41:46.039+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin-themes-8.13.0.jar"}
2021-12-13T15:41:46.050+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin.theme-9.6.0.jar"}
2021-12-13T15:41:46.057+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin.theme.base-9.6.0.jar"}
2021-12-13T15:41:46.066+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin.theme.vam-0.9.0.jar"}
2021-12-13T15:41:46.093+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin.widget-9.6.0.jar"}
2021-12-13T15:41:46.116+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin.widget.base-9.6.0.jar"}
2021-12-13T15:41:46.121+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin.widget.common-9.6.0.jar"}
2021-12-13T15:41:46.127+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vaadin.widget.htmleditor-9.6.0.jar"}
2021-12-13T15:41:46.132+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/validation-9.6.0.jar"}
2021-12-13T15:41:46.135+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/validation-api-1.0.0.GA-sources.jar"}
2021-12-13T15:41:46.138+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/validation.api-9.6.0.jar"}
2021-12-13T15:41:46.140+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vam.shared.assembly.descriptors-0.9.0.jar"}
2021-12-13T15:41:46.146+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/velocity-1.7.jar"}
2021-12-13T15:41:46.150+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/velocity-tools-view-1.4.jar"}
2021-12-13T15:41:46.153+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/vt-password-3.1.2-1.jar"}
2021-12-13T15:41:46.157+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/waffle-jna-1.9.1.jar"}
2021-12-13T15:41:46.159+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/web.contribution-9.6.0.jar"}
2021-12-13T15:41:46.162+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/webapi.content-9.6.0.jar"}
2021-12-13T15:41:46.166+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/webapi.rest-9.6.0.jar"}
2021-12-13T15:41:46.171+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.app.runtime-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.174+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.backend.connector-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.176+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.renderer-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.180+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.common-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.183+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.common.api-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.185+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.management.connector-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.188+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.management.connector.api-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.191+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.messagebroker.operations.usermanagement-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.194+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.profile-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.196+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.profile.api-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.199+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.sharedobjectmanagement-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.202+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.sharedobjectmanagement.api-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.205+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.user-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.207+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.user.api-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.210+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.usermanagement-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.213+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.usermanagement.api-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.216+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.util-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.219+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.wespace-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.222+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.wespace.api-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.226+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.wespacemanagement-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.229+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.server.wespacemanagement.api-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.233+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/weshare.widget-2.6.0-SNAPSHOT.jar"}
2021-12-13T15:41:46.258+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/woodstox-core-5.1.0.jar"}
2021-12-13T15:41:46.263+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/wss4j-ws-security-common-2.2.0.jar"}
2021-12-13T15:41:46.270+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/wss4j-ws-security-dom-2.2.0.jar"}
2021-12-13T15:41:46.273+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/xml-apis-ext-1.3.04.jar"}
2021-12-13T15:41:46.288+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/xmlbeans-4.0.0.jar"}
2021-12-13T15:41:46.299+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/xmlgraphics-commons-2.2.jar"}
2021-12-13T15:41:46.304+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/XmlSchema-1.3.2.jar"}
2021-12-13T15:41:46.309+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/xom-1.2.10.jar"}
2021-12-13T15:41:46.324+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/xws-security-3.0.jar"}
2021-12-13T15:41:46.335+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/yuicompressor-2.4.8.jar"}
2021-12-13T15:41:46.584+0100 [35mDEBUG[0m Parsing Java artifacts... {"file": "WEB-INF/lib/zjsonpatch-0.4.11.jar"}
2021-12-13T15:41:46.698+0100 [35mDEBUG[0m No such POM in the central repositories {"file": "vt-password-3.1.2-1.jar"}
2021-12-13T15:41:46.894+0100 [35mDEBUG[0m OS is not detected and vulnerabilities in OS packages are not detected.
2021-12-13T15:41:46.894+0100 [35mDEBUG[0m Detected OS: unknown
2021-12-13T15:41:46.894+0100 [34mINFO[0m Number of language-specific files: 1
2021-12-13T15:41:46.895+0100 [34mINFO[0m Detecting jar vulnerabilities...
2021-12-13T15:41:46.895+0100 [35mDEBUG[0m Detecting library vulnerabilities, type: jar, path:
Java (jar)
==========
Total: 73 (UNKNOWN: 0, LOW: 2, MEDIUM: 13, HIGH: 35, CRITICAL: 23)
+---------------------------------------------------+---------------------+----------+-------------------+--------------------------------+---------------------------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------------------------------------------+---------------------+----------+-------------------+--------------------------------+---------------------------------------------------------------------------------+
| com.fasterxml.jackson.core:jackson-databind | CVE-2017-15095 | CRITICAL | 2.3.3 | 2.7.9.2, 2.8.10, 2.9.1 | jackson-databind: Unsafe |
| | | | | | deserialization due to |
| | | | | | incomplete black list (incomplete |
| | | | | | fix for CVE-2017-7525)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-15095 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2017-17485 | | | 2.8.11, 2.9.4 | jackson-databind: Unsafe |
| | | | | | deserialization due to |
| | | | | | incomplete black list (incomplete |
| | | | | | fix for CVE-2017-15095)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-17485 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2017-7525 | | | 2.7.9.1, 2.6.7.1, 2.8.9 | jackson-databind: Deserialization |
| | | | | | vulnerability via readValue |
| | | | | | method of ObjectMapper |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-7525 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2018-11307 | | | 2.7.9.4, 2.8.11.2, 2.9.6 | jackson-databind: Potential |
| | | | | | information exfiltration with |
| | | | | | default typing, serialization |
| | | | | | gadget from MyBatis |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-11307 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2018-14718 | | | 2.6.7.2, 2.9.7 | jackson-databind: arbitrary code |
| | | | | | execution in slf4j-ext class |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-14718 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2018-14719 | | | 2.7.9.5, 2.8.11.3, 2.9.7 | jackson-databind: arbitrary |
| | | | | | code execution in blaze-ds-opt |
| | | | | | and blaze-ds-core classes |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-14719 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2018-7489 | | | 2.7.9.3, 2.8.11.1, 2.9.5 | jackson-databind: incomplete fix |
| | | | | | for CVE-2017-7525 permits unsafe |
| | | | | | serialization via c3p0 libraries |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-7489 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-14379 | | | 2.9.9.2 | jackson-databind: default |
| | | | | | typing mishandling leading |
| | | | | | to remote code execution |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14379 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-14540 | | | 2.9.10 | jackson-databind: |
| | | | | | Serialization gadgets in |
| | | | | | com.zaxxer.hikari.HikariConfig |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14540 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-14892 | | | 2.9.10, 2.8.11.5, 2.6.7.3 | jackson-databind: Serialization |
| | | | | | gadgets in classes of the |
| | | | | | commons-configuration package |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14892 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-14893 | | | 2.8.11.5, 2.9.10 | jackson-databind: |
| | | | | | Serialization gadgets in |
| | | | | | classes of the xalan package |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14893 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-16335 | | | 2.9.10 | jackson-databind: |
| | | | | | Serialization gadgets in |
| | | | | | com.zaxxer.hikari.HikariDataSource |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-16335 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-16942 | | | 2.9.10.1 | jackson-databind: |
| | | | | | Serialization gadgets in |
| | | | | | org.apache.commons.dbcp.datasources.* |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-16942 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2019-16943 | | | | jackson-databind: |
| | | | | | Serialization gadgets in |
| | | | | | com.p6spy.engine.spy.P6DataSource |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-16943 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-17267 | | | 2.9.10 | jackson-databind: Serialization |
| | | | | | gadgets in classes of |
| | | | | | the ehcache package |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17267 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-17531 | | | 2.9.10.1 | jackson-databind: |
| | | | | | Serialization gadgets in |
| | | | | | org.apache.log4j.receivers.db.* |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17531 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-20330 | | | 2.9.10.2, 2.8.11.5 | jackson-databind: lacks |
| | | | | | certain net.sf.ehcache blocking |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20330 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-8840 | | | 2.9.10.3, 2.8.11.5 | jackson-databind: Lacks certain |
| | | | | | xbean-reflect/JNDI blocking |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-8840 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-9547 | | | 2.9.10.4 | jackson-databind: Serialization |
| | | | | | gadgets in ibatis-sqlmap |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-9547 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-9548 | | | | jackson-databind: Serialization |
| | | | | | gadgets in anteros-core |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-9548 |
+ +---------------------+----------+ +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2018-12022 | HIGH | | 2.8.11.2, 2.7.9.4, 2.9.6 | jackson-databind: improper |
| | | | | | polymorphic deserialization |
| | | | | | of types from Jodd-db library |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12022 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2018-5968 | | | 2.7.9.5, 2.8.11.1, 2.9.4 | jackson-databind: unsafe |
| | | | | | deserialization due to incomplete |
| | | | | | blacklist (incomplete fix |
| | | | | | for CVE-2017-7525 and... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5968 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-12086 | | | 2.9.9 | jackson-databind: polymorphic |
| | | | | | typing issue allows attacker to |
| | | | | | read arbitrary local files on... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-12086 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-14439 | | | 2.9.9.2 | jackson-databind: Polymorphic |
| | | | | | typing issue related to logback/JNDI |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14439 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-10673 | | | 2.9.10.4 | jackson-databind: mishandles |
| | | | | | the interaction between |
| | | | | | serialization gadgets and |
| | | | | | typing which could result... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10673 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-24616 | | | 2.9.10.6 | jackson-databind: mishandles the |
| | | | | | interaction between serialization |
| | | | | | gadgets and typing, related to |
| | | | | | br.com.anteros.dbcp.AnterosDBCPDataSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-24616 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-24750 | | | | jackson-databind: Serialization gadgets in |
| | | | | | com.pastdev.httpcomponents.configuration.JndiConfiguration |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-24750 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-25649 | | | 2.10.5.1, 2.9.10.7, 2.6.7.4 | jackson-databind: FasterXML |
| | | | | | DOMDeserializer insecure |
| | | | | | entity expansion is vulnerable |
| | | | | | to XML external entity... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-25649 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-35490 | | | 2.9.10.8 | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.commons.dbcp2.datasources.PerUserPoolDataSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-35490 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-35491 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.commons.dbcp2.datasources.SharedPoolDataSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-35491 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36179 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36179 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36180 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36180 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36181 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36181 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36182 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36182 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36183 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36183 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36184 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36184 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36185 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36185 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36186 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36186 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36187 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36187 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36188 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36188 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36189 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36189 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2021-20190 | | | 2.9.10.7 | jackson-databind: mishandles |
| | | | | | the interaction between |
| | | | | | serialization gadgets and |
| | | | | | typing, related to javax.swing... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-20190 |
+ +---------------------+----------+ +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2018-1000873 | MEDIUM | | 2.9.8 | jackson-modules-java8: DoS due |
| | | | | | to an Improper Input Validation |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000873 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-12384 | | | 2.9.9.1 | jackson-databind: failure |
| | | | | | to block the logback-core |
| | | | | | class from polymorphic |
| | | | | | deserialization leading to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-12384 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2019-12814 | | | | jackson-databind: polymorphic |
| | | | | | typing issue allows attacker to |
| | | | | | read arbitrary local files on... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-12814 |
+---------------------------------------------------+---------------------+----------+-------------------+--------------------------------+---------------------------------------------------------------------------------+
| com.google.guava:guava | CVE-2020-8908 | LOW | 26.0-jre | 30.0 | guava: local information |
| | | | | | disclosure via temporary directory |
| | | | | | created with unsafe permissions |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-8908 |
+---------------------------------------------------+---------------------+----------+-------------------+--------------------------------+---------------------------------------------------------------------------------+
| com.vaadin:vaadin-server | CVE-2021-33609 | MEDIUM | 8.13.0 | 8.14.1 | Denial of service in |
| | | | | | DataCommunicator class in Vaadin 8 |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33609 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | GHSA-j23j-q57m-63v3 | | | | Denial of service in |
| | | | | | DataCommunicator class in Vaadin 8 |
| | | | | | -->github.com/advisories/GHSA-j23j-q57m-63v3 |
+---------------------------------------------------+---------------------+ +-------------------+--------------------------------+---------------------------------------------------------------------------------+
| org.apache.tika:tika-core | CVE-2020-1950 | | 1.23 | 1.24 | tika: excessive memory |
| | | | | | usage in PSDParser |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1950 |
+ +---------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-1951 | | | | Infinite Loop in Apache Tika |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1951 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2021-28657 | | | 1.26 | tika-parsers: Infinite |
| | | | | | loop in MP3Parser |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-28657 |
+---------------------------------------------------+---------------------+ +-------------------+--------------------------------+---------------------------------------------------------------------------------+
| org.bouncycastle:bcprov-jdk15on | CVE-2020-15522 | | 1.61 | 1.66 | bouncycastle: Timing issue |
| | | | | | within the EC math library |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-15522 |
+---------------------------------------------------+---------------------+----------+-------------------+--------------------------------+---------------------------------------------------------------------------------+
| org.cryptacular:cryptacular | CVE-2020-7226 | HIGH | 1.1.1 | 1.1.4, 1.2.4 | cryptacular: excessive memory |
| | | | | | allocation during a decode operation |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-7226 |
+---------------------------------------------------+---------------------+ +-------------------+--------------------------------+---------------------------------------------------------------------------------+
| org.eclipse.jetty:jetty-http | CVE-2020-27216 | | 8.1.15.v20140411 | 9.3.29.v20201019, | jetty: local temporary directory |
| | | | | 9.4.32.v20200930, 11.0.1 | hijacking vulnerability |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27216 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2021-28165 | | | 9.4.39.v20210325, 10.0.2, | jetty: Resource exhaustion when |
| | | | | 11.0.2 | receiving an invalid large TLS frame |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-28165 |
+ +---------------------+----------+ +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-10247 | MEDIUM | | 9.2.28.v20190418, | jetty: error path |
| | | | | 9.3.27.v20190418, | information disclosure |
| | | | | 9.4.17.v20190418 | -->avd.aquasec.com/nvd/cve-2019-10247 |
+---------------------------------------------------+---------------------+----------+ +--------------------------------+---------------------------------------------------------------------------------+
| org.eclipse.jetty:jetty-io | CVE-2021-28165 | HIGH | | 9.4.39.v20210325, 10.0.2, | jetty: Resource exhaustion when |
| | | | | 11.0.2 | receiving an invalid large TLS frame |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-28165 |
+---------------------------------------------------+---------------------+----------+ +--------------------------------+---------------------------------------------------------------------------------+
| org.eclipse.jetty:jetty-server | CVE-2017-7657 | CRITICAL | | 9.3.24.v20180605, | jetty: HTTP request smuggling |
| | | | | 9.2.25.v20180606 | -->avd.aquasec.com/nvd/cve-2017-7657 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2017-7658 | | | 9.2.26.v20180806, | jetty: Incorrect header handling |
| | | | | 9.3.24.v20180605, | -->avd.aquasec.com/nvd/cve-2017-7658 |
| | | | | 9.4.11.v20180605 | |
+ +---------------------+----------+ +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2015-2080 | HIGH | | 9.2.9.v20150224 | jetty: remote unauthenticated |
| | | | | | credential exposure |
| | | | | | -->avd.aquasec.com/nvd/cve-2015-2080 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2017-7656 | | | 9.2.26.v20180806, | jetty: HTTP request smuggling |
| | | | | 9.3.24.v20180605, | using the range header |
| | | | | 9.4.11.v20180605 | -->avd.aquasec.com/nvd/cve-2017-7656 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-27216 | | | 9.3.29.v20201019, | jetty: local temporary directory |
| | | | | 9.4.32.v20200930, 11.0.1 | hijacking vulnerability |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27216 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2021-28165 | | | 9.4.39.v20210325, 10.0.2, | jetty: Resource exhaustion when |
| | | | | 11.0.2 | receiving an invalid large TLS frame |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-28165 |
+ +---------------------+----------+ +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-10241 | MEDIUM | | 9.4.16.v20190411, | jetty: using specially formatted |
| | | | | 9.3.26.v20190403, | URL against DefaultServlet or |
| | | | | 9.2.27.v20190403 | ResourceHandler leads to XSS... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-10241 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-10247 | | | 9.2.28.v20190418, | jetty: error path |
| | | | | 9.3.27.v20190418, | information disclosure |
| | | | | 9.4.17.v20190418 | -->avd.aquasec.com/nvd/cve-2019-10247 |
+ +---------------------+----------+ +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2021-34428 | LOW | | 9.4.40.v20210413, 10.0.3, | jetty: SessionListener can |
| | | | | 11.0.3 | prevent a session from being |
| | | | | | invalidated breaking logout |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-34428 |
+---------------------------------------------------+---------------------+----------+ +--------------------------------+---------------------------------------------------------------------------------+
| org.eclipse.jetty:jetty-util | CVE-2017-9735 | HIGH | | 9.4.6.v20170531 | jetty: Timing channel attack |
| | | | | | in util/security/Password.java |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-9735 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-27216 | | | 9.3.29.v20201019, | jetty: local temporary directory |
| | | | | 9.4.32.v20200930, 11.0.1 | hijacking vulnerability |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27216 |
+ +---------------------+ + +--------------------------------+---------------------------------------------------------------------------------+
| | CVE-2021-28165 | | | 9.4.39.v20210325, 10.0.2, | jetty: Resource exhaustion when |
| | | | | 11.0.2 | receiving an invalid large TLS frame |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-28165 |
+---------------------------------------------------+---------------------+ +-------------------+--------------------------------+---------------------------------------------------------------------------------+
| org.jdom:jdom2 | CVE-2021-33813 | | 2.0.6 | | jdom: XXE allows attackers to |
| | | | | | cause a DoS via a crafted HTTP... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33813 |
+---------------------------------------------------+---------------------+----------+-------------------+--------------------------------+---------------------------------------------------------------------------------+
| org.springframework.amqp:spring-amqp | CVE-2021-22097 | MEDIUM | 2.3.7 | 2.2.19.RELEASE, 2.3.11 | Deserialization of Untrusted Data |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22097 |
+---------------------------------------------------+---------------------+----------+-------------------+--------------------------------+---------------------------------------------------------------------------------+
| org.springframework.security:spring-security-core | CVE-2021-22119 | HIGH | 5.5.0 | 5.2.11.RELEASE, | spring-security: Denial-of-Service |
| | | | | 5.3.10.RELEASE, 5.4.7, 5.5.1 | (DoS) attack via initiation |
| | | | | | of Authorization Request |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22119 |
+---------------------------------------------------+---------------------+----------+-------------------+--------------------------------+---------------------------------------------------------------------------------+
| org.thymeleaf:thymeleaf-spring5 | CVE-2021-43466 | CRITICAL | 3.0.11.RELEASE | | Template injection |
| | | | | | in thymeleaf-spring5 |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-43466 |
+---------------------------------------------------+---------------------+----------+-------------------+--------------------------------+---------------------------------------------------------------------------------+
I could downstrip the example to a single library: ehcache-2.10.1.jar.
I put this in a folder and ran trivy -d fs . and get the CVEs on com.fasterxml.jackson.core:jackson-databind as well as the jetty libs.
Maven coordinates:
<groupId>net.sf.ehcache</groupId>
<version>2.10.1</version>
<artifactId>ehcache</artifactId>I now unzipped the JAR and searched for the offending names:
/tmp/WEB-INF/lib/ehcache-2.10.1$ find -name *jetty*
./rest-management-private-classpath/jetty-dir.css
./rest-management-private-classpath/META-INF/maven/org.eclipse.jetty
./rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-continuation
./rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-http
./rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-io
./rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-security
./rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-server
./rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-servlet
./rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-util
./rest-management-private-classpath/org/eclipse/jetty
/tmp/WEB-INF/lib/ehcache-2.10.1$ find -name *jackson*
./rest-management-private-classpath/com/fasterxml/jackson
./rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core
./rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-annotations
./rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-core
./rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-databind
./rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.jaxrs
./rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base
./rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider
./rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.module
./rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations
./rest-management-private-classpath/META-INF/services/com.fasterxml.jackson.core.JsonFactory
./rest-management-private-classpath/META-INF/services/com.fasterxml.jackson.core.ObjectCodec
./rest-management-private-classpath/META-INF/services/com.fasterxml.jackson.databind.ModuleSo it seems that ehcache sort of repackages the offending libraries. I cannot say yet from which version the repackaged class files are.
So as an intermediate request to trivy I'd like to propose to print out the path to the offending library.
afdesk
commented
2 years ago I'd like to propose to print out the path to the offending library.
sorry for waiting. we're working on it right now.
afdesk
commented
2 years ago @MartinKirchner now trivy json format prints data with PkhPath.
Note: there was disabled JAR detection in fs/repo scanning.
It works for me:
trivy -d rootfs -f json -o r.json --offline-scan .I've tests this option in trivy v0.22.0.
MartinKirchner
commented
2 years ago @afdesk That is great! I updated and tried it out. Thanks a lot! I wish you all the best in 2022.
afdesk
commented
2 years ago @MartinKirchner thanks a lot! all the best to you too!!
can we close this issue again?
MartinKirchner
commented
2 years ago @afdesk In my opinion you can close the issue. However, it was originally from @jvitrifork and I have no idea if his problem is solved.
jvitrifork
commented
2 years ago works for me ;)
avenegasm
commented
2 years ago Muchas gracias maestro maquina !!!!!!!!!
@MartinKirchner now
trivyjson format prints data withPkhPath.Note: there was disabled JAR detection in fs/repo scanning.
It works for me:
trivy -d rootfs -f json -o r.json --offline-scan .I've tests this option in
trivyv0.22.0.
Trivy detects jackson in a docker image but fails to take the version into account
The CVE mentions
FasterXML jackson-databind 2.x before 2.9.7but the contents of the docker image is jackson-*-2.10.3