Critical
High
Medium
Low
Secrets
Misconfig
| Severity | CVE ID | Package | Installed | Fixed In | Description |
|---|---|---|---|---|---|
| MEDIUM | CVE-2025-11226 | ch.qos.logback:logback-core | 1.5.18 | 1.5.19, 1.3.16 | ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core |
| MEDIUM | CVE-2025-58057 | io.netty:netty-codec | 4.1.119.Final | 4.1.125.Final | netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style |
| MEDIUM | CVE-2025-67735 | io.netty:netty-codec-http | 4.1.119.Final | 4.2.8.Final, 4.1.129.Final | netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection |
| HIGH | CVE-2025-55163 | io.netty:netty-codec-http2 | 4.1.119.Final | 4.2.4.Final, 4.1.124.Final | netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability |
| MEDIUM | CVE-2025-22227 | io.projectreactor.netty:reactor-netty-http | 1.1.29 | 1.3.0-M5, 1.2.8 | io.projectreactor.netty/reactor-netty: Reactor Netty Credential Leak via Redirects |
| HIGH | CVE-2025-48988 | org.apache.tomcat.embed:tomcat-embed-core | 10.1.40 | 11.0.8, 10.1.42, 9.0.106 | tomcat: Apache Tomcat DoS in multipart upload |
| HIGH | CVE-2025-48989 | org.apache.tomcat.embed:tomcat-embed-core | 10.1.40 | 11.0.10, 10.1.44, 9.0.108 | tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames |
| HIGH | CVE-2025-55752 | org.apache.tomcat.embed:tomcat-embed-core | 10.1.40 | 11.0.11, 10.1.45, 9.0.109 | tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possi |
| MEDIUM | CVE-2025-49124 | org.apache.tomcat.embed:tomcat-embed-core | 10.1.40 | 11.0.8, 10.1.42, 9.0.106 | Apache Tomcat installer for Windows has an untrusted search path vulnerability |
| MEDIUM | CVE-2025-49125 | org.apache.tomcat.embed:tomcat-embed-core | 10.1.40 | 11.0.8, 10.1.42, 9.0.106 | tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources |
| MEDIUM | CVE-2025-66614 | org.apache.tomcat.embed:tomcat-embed-core | 10.1.40 | 11.0.14, 10.1.49, 9.0.112 | tomcat: Client certificate verification bypass due to virtual host mapping |
| HIGH | CVE-2024-10039 | org.keycloak:keycloak-core | 25.0.6 | 26.0.6 | keycloak-core: mTLS passthrough |
| HIGH | CVE-2025-41249 | org.springframework:spring-core | 6.1.19 | 6.2.11 | org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability |
| MEDIUM | CVE-2025-41234 | org.springframework:spring-web | 6.1.19 | 6.2.8, 6.1.21 | springframework: Reflected download attack in Spring Framework with non-ASCII headers |
| MEDIUM | CVE-2025-41242 | org.springframework:spring-webmvc | 6.1.19 | 6.2.10 | org.springframework/spring-webmvc: Spring Framework MVC path traversal vulnerability |
| MEDIUM | CVE-2025-41254 | org.springframework:spring-websocket | 6.1.19 | 6.2.12 | org.springframework/spring-core: Spring Framework STOMP CSRF Vulnerability |
| Type | File | Line | Match |
|---|---|---|---|
| AWS | .env | 16 | # S3_ACCESS_ID=********************... |
| AWS | security-reports/gitleaks-report.json | 93 | "Match": "********************",... |
| AWS | security-reports/gitleaks-report.json | 94 | "Secret": "********************",... |
| AWS | security-reports/gitleaks-report.json | 198 | "Match": "********************",... |
| AWS | security-reports/gitleaks-report.json | 199 | "Secret": "********************",... |
| Severity | ID | Check | File | Message |
|---|---|---|---|---|
| HIGH | DS-0002 | Image user should not be 'root' | Dockerfile | Specify at least 1 USER command in Dockerfile with non-root user as argument |
{
"SchemaVersion": 2,
"Trivy": {
"Version": "0.69.0"
},
"ReportID": "019c7a91-0581-7f0d-bb9e-0fe2f02c2c1a",
"CreatedAt": "2026-02-20T10:20:50.433990215Z",
"ArtifactID": "sha256:3848506e592359653276f6219607d00577b200b65d533bf9a64b386587335ae6",
"ArtifactName": "/src",
"ArtifactType": "repository",
"Metadata": {
"RepoURL": "https://github.com/eizen-ai/ha-process-engine.git",
"Branch": "feature/dev-1",
"Commit": "dfa20e69af48c91bddc2b987abc06901de1dc964",
"CommitMsg": "Add .env file for environment variables, update dependencies in pom.xml, and create run-ldev.sh script for application startup",
"Author": "eizen <eizen@eizens-MacBook-Pro-2.local>",
"Committer": "eizen <eizen@eizens-MacBook-Pro-2.local>"
},
"Results": [
{
"Target": "pom.xml",
"Class": "lang-pkgs",
"Type": "pom",
"Packages": [
{
"ID": "com.eizen:agent.workflow.engine:0.0.1-SNAPSHOT::3bd0ba40",
"Name": "com.eizen:agent.workflow.engine",
"Identifier": {
"PURL": "pkg:maven/com.eizen/agent.workflow.engine@0.0.1-SNAPSHOT",
"UID": "24d9c77bfa01b928"
},
"Version": "0.0.1-SNAPSHOT",
"Licenses": [
"Apache-2.0"
],
"Relationship": "root",
"DependsOn": [
"com.fasterxml.jackson.core:jackson-annotations:2.18.0::35397b1c",
"com.fasterxml.jackson.core:jackson-core:2.18.0::1358b2b6",
"com.fasterxml.jackson.core:jackson-databind:2.18.0::8d1de767",
"com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.19.0::69d8c960",
"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.17.3::2384875f",
"com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.0::edac1c1f",
"com.fasterxml.jackson.module:jackson-module-kotlin:2.17.3::ec5876cf",
"com.mysql:mysql-connector-j:9.0.0::8db54cc6",
"com.sun.mail:jakarta.mail:2.0.1::bdeac114",
"org.apache.groovy:groovy:4.0.23::c2c30958",
"org.apache.tika:tika-core:3.2.3::725ee343",
"org.codenarc:CodeNarc:3.5.0-groovy-4.0::5cb4bbde",
"org.flywaydb:flyway-core:10.17.1::c54a988b",
"org.flywaydb:flyway-mysql:10.10.0::c8ba5bb5",
"org.jetbrains.kotlin:kotlin-reflect:1.9.24::71f6de91",
"org.jetbrains.kotlin:kotlin-stdlib:1.9.24::71cb25f7",
"org.json:json:20250107::ecdc7515",
"org.jsoup:jsoup:1.19.1::32211f80",
"org.keycloak:keycloak-admin-client:25.0.6::ea8a4847",
"org.springdoc:springdoc-openapi-starter-webmvc-ui:2.2.0::77312fe7",
"org.springframework.boot:spring-boot-starter-cache:3.3.11::17f4811f",
"org.springframework.boot:spring-boot-starter-data-jdbc:3.3.11::c455dcaf",
"org.springframework.boot:spring-boot-starter-data-jpa:3.3.11::7bb2284e",
"org.springframework.boot:spring-boot-starter-data-redis:3.3.11::6248a5f4",
"org.springframework.boot:spring-boot-starter-mail:3.3.11::1eea30ff",
"org.springframework.boot:spring-boot-starter-web:3.3.11::93d5b94e",
"org.springframework.boot:spring-boot-starter-webflux:3.3.11::23f358cc",
"org.springframework.boot:spring-boot-starter-websocket:3.3.11::24c306a6"
],
"AnalyzedBy": "pom"
},
{
"ID": "com.fasterxml.jackson.core:jackson-annotations:2.18.0::35397b1c",
"Name": "com.fasterxml.jackson.core:jackson-annotations",
"Identifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.18.0",
"UID": "e7ed6f7b23262fb9"
},
"Version": "2.18.0",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"Locations": [
{
"StartLine": 183,
"EndLine": 187
}
],
"AnalyzedBy": "pom"
},
{
"ID": "com.fasterxml.jackson.core:jackson-core:2.18.0::1358b2b6",
"Name": "com.fasterxml.jackson.core:jackson-core",
"Identifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.18.0",
"UID": "5759a2ef090f2f96"
},
"Version": "2.18.0",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"Locations": [
{
"StartLine": 178,
"EndLine": 182
}
],
"AnalyzedBy": "pom"
},
{
"ID": "com.fasterxml.jackson.core:jackson-databind:2.18.0::8d1de767",
"Name": "com.fasterxml.jackson.core:jackson-databind",
"Identifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.0",
"UID": "875e1444189d0276"
},
"Version": "2.18.0",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"com.fasterxml.jackson.core:jackson-annotations:2.18.0::35397b1c",
"com.fasterxml.jackson.core:jackson-core:2.18.0::1358b2b6"
],
"Locations": [
{
"StartLine": 81,
"EndLine": 85
}
],
"AnalyzedBy": "pom"
},
{
"ID": "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.19.0::69d8c960",
"Name": "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml",
"Identifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.19.0",
"UID": "7fad5cb56b17b335"
},
"Version": "2.19.0",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"com.fasterxml.jackson.core:jackson-core:2.18.0::1358b2b6",
"com.fasterxml.jackson.core:jackson-databind:2.18.0::8d1de767",
"org.yaml:snakeyaml:2.2::924ed0fa"
],
"Locations": [
{
"StartLine": 193,
"EndLine": 197
}
],
"AnalyzedBy": "pom"
},
{
"ID": "com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.17.3::2384875f",
"Name": "com.fasterxml.jackson.datatype:jackson-datatype-jdk8",
"Identifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.17.3",
"UID": "330ff0885f584d25"
},
"Version": "2.17.3",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"com.fasterxml.jackson.core:jackson-core:2.18.0::1358b2b6",
"com.fasterxml.jackson.core:jackson-databind:2.18.0::8d1de767"
],
"Locations": [
{
"StartLine": 154,
"EndLine": 157
}
],
"AnalyzedBy": "pom"
},
{
"ID": "com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.0::edac1c1f",
"Name": "com.fasterxml.jackson.datatype:jackson-datatype-jsr310",
"Identifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.18.0",
"UID": "73c8bbfc8b6656d5"
},
"Version": "2.18.0",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"com.fasterxml.jackson.core:jackson-annotations:2.18.0::35397b1c",
"com.fasterxml.jackson.core:jackson-core:2.18.0::1358b2b6",
"com.fasterxml.jackson.core:jackson-databind:2.18.0::8d1de767"
],
"Locations": [
{
"StartLine": 173,
"EndLine": 177
}
],
"AnalyzedBy": "pom"
},
{
"ID": "com.fasterxml.jackson.module:jackson-module-kotlin:2.17.3::ec5876cf",
"Name": "com.fasterxml.jackson.module:jackson-module-kotlin",
"Identifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.module/jackson-module-kotlin@2.17.3",
"UID": "3558ccc334359447"
},
"Version": "2.17.3",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"com.fasterxml.jackson.core:jackson-annotations:2.18.0::35397b1c",
"com.fasterxml.jackson.core:jackson-databind:2.18.0::8d1de767",
"org.jetbrains.kotlin:kotlin-reflect:1.9.24::71f6de91"
],
"Locations": [
{
"StartLine": 77,
"EndLine": 80
}
],
"AnalyzedBy": "pom"
},
{
"ID": "com.mysql:mysql-connector-j:9.0.0::8db54cc6",
"Name": "com.mysql:mysql-connector-j",
"Identifier": {
"PURL": "pkg:maven/com.mysql/mysql-connector-j@9.0.0",
"UID": "4f7e2a97c3783fab"
},
"Version": "9.0.0",
"Licenses": [
"The GNU General Public License, v2 with Universal FOSS Exception, v1.0"
],
"Relationship": "direct",
"Locations": [
{
"StartLine": 110,
"EndLine": 114
}
],
"AnalyzedBy": "pom"
},
{
"ID": "com.sun.mail:jakarta.mail:2.0.1::bdeac114",
"Name": "com.sun.mail:jakarta.mail",
"Identifier": {
"PURL": "pkg:maven/com.sun.mail/jakarta.mail@2.0.1",
"UID": "9d509cac96dec8d7"
},
"Version": "2.0.1",
"Licenses": [
"EPL-2.0",
"GPL-2.0-with-classpath-exception",
"BSD-3-Clause"
],
"Relationship": "direct",
"DependsOn": [
"com.sun.activation:jakarta.activation:2.0.1::44773cf8"
],
"Locations": [
{
"StartLine": 86,
"EndLine": 90
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.groovy:groovy:4.0.23::c2c30958",
"Name": "org.apache.groovy:groovy",
"Identifier": {
"PURL": "pkg:maven/org.apache.groovy/groovy@4.0.23",
"UID": "aa0a98bcc609f8ae"
},
"Version": "4.0.23",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"Locations": [
{
"StartLine": 163,
"EndLine": 167
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.tika:tika-core:3.2.3::725ee343",
"Name": "org.apache.tika:tika-core",
"Identifier": {
"PURL": "pkg:maven/org.apache.tika/tika-core@3.2.3",
"UID": "1cd8861604ebd01"
},
"Version": "3.2.3",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"commons-io:commons-io:2.20.0::7ecb520a",
"org.slf4j:slf4j-api:2.0.17::b5c66eae"
],
"Locations": [
{
"StartLine": 168,
"EndLine": 172
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.codenarc:CodeNarc:3.5.0-groovy-4.0::5cb4bbde",
"Name": "org.codenarc:CodeNarc",
"Identifier": {
"PURL": "pkg:maven/org.codenarc/CodeNarc@3.5.0-groovy-4.0",
"UID": "c58f54b0fea5d19"
},
"Version": "3.5.0-groovy-4.0",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"org.apache.groovy:groovy-ant:4.0.26::83f7cdfa",
"org.apache.groovy:groovy-groovydoc:4.0.26::9aacf4c3",
"org.apache.groovy:groovy-json:4.0.26::963fd7db",
"org.apache.groovy:groovy-templates:4.0.26::3c20ba2d",
"org.apache.groovy:groovy-xml:4.0.26::b462162e",
"org.apache.groovy:groovy:4.0.23::c2c30958",
"org.gmetrics:GMetrics-Groovy4:2.1.0::bdf1c574",
"org.slf4j:slf4j-api:2.0.17::b5c66eae"
],
"Locations": [
{
"StartLine": 158,
"EndLine": 162
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.flywaydb:flyway-core:10.17.1::c54a988b",
"Name": "org.flywaydb:flyway-core",
"Identifier": {
"PURL": "pkg:maven/org.flywaydb/flyway-core@10.17.1",
"UID": "d459f9716b122c5d"
},
"Version": "10.17.1",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"com.fasterxml.jackson.dataformat:jackson-dataformat-toml:2.17.3::921d6cd8",
"com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.0::edac1c1f",
"com.google.code.gson:gson:2.10.1::e95a564a"
],
"Locations": [
{
"StartLine": 115,
"EndLine": 119
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.flywaydb:flyway-mysql:10.10.0::c8ba5bb5",
"Name": "org.flywaydb:flyway-mysql",
"Identifier": {
"PURL": "pkg:maven/org.flywaydb/flyway-mysql@10.10.0",
"UID": "1a244cd5988d0189"
},
"Version": "10.10.0",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"org.flywaydb:flyway-core:10.17.1::c54a988b"
],
"Locations": [
{
"StartLine": 120,
"EndLine": 123
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.jetbrains.kotlin:kotlin-reflect:1.9.24::71f6de91",
"Name": "org.jetbrains.kotlin:kotlin-reflect",
"Identifier": {
"PURL": "pkg:maven/org.jetbrains.kotlin/kotlin-reflect@1.9.24",
"UID": "341b301818035963"
},
"Version": "1.9.24",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"org.jetbrains.kotlin:kotlin-stdlib:1.9.24::71cb25f7"
],
"Locations": [
{
"StartLine": 124,
"EndLine": 127
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.jetbrains.kotlin:kotlin-stdlib:1.9.24::71cb25f7",
"Name": "org.jetbrains.kotlin:kotlin-stdlib",
"Identifier": {
"PURL": "pkg:maven/org.jetbrains.kotlin/kotlin-stdlib@1.9.24",
"UID": "d9ebe6cb7f6c0c7f"
},
"Version": "1.9.24",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"org.jetbrains:annotations:13.0::d26ab00c"
],
"Locations": [
{
"StartLine": 128,
"EndLine": 131
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.json:json:20250107::ecdc7515",
"Name": "org.json:json",
"Identifier": {
"PURL": "pkg:maven/org.json/json@20250107",
"UID": "d022aae8b7ea2d8"
},
"Version": "20250107",
"Licenses": [
"Public Domain"
],
"Relationship": "direct",
"Locations": [
{
"StartLine": 100,
"EndLine": 104
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.jsoup:jsoup:1.19.1::32211f80",
"Name": "org.jsoup:jsoup",
"Identifier": {
"PURL": "pkg:maven/org.jsoup/jsoup@1.19.1",
"UID": "241e33dd920d1f8a"
},
"Version": "1.19.1",
"Licenses": [
"MIT"
],
"Relationship": "direct",
"Locations": [
{
"StartLine": 105,
"EndLine": 109
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.keycloak:keycloak-admin-client:25.0.6::ea8a4847",
"Name": "org.keycloak:keycloak-admin-client",
"Identifier": {
"PURL": "pkg:maven/org.keycloak/keycloak-admin-client@25.0.6",
"UID": "91d9ca20c1c29cf"
},
"Version": "25.0.6",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"org.jboss.resteasy:resteasy-client:6.2.7.Final::60083a80",
"org.jboss.resteasy:resteasy-jackson2-provider:6.2.7.Final::cc16e549",
"org.jboss.resteasy:resteasy-jaxb-provider:6.2.7.Final::3fb278b2",
"org.jboss.resteasy:resteasy-multipart-provider:6.2.7.Final::340b3aac",
"org.keycloak:keycloak-common:25.0.6::c6e31eed",
"org.keycloak:keycloak-core:25.0.6::f1be11d0"
],
"Locations": [
{
"StartLine": 95,
"EndLine": 99
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.2.0::77312fe7",
"Name": "org.springdoc:springdoc-openapi-starter-webmvc-ui",
"Identifier": {
"PURL": "pkg:maven/org.springdoc/springdoc-openapi-starter-webmvc-ui@2.2.0",
"UID": "754756acd2ddf520"
},
"Version": "2.2.0",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"org.springdoc:springdoc-openapi-starter-webmvc-api:2.2.0::3d452163",
"org.webjars:swagger-ui:5.2.0::7ae134a6"
],
"Locations": [
{
"StartLine": 68,
"EndLine": 72
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-starter-cache:3.3.11::17f4811f",
"Name": "org.springframework.boot:spring-boot-starter-cache",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-starter-cache@3.3.11",
"UID": "c5421c733b5a0a74"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"org.springframework.boot:spring-boot-starter:3.3.11::6350e454",
"org.springframework:spring-context-support:6.1.19::e5d8341b"
],
"Locations": [
{
"StartLine": 150,
"EndLine": 153
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-starter-data-jdbc:3.3.11::c455dcaf",
"Name": "org.springframework.boot:spring-boot-starter-data-jdbc",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jdbc@3.3.11",
"UID": "af54c46c47e7c0ce"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"org.springframework.boot:spring-boot-starter-jdbc:3.3.11::1b44b319",
"org.springframework.data:spring-data-jdbc:3.3.11::a09ec229"
],
"Locations": [
{
"StartLine": 60,
"EndLine": 63
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-starter-data-jpa:3.3.11::7bb2284e",
"Name": "org.springframework.boot:spring-boot-starter-data-jpa",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.11",
"UID": "e9c82f1dbbfde451"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"org.hibernate.orm:hibernate-core:6.5.3.Final::91f8ca3e",
"org.springframework.boot:spring-boot-starter-aop:3.3.11::2ec345ea",
"org.springframework.boot:spring-boot-starter-jdbc:3.3.11::1b44b319",
"org.springframework.data:spring-data-jpa:3.3.11::6565e856",
"org.springframework:spring-aspects:6.1.19::22659178"
],
"Locations": [
{
"StartLine": 64,
"EndLine": 67
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-starter-data-redis:3.3.11::6248a5f4",
"Name": "org.springframework.boot:spring-boot-starter-data-redis",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-starter-data-redis@3.3.11",
"UID": "f18d7260156a014d"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"io.lettuce:lettuce-core:6.3.2.RELEASE::b1c1e96a",
"org.springframework.boot:spring-boot-starter:3.3.11::6350e454",
"org.springframework.data:spring-data-redis:3.3.11::9f45f88c"
],
"Locations": [
{
"StartLine": 198,
"EndLine": 201
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-starter-mail:3.3.11::1eea30ff",
"Name": "org.springframework.boot:spring-boot-starter-mail",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-starter-mail@3.3.11",
"UID": "d541ba18e9d1a549"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"org.eclipse.angus:jakarta.mail:2.0.3::ec4e8eee",
"org.springframework.boot:spring-boot-starter:3.3.11::6350e454",
"org.springframework:spring-context-support:6.1.19::e5d8341b"
],
"Locations": [
{
"StartLine": 91,
"EndLine": 94
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-starter-web:3.3.11::93d5b94e",
"Name": "org.springframework.boot:spring-boot-starter-web",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.11",
"UID": "be7177fcb5ca8ce9"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"org.springframework.boot:spring-boot-starter-json:3.3.11::26975429",
"org.springframework.boot:spring-boot-starter-tomcat:3.3.11::e8f23e0c",
"org.springframework.boot:spring-boot-starter:3.3.11::6350e454",
"org.springframework:spring-web:6.1.19::a7e654bb",
"org.springframework:spring-webmvc:6.1.19::f566cf50"
],
"Locations": [
{
"StartLine": 73,
"EndLine": 76
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-starter-webflux:3.3.11::23f358cc",
"Name": "org.springframework.boot:spring-boot-starter-webflux",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@3.3.11",
"UID": "cf8c5be64da785c9"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"org.springframework.boot:spring-boot-starter-json:3.3.11::26975429",
"org.springframework.boot:spring-boot-starter-reactor-netty:3.3.11::2277d4c9",
"org.springframework.boot:spring-boot-starter:3.3.11::6350e454",
"org.springframework:spring-web:6.1.19::a7e654bb",
"org.springframework:spring-webflux:6.1.19::7ead476c"
],
"Locations": [
{
"StartLine": 142,
"EndLine": 145
}
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-starter-websocket:3.3.11::24c306a6",
"Name": "org.springframework.boot:spring-boot-starter-websocket",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-starter-websocket@3.3.11",
"UID": "3bffae64fd5b4fec"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Relationship": "direct",
"DependsOn": [
"org.springframework.boot:spring-boot-starter-web:3.3.11::93d5b94e",
"org.springframework:spring-messaging:6.1.19::97719704",
"org.springframework:spring-websocket:6.1.19::af043b03"
],
"Locations": [
{
"StartLine": 146,
"EndLine": 149
}
],
"AnalyzedBy": "pom"
},
{
"ID": "ch.qos.logback:logback-classic:1.5.18::102ed9ea",
"Name": "ch.qos.logback:logback-classic",
"Identifier": {
"PURL": "pkg:maven/ch.qos.logback/logback-classic@1.5.18",
"UID": "4b0a46ef7e5f8d56"
},
"Version": "1.5.18",
"Licenses": [
"EPL-1.0",
"LGPL-2.1-only"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"ch.qos.logback:logback-core:1.5.18::f585bff2",
"org.slf4j:slf4j-api:2.0.17::b5c66eae"
],
"AnalyzedBy": "pom"
},
{
"ID": "ch.qos.logback:logback-core:1.5.18::f585bff2",
"Name": "ch.qos.logback:logback-core",
"Identifier": {
"PURL": "pkg:maven/ch.qos.logback/logback-core@1.5.18",
"UID": "a1220eea57bd5e5c"
},
"Version": "1.5.18",
"Licenses": [
"EPL-1.0",
"LGPL-2.1-only"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "com.fasterxml.jackson.dataformat:jackson-dataformat-toml:2.17.3::921d6cd8",
"Name": "com.fasterxml.jackson.dataformat:jackson-dataformat-toml",
"Identifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-toml@2.17.3",
"UID": "c0ab77b3e47f8e4d"
},
"Version": "2.17.3",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.fasterxml.jackson.core:jackson-core:2.18.0::1358b2b6",
"com.fasterxml.jackson.core:jackson-databind:2.18.0::8d1de767"
],
"AnalyzedBy": "pom"
},
{
"ID": "com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-base:2.17.3::8bf5218f",
"Name": "com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-base",
"Identifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-base@2.17.3",
"UID": "a33d27bb62e08d3b"
},
"Version": "2.17.3",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.fasterxml.jackson.core:jackson-core:2.18.0::1358b2b6",
"com.fasterxml.jackson.core:jackson-databind:2.18.0::8d1de767"
],
"AnalyzedBy": "pom"
},
{
"ID": "com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-json-provider:2.17.3::8eb07707",
"Name": "com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-json-provider",
"Identifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider@2.17.3",
"UID": "789187b5e547bc23"
},
"Version": "2.17.3",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-base:2.17.3::8bf5218f",
"com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations:2.17.3::6f0ba4d1"
],
"AnalyzedBy": "pom"
},
{
"ID": "com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations:2.17.3::6f0ba4d1",
"Name": "com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations",
"Identifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations@2.17.3",
"UID": "dc616aab190f7543"
},
"Version": "2.17.3",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.fasterxml.jackson.core:jackson-annotations:2.18.0::35397b1c",
"com.fasterxml.jackson.core:jackson-core:2.18.0::1358b2b6",
"com.fasterxml.jackson.core:jackson-databind:2.18.0::8d1de767",
"jakarta.activation:jakarta.activation-api:2.1.3::d620ae3b",
"jakarta.xml.bind:jakarta.xml.bind-api:4.0.2::ff6b5be5"
],
"AnalyzedBy": "pom"
},
{
"ID": "com.fasterxml.jackson.module:jackson-module-parameter-names:2.17.3::fa2479a4",
"Name": "com.fasterxml.jackson.module:jackson-module-parameter-names",
"Identifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.17.3",
"UID": "87d2ae6759216e17"
},
"Version": "2.17.3",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.fasterxml.jackson.core:jackson-core:2.18.0::1358b2b6",
"com.fasterxml.jackson.core:jackson-databind:2.18.0::8d1de767"
],
"AnalyzedBy": "pom"
},
{
"ID": "com.fasterxml:classmate:1.7.0::e548c67a",
"Name": "com.fasterxml:classmate",
"Identifier": {
"PURL": "pkg:maven/com.fasterxml/classmate@1.7.0",
"UID": "7aeef271a0a444ff"
},
"Version": "1.7.0",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "com.github.java-json-tools:json-patch::4c114d23",
"Name": "com.github.java-json-tools:json-patch",
"Identifier": {
"PURL": "pkg:maven/com.github.java-json-tools/json-patch",
"UID": "bd120605d64b4596"
},
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "com.github.javaparser:javaparser-core:3.26.3::f64174d7",
"Name": "com.github.javaparser:javaparser-core",
"Identifier": {
"PURL": "pkg:maven/com.github.javaparser/javaparser-core@3.26.3",
"UID": "98947c16e876a38c"
},
"Version": "3.26.3",
"Licenses": [
"LGPL-2.1-only",
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "com.google.code.gson:gson:2.10.1::e95a564a",
"Name": "com.google.code.gson:gson",
"Identifier": {
"PURL": "pkg:maven/com.google.code.gson/gson@2.10.1",
"UID": "ec344c436f96a396"
},
"Version": "2.10.1",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "com.ibm.async:asyncutil::3f9d98be",
"Name": "com.ibm.async:asyncutil",
"Identifier": {
"PURL": "pkg:maven/com.ibm.async/asyncutil",
"UID": "250dbe17a1ab396c"
},
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "com.sun.activation:jakarta.activation:2.0.1::44773cf8",
"Name": "com.sun.activation:jakarta.activation",
"Identifier": {
"PURL": "pkg:maven/com.sun.activation/jakarta.activation@2.0.1",
"UID": "94efa0547a68dc6a"
},
"Version": "2.0.1",
"Licenses": [
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "com.sun.istack:istack-commons-runtime:4.1.2::684c6b99",
"Name": "com.sun.istack:istack-commons-runtime",
"Identifier": {
"PURL": "pkg:maven/com.sun.istack/istack-commons-runtime@4.1.2",
"UID": "ac47edbec49b7ae0"
},
"Version": "4.1.2",
"Licenses": [
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "com.sun.istack:istack-commons-tools::8206376e",
"Name": "com.sun.istack:istack-commons-tools",
"Identifier": {
"PURL": "pkg:maven/com.sun.istack/istack-commons-tools",
"UID": "483c93d00f1f51e5"
},
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "com.sun.xml.bind.external:relaxng-datatype::f3097d7c",
"Name": "com.sun.xml.bind.external:relaxng-datatype",
"Identifier": {
"PURL": "pkg:maven/com.sun.xml.bind.external/relaxng-datatype",
"UID": "7ab9edd38fcf5df8"
},
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "com.sun.xml.bind.external:rngom::932165c2",
"Name": "com.sun.xml.bind.external:rngom",
"Identifier": {
"PURL": "pkg:maven/com.sun.xml.bind.external/rngom",
"UID": "db6efaddec47b789"
},
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "com.sun.xml.dtd-parser:dtd-parser:1.5.1::e28c65fd",
"Name": "com.sun.xml.dtd-parser:dtd-parser",
"Identifier": {
"PURL": "pkg:maven/com.sun.xml.dtd-parser/dtd-parser@1.5.1",
"UID": "bfdb2e4aa0f1d889"
},
"Version": "1.5.1",
"Licenses": [
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "com.thoughtworks.qdox:qdox:1.12.1::8e2963dc",
"Name": "com.thoughtworks.qdox:qdox",
"Identifier": {
"PURL": "pkg:maven/com.thoughtworks.qdox/qdox@1.12.1",
"UID": "5500fcaad9eeb2ca"
},
"Version": "1.12.1",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "com.zaxxer:HikariCP:5.1.0::a9a0d6b5",
"Name": "com.zaxxer:HikariCP",
"Identifier": {
"PURL": "pkg:maven/com.zaxxer/HikariCP@5.1.0",
"UID": "6c5aa7b75d27efab"
},
"Version": "5.1.0",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.slf4j:slf4j-api:2.0.17::b5c66eae"
],
"AnalyzedBy": "pom"
},
{
"ID": "commons-codec:commons-codec:1.16.1::fbefeae7",
"Name": "commons-codec:commons-codec",
"Identifier": {
"PURL": "pkg:maven/commons-codec/commons-codec@1.16.1",
"UID": "cd5c4ee98e1c89d9"
},
"Version": "1.16.1",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "commons-io:commons-io:2.20.0::7ecb520a",
"Name": "commons-io:commons-io",
"Identifier": {
"PURL": "pkg:maven/commons-io/commons-io@2.20.0",
"UID": "fe749f7676436630"
},
"Version": "2.20.0",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "io.lettuce:lettuce-core:6.3.2.RELEASE::b1c1e96a",
"Name": "io.lettuce:lettuce-core",
"Identifier": {
"PURL": "pkg:maven/io.lettuce/lettuce-core@6.3.2.RELEASE",
"UID": "98952e4f51bb5d4b"
},
"Version": "6.3.2.RELEASE",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-common:4.1.119.Final::7b7ae85e",
"io.netty:netty-handler:4.1.119.Final::999463d3",
"io.netty:netty-transport:4.1.119.Final::8d97f6b0",
"io.projectreactor:reactor-core:3.6.16::ba07cef5"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.micrometer:micrometer-commons:1.13.13::d2d1a727",
"Name": "io.micrometer:micrometer-commons",
"Identifier": {
"PURL": "pkg:maven/io.micrometer/micrometer-commons@1.13.13",
"UID": "ae113bd2881b9896"
},
"Version": "1.13.13",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "io.micrometer:micrometer-observation:1.13.13::15d75e2f",
"Name": "io.micrometer:micrometer-observation",
"Identifier": {
"PURL": "pkg:maven/io.micrometer/micrometer-observation@1.13.13",
"UID": "3ee60dd104fc3258"
},
"Version": "1.13.13",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.micrometer:micrometer-commons:1.13.13::d2d1a727"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-buffer:4.1.119.Final::616beee1",
"Name": "io.netty:netty-buffer",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-buffer@4.1.119.Final",
"UID": "4491e274eacb336c"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-common:4.1.119.Final::7b7ae85e"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-codec:4.1.119.Final::1211ef73",
"Name": "io.netty:netty-codec",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-codec@4.1.119.Final",
"UID": "4455707ba939e9ce"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-buffer:4.1.119.Final::616beee1",
"io.netty:netty-common:4.1.119.Final::7b7ae85e",
"io.netty:netty-transport:4.1.119.Final::8d97f6b0"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-codec-dns:4.1.119.Final::8f267253",
"Name": "io.netty:netty-codec-dns",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-codec-dns@4.1.119.Final",
"UID": "cb0fe148e21c2861"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-buffer:4.1.119.Final::616beee1",
"io.netty:netty-codec:4.1.119.Final::1211ef73",
"io.netty:netty-common:4.1.119.Final::7b7ae85e",
"io.netty:netty-transport:4.1.119.Final::8d97f6b0"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-codec-http:4.1.119.Final::27595423",
"Name": "io.netty:netty-codec-http",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-codec-http@4.1.119.Final",
"UID": "6ec529c9ff4aa6ce"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-buffer:4.1.119.Final::616beee1",
"io.netty:netty-codec:4.1.119.Final::1211ef73",
"io.netty:netty-common:4.1.119.Final::7b7ae85e",
"io.netty:netty-handler:4.1.119.Final::999463d3",
"io.netty:netty-transport:4.1.119.Final::8d97f6b0"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-codec-http2:4.1.119.Final::b847f33d",
"Name": "io.netty:netty-codec-http2",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-codec-http2@4.1.119.Final",
"UID": "f9f834663d81f1df"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-buffer:4.1.119.Final::616beee1",
"io.netty:netty-codec-http:4.1.119.Final::27595423",
"io.netty:netty-codec:4.1.119.Final::1211ef73",
"io.netty:netty-common:4.1.119.Final::7b7ae85e",
"io.netty:netty-handler:4.1.119.Final::999463d3",
"io.netty:netty-transport:4.1.119.Final::8d97f6b0"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-codec-socks:4.1.119.Final::8826589b",
"Name": "io.netty:netty-codec-socks",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-codec-socks@4.1.119.Final",
"UID": "8edbcd66c95fca2a"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-buffer:4.1.119.Final::616beee1",
"io.netty:netty-codec:4.1.119.Final::1211ef73",
"io.netty:netty-common:4.1.119.Final::7b7ae85e",
"io.netty:netty-transport:4.1.119.Final::8d97f6b0"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-common:4.1.119.Final::7b7ae85e",
"Name": "io.netty:netty-common",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-common@4.1.119.Final",
"UID": "7ddddef89eb74082"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-handler:4.1.119.Final::999463d3",
"Name": "io.netty:netty-handler",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-handler@4.1.119.Final",
"UID": "49e558baac077162"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-buffer:4.1.119.Final::616beee1",
"io.netty:netty-codec:4.1.119.Final::1211ef73",
"io.netty:netty-common:4.1.119.Final::7b7ae85e",
"io.netty:netty-resolver:4.1.119.Final::508f157a",
"io.netty:netty-transport-native-unix-common:4.1.119.Final::a4cd48f1",
"io.netty:netty-transport:4.1.119.Final::8d97f6b0"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-handler-proxy:4.1.119.Final::4211fa38",
"Name": "io.netty:netty-handler-proxy",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-handler-proxy@4.1.119.Final",
"UID": "ab2692c74c5b9877"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-buffer:4.1.119.Final::616beee1",
"io.netty:netty-codec-http:4.1.119.Final::27595423",
"io.netty:netty-codec-socks:4.1.119.Final::8826589b",
"io.netty:netty-codec:4.1.119.Final::1211ef73",
"io.netty:netty-common:4.1.119.Final::7b7ae85e",
"io.netty:netty-transport:4.1.119.Final::8d97f6b0"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-resolver:4.1.119.Final::508f157a",
"Name": "io.netty:netty-resolver",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-resolver@4.1.119.Final",
"UID": "19a02ce24735b1b"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-common:4.1.119.Final::7b7ae85e"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-resolver-dns:4.1.119.Final::fbee2dab",
"Name": "io.netty:netty-resolver-dns",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-resolver-dns@4.1.119.Final",
"UID": "27a1477553e25107"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-buffer:4.1.119.Final::616beee1",
"io.netty:netty-codec-dns:4.1.119.Final::8f267253",
"io.netty:netty-codec:4.1.119.Final::1211ef73",
"io.netty:netty-common:4.1.119.Final::7b7ae85e",
"io.netty:netty-handler:4.1.119.Final::999463d3",
"io.netty:netty-resolver:4.1.119.Final::508f157a",
"io.netty:netty-transport:4.1.119.Final::8d97f6b0"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-resolver-dns-classes-macos:4.1.119.Final::475bc33f",
"Name": "io.netty:netty-resolver-dns-classes-macos",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-resolver-dns-classes-macos@4.1.119.Final",
"UID": "82e8ab9c6036d69b"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-common:4.1.119.Final::7b7ae85e",
"io.netty:netty-resolver-dns:4.1.119.Final::fbee2dab",
"io.netty:netty-transport-native-unix-common:4.1.119.Final::a4cd48f1"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-resolver-dns-native-macos:4.1.119.Final::a1213f67",
"Name": "io.netty:netty-resolver-dns-native-macos",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-resolver-dns-native-macos@4.1.119.Final",
"UID": "8ddeb0a9e81dd80e"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-resolver-dns-classes-macos:4.1.119.Final::475bc33f"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-transport:4.1.119.Final::8d97f6b0",
"Name": "io.netty:netty-transport",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-transport@4.1.119.Final",
"UID": "c0b2e928d8da465d"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-buffer:4.1.119.Final::616beee1",
"io.netty:netty-common:4.1.119.Final::7b7ae85e",
"io.netty:netty-resolver:4.1.119.Final::508f157a"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-transport-classes-epoll:4.1.119.Final::b26356b7",
"Name": "io.netty:netty-transport-classes-epoll",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-transport-classes-epoll@4.1.119.Final",
"UID": "282c0842d020b5e8"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-buffer:4.1.119.Final::616beee1",
"io.netty:netty-common:4.1.119.Final::7b7ae85e",
"io.netty:netty-transport-native-unix-common:4.1.119.Final::a4cd48f1",
"io.netty:netty-transport:4.1.119.Final::8d97f6b0"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-transport-native-epoll:4.1.119.Final::9ea58cf0",
"Name": "io.netty:netty-transport-native-epoll",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-transport-native-epoll@4.1.119.Final",
"UID": "6a8ec1e16dd9bea5"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-buffer:4.1.119.Final::616beee1",
"io.netty:netty-common:4.1.119.Final::7b7ae85e",
"io.netty:netty-transport-classes-epoll:4.1.119.Final::b26356b7",
"io.netty:netty-transport-native-unix-common:4.1.119.Final::a4cd48f1",
"io.netty:netty-transport:4.1.119.Final::8d97f6b0"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.netty:netty-transport-native-unix-common:4.1.119.Final::a4cd48f1",
"Name": "io.netty:netty-transport-native-unix-common",
"Identifier": {
"PURL": "pkg:maven/io.netty/netty-transport-native-unix-common@4.1.119.Final",
"UID": "780a3f3959b12f6d"
},
"Version": "4.1.119.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-buffer:4.1.119.Final::616beee1",
"io.netty:netty-common:4.1.119.Final::7b7ae85e",
"io.netty:netty-transport:4.1.119.Final::8d97f6b0"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.projectreactor.netty:reactor-netty-core:1.1.29::df3abb9e",
"Name": "io.projectreactor.netty:reactor-netty-core",
"Identifier": {
"PURL": "pkg:maven/io.projectreactor.netty/reactor-netty-core@1.1.29",
"UID": "d5f81e5f0ecebbbf"
},
"Version": "1.1.29",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-handler-proxy:4.1.119.Final::4211fa38",
"io.netty:netty-handler:4.1.119.Final::999463d3",
"io.netty:netty-resolver-dns-native-macos:4.1.119.Final::a1213f67",
"io.netty:netty-resolver-dns:4.1.119.Final::fbee2dab",
"io.netty:netty-transport-native-epoll:4.1.119.Final::9ea58cf0",
"io.projectreactor:reactor-core:3.6.16::ba07cef5"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.projectreactor.netty:reactor-netty-http:1.1.29::b9128aa6",
"Name": "io.projectreactor.netty:reactor-netty-http",
"Identifier": {
"PURL": "pkg:maven/io.projectreactor.netty/reactor-netty-http@1.1.29",
"UID": "6a5f4ac0c89b201"
},
"Version": "1.1.29",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.netty:netty-codec-http2:4.1.119.Final::b847f33d",
"io.netty:netty-codec-http:4.1.119.Final::27595423",
"io.netty:netty-resolver-dns-native-macos:4.1.119.Final::a1213f67",
"io.netty:netty-resolver-dns:4.1.119.Final::fbee2dab",
"io.netty:netty-transport-native-epoll:4.1.119.Final::9ea58cf0",
"io.projectreactor.netty:reactor-netty-core:1.1.29::df3abb9e",
"io.projectreactor:reactor-core:3.6.16::ba07cef5"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.projectreactor:reactor-core:3.6.16::ba07cef5",
"Name": "io.projectreactor:reactor-core",
"Identifier": {
"PURL": "pkg:maven/io.projectreactor/reactor-core@3.6.16",
"UID": "3f10c0781f19c188"
},
"Version": "3.6.16",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.reactivestreams:reactive-streams:1.0.4::895ad079"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.smallrye:jandex:3.1.2::3829792d",
"Name": "io.smallrye:jandex",
"Identifier": {
"PURL": "pkg:maven/io.smallrye/jandex@3.1.2",
"UID": "a39cb564978bf3a5"
},
"Version": "3.1.2",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "io.swagger.core.v3:swagger-annotations-jakarta:2.2.15::cee7968b",
"Name": "io.swagger.core.v3:swagger-annotations-jakarta",
"Identifier": {
"PURL": "pkg:maven/io.swagger.core.v3/swagger-annotations-jakarta@2.2.15",
"UID": "1b93f3d253e1cab0"
},
"Version": "2.2.15",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "io.swagger.core.v3:swagger-core-jakarta:2.2.15::d3e39944",
"Name": "io.swagger.core.v3:swagger-core-jakarta",
"Identifier": {
"PURL": "pkg:maven/io.swagger.core.v3/swagger-core-jakarta@2.2.15",
"UID": "40799b6b89807695"
},
"Version": "2.2.15",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.fasterxml.jackson.core:jackson-annotations:2.18.0::35397b1c",
"com.fasterxml.jackson.core:jackson-databind:2.18.0::8d1de767",
"com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.19.0::69d8c960",
"com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.0::edac1c1f",
"io.swagger.core.v3:swagger-annotations-jakarta:2.2.15::cee7968b",
"io.swagger.core.v3:swagger-models-jakarta:2.2.15::681cc124",
"jakarta.validation:jakarta.validation-api:3.0.2::dee863a2",
"jakarta.xml.bind:jakarta.xml.bind-api:4.0.2::ff6b5be5",
"org.apache.commons:commons-lang3:3.20.0::fd8baf63",
"org.slf4j:slf4j-api:2.0.17::b5c66eae",
"org.yaml:snakeyaml:2.2::924ed0fa"
],
"AnalyzedBy": "pom"
},
{
"ID": "io.swagger.core.v3:swagger-models-jakarta:2.2.15::681cc124",
"Name": "io.swagger.core.v3:swagger-models-jakarta",
"Identifier": {
"PURL": "pkg:maven/io.swagger.core.v3/swagger-models-jakarta@2.2.15",
"UID": "d509ce8c8ae4a5ef"
},
"Version": "2.2.15",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.fasterxml.jackson.core:jackson-annotations:2.18.0::35397b1c"
],
"AnalyzedBy": "pom"
},
{
"ID": "jakarta.activation:jakarta.activation-api:2.1.3::d620ae3b",
"Name": "jakarta.activation:jakarta.activation-api",
"Identifier": {
"PURL": "pkg:maven/jakarta.activation/jakarta.activation-api@2.1.3",
"UID": "f28a3f1c949a3bbc"
},
"Version": "2.1.3",
"Licenses": [
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "jakarta.annotation:jakarta.annotation-api:2.1.1::78d77cec",
"Name": "jakarta.annotation:jakarta.annotation-api",
"Identifier": {
"PURL": "pkg:maven/jakarta.annotation/jakarta.annotation-api@2.1.1",
"UID": "57fed4fd90d79cb7"
},
"Version": "2.1.1",
"Licenses": [
"EPL-2.0",
"GPL-2.0-with-classpath-exception"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "jakarta.inject:jakarta.inject-api:2.0.1::3171caf8",
"Name": "jakarta.inject:jakarta.inject-api",
"Identifier": {
"PURL": "pkg:maven/jakarta.inject/jakarta.inject-api@2.0.1",
"UID": "41b55aa9df08c6ec"
},
"Version": "2.0.1",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "jakarta.mail:jakarta.mail-api:2.1.3::76b82dc3",
"Name": "jakarta.mail:jakarta.mail-api",
"Identifier": {
"PURL": "pkg:maven/jakarta.mail/jakarta.mail-api@2.1.3",
"UID": "e4e2b2eb81c91f36"
},
"Version": "2.1.3",
"Licenses": [
"EPL-2.0",
"GPL-2.0-with-classpath-exception",
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"jakarta.activation:jakarta.activation-api:2.1.3::d620ae3b"
],
"AnalyzedBy": "pom"
},
{
"ID": "jakarta.persistence:jakarta.persistence-api:3.1.0::bb112ae3",
"Name": "jakarta.persistence:jakarta.persistence-api",
"Identifier": {
"PURL": "pkg:maven/jakarta.persistence/jakarta.persistence-api@3.1.0",
"UID": "336e6b0ddff0b2cd"
},
"Version": "3.1.0",
"Licenses": [
"EPL-2.0",
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "jakarta.servlet:jakarta.servlet-api:6.0.0::b24849b7",
"Name": "jakarta.servlet:jakarta.servlet-api",
"Identifier": {
"PURL": "pkg:maven/jakarta.servlet/jakarta.servlet-api@6.0.0",
"UID": "ddc760f3bcf824a6"
},
"Version": "6.0.0",
"Licenses": [
"EPL-2.0",
"GPL-2.0-with-classpath-exception"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "jakarta.transaction:jakarta.transaction-api:2.0.1::57a386ea",
"Name": "jakarta.transaction:jakarta.transaction-api",
"Identifier": {
"PURL": "pkg:maven/jakarta.transaction/jakarta.transaction-api@2.0.1",
"UID": "ea791f51b8523e71"
},
"Version": "2.0.1",
"Licenses": [
"EPL-2.0",
"GPL-2.0-with-classpath-exception"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "jakarta.validation:jakarta.validation-api:3.0.2::dee863a2",
"Name": "jakarta.validation:jakarta.validation-api",
"Identifier": {
"PURL": "pkg:maven/jakarta.validation/jakarta.validation-api@3.0.2",
"UID": "536bf5f955c342f7"
},
"Version": "3.0.2",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "jakarta.ws.rs:jakarta.ws.rs-api:3.1.0::35e0df68",
"Name": "jakarta.ws.rs:jakarta.ws.rs-api",
"Identifier": {
"PURL": "pkg:maven/jakarta.ws.rs/jakarta.ws.rs-api@3.1.0",
"UID": "2d5147b09674a542"
},
"Version": "3.1.0",
"Licenses": [
"EPL-2.0",
"GPL-2.0-with-classpath-exception"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "jakarta.xml.bind:jakarta.xml.bind-api:4.0.2::ff6b5be5",
"Name": "jakarta.xml.bind:jakarta.xml.bind-api",
"Identifier": {
"PURL": "pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.2",
"UID": "c45de4939610df75"
},
"Version": "4.0.2",
"Licenses": [
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"jakarta.activation:jakarta.activation-api:2.1.3::d620ae3b"
],
"AnalyzedBy": "pom"
},
{
"ID": "net.bytebuddy:byte-buddy:1.14.19::b65f99a3",
"Name": "net.bytebuddy:byte-buddy",
"Identifier": {
"PURL": "pkg:maven/net.bytebuddy/byte-buddy@1.14.19",
"UID": "39e6d2283aa4a3ed"
},
"Version": "1.14.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.antlr:antlr4-runtime:4.13.0::faab9f67",
"Name": "org.antlr:antlr4-runtime",
"Identifier": {
"PURL": "pkg:maven/org.antlr/antlr4-runtime@4.13.0",
"UID": "1d5448eda9458c0b"
},
"Version": "4.13.0",
"Licenses": [
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.ant:ant:1.10.15::39bbddad",
"Name": "org.apache.ant:ant",
"Identifier": {
"PURL": "pkg:maven/org.apache.ant/ant@1.10.15",
"UID": "bae37fa3ba322ba3"
},
"Version": "1.10.15",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.ant:ant-antlr:1.10.15::5d91d99e",
"Name": "org.apache.ant:ant-antlr",
"Identifier": {
"PURL": "pkg:maven/org.apache.ant/ant-antlr@1.10.15",
"UID": "90d2f277c60c8df8"
},
"Version": "1.10.15",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.ant:ant-junit:1.10.15::829523bc",
"Name": "org.apache.ant:ant-junit",
"Identifier": {
"PURL": "pkg:maven/org.apache.ant/ant-junit@1.10.15",
"UID": "af2d5601347359df"
},
"Version": "1.10.15",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.apache.ant:ant:1.10.15::39bbddad"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.ant:ant-launcher:1.10.15::7ba64e45",
"Name": "org.apache.ant:ant-launcher",
"Identifier": {
"PURL": "pkg:maven/org.apache.ant/ant-launcher@1.10.15",
"UID": "2e938777e68fd8f6"
},
"Version": "1.10.15",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.commons:commons-lang3:3.20.0::fd8baf63",
"Name": "org.apache.commons:commons-lang3",
"Identifier": {
"PURL": "pkg:maven/org.apache.commons/commons-lang3@3.20.0",
"UID": "d95e2fe357117caf"
},
"Version": "3.20.0",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.groovy:groovy-ant:4.0.26::83f7cdfa",
"Name": "org.apache.groovy:groovy-ant",
"Identifier": {
"PURL": "pkg:maven/org.apache.groovy/groovy-ant@4.0.26",
"UID": "809cabfd373af0b4"
},
"Version": "4.0.26",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.apache.ant:ant-antlr:1.10.15::5d91d99e",
"org.apache.ant:ant-junit:1.10.15::829523bc",
"org.apache.ant:ant-launcher:1.10.15::7ba64e45",
"org.apache.ant:ant:1.10.15::39bbddad",
"org.apache.groovy:groovy-groovydoc:4.0.26::9aacf4c3",
"org.apache.groovy:groovy:4.0.23::c2c30958"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.groovy:groovy-docgenerator:4.0.26::7cad5b62",
"Name": "org.apache.groovy:groovy-docgenerator",
"Identifier": {
"PURL": "pkg:maven/org.apache.groovy/groovy-docgenerator@4.0.26",
"UID": "1ccfa39b3b3dee61"
},
"Version": "4.0.26",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.thoughtworks.qdox:qdox:1.12.1::8e2963dc",
"org.apache.groovy:groovy-templates:4.0.26::3c20ba2d",
"org.apache.groovy:groovy:4.0.23::c2c30958"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.groovy:groovy-groovydoc:4.0.26::9aacf4c3",
"Name": "org.apache.groovy:groovy-groovydoc",
"Identifier": {
"PURL": "pkg:maven/org.apache.groovy/groovy-groovydoc@4.0.26",
"UID": "9067f6b3bcd3237"
},
"Version": "4.0.26",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.github.javaparser:javaparser-core:3.26.3::f64174d7",
"org.apache.groovy:groovy-docgenerator:4.0.26::7cad5b62",
"org.apache.groovy:groovy-templates:4.0.26::3c20ba2d",
"org.apache.groovy:groovy:4.0.23::c2c30958"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.groovy:groovy-json:4.0.26::963fd7db",
"Name": "org.apache.groovy:groovy-json",
"Identifier": {
"PURL": "pkg:maven/org.apache.groovy/groovy-json@4.0.26",
"UID": "2d24fb2fc5fc1cd0"
},
"Version": "4.0.26",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.apache.groovy:groovy:4.0.23::c2c30958"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.groovy:groovy-templates:4.0.26::3c20ba2d",
"Name": "org.apache.groovy:groovy-templates",
"Identifier": {
"PURL": "pkg:maven/org.apache.groovy/groovy-templates@4.0.26",
"UID": "719ecd24742bbfc6"
},
"Version": "4.0.26",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.apache.groovy:groovy-xml:4.0.26::b462162e",
"org.apache.groovy:groovy:4.0.23::c2c30958"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.groovy:groovy-xml:4.0.26::b462162e",
"Name": "org.apache.groovy:groovy-xml",
"Identifier": {
"PURL": "pkg:maven/org.apache.groovy/groovy-xml@4.0.26",
"UID": "28ac839f264427ec"
},
"Version": "4.0.26",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.apache.groovy:groovy:4.0.23::c2c30958"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.httpcomponents:httpclient::6386b88a",
"Name": "org.apache.httpcomponents:httpclient",
"Identifier": {
"PURL": "pkg:maven/org.apache.httpcomponents/httpclient",
"UID": "c2cc9fa913463eb2"
},
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.james:apache-mime4j-dom::86e769f9",
"Name": "org.apache.james:apache-mime4j-dom",
"Identifier": {
"PURL": "pkg:maven/org.apache.james/apache-mime4j-dom",
"UID": "81a526b7bc565942"
},
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.james:apache-mime4j-storage::ce26d565",
"Name": "org.apache.james:apache-mime4j-storage",
"Identifier": {
"PURL": "pkg:maven/org.apache.james/apache-mime4j-storage",
"UID": "e1e07a5495434ffc"
},
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.logging.log4j:log4j-api:2.23.1::4951a182",
"Name": "org.apache.logging.log4j:log4j-api",
"Identifier": {
"PURL": "pkg:maven/org.apache.logging.log4j/log4j-api@2.23.1",
"UID": "d11d51a02121aa2"
},
"Version": "2.23.1",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.logging.log4j:log4j-to-slf4j:2.23.1::8c439945",
"Name": "org.apache.logging.log4j:log4j-to-slf4j",
"Identifier": {
"PURL": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.23.1",
"UID": "d95a7892f087bf5d"
},
"Version": "2.23.1",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.apache.logging.log4j:log4j-api:2.23.1::4951a182",
"org.slf4j:slf4j-api:2.0.17::b5c66eae"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.tomcat.embed:tomcat-embed-core:10.1.40::86a92702",
"Name": "org.apache.tomcat.embed:tomcat-embed-core",
"Identifier": {
"PURL": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40",
"UID": "6e48675bd5e94087"
},
"Version": "10.1.40",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.tomcat.embed:tomcat-embed-el:10.1.40::1da84bef",
"Name": "org.apache.tomcat.embed:tomcat-embed-el",
"Identifier": {
"PURL": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.40",
"UID": "f8639b04c4631d09"
},
"Version": "10.1.40",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.apache.tomcat.embed:tomcat-embed-websocket:10.1.40::2ca4c79f",
"Name": "org.apache.tomcat.embed:tomcat-embed-websocket",
"Identifier": {
"PURL": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.40",
"UID": "a7320786a5b9fa2b"
},
"Version": "10.1.40",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.apache.tomcat.embed:tomcat-embed-core:10.1.40::86a92702"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.aspectj:aspectjweaver:1.9.24::d6c75cb8",
"Name": "org.aspectj:aspectjweaver",
"Identifier": {
"PURL": "pkg:maven/org.aspectj/aspectjweaver@1.9.24",
"UID": "3c92136ea6198be"
},
"Version": "1.9.24",
"Licenses": [
"EPL-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.eclipse.angus:angus-activation:2.0.2::e2e7585b",
"Name": "org.eclipse.angus:angus-activation",
"Identifier": {
"PURL": "pkg:maven/org.eclipse.angus/angus-activation@2.0.2",
"UID": "1f77b14b6e9576f5"
},
"Version": "2.0.2",
"Licenses": [
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"jakarta.activation:jakarta.activation-api:2.1.3::d620ae3b"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.eclipse.angus:angus-mail:2.0.3::9610f6cb",
"Name": "org.eclipse.angus:angus-mail",
"Identifier": {
"PURL": "pkg:maven/org.eclipse.angus/angus-mail@2.0.3",
"UID": "a8d733e1987a22c3"
},
"Version": "2.0.3",
"Licenses": [
"EPL-2.0",
"GPL-2.0-with-classpath-exception",
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"jakarta.activation:jakarta.activation-api:2.1.3::d620ae3b",
"jakarta.mail:jakarta.mail-api:2.1.3::76b82dc3",
"org.eclipse.angus:angus-activation:2.0.2::e2e7585b"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.eclipse.angus:jakarta.mail:2.0.3::ec4e8eee",
"Name": "org.eclipse.angus:jakarta.mail",
"Identifier": {
"PURL": "pkg:maven/org.eclipse.angus/jakarta.mail@2.0.3",
"UID": "c1322b19719fad96"
},
"Version": "2.0.3",
"Licenses": [
"EPL-2.0",
"GPL-2.0-with-classpath-exception",
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"jakarta.activation:jakarta.activation-api:2.1.3::d620ae3b",
"org.eclipse.angus:angus-activation:2.0.2::e2e7585b"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.glassfish.jaxb:codemodel:4.0.5::28cb2f32",
"Name": "org.glassfish.jaxb:codemodel",
"Identifier": {
"PURL": "pkg:maven/org.glassfish.jaxb/codemodel@4.0.5",
"UID": "185cc282917e7004"
},
"Version": "4.0.5",
"Licenses": [
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.glassfish.jaxb:jaxb-core:4.0.5::cc94282f",
"Name": "org.glassfish.jaxb:jaxb-core",
"Identifier": {
"PURL": "pkg:maven/org.glassfish.jaxb/jaxb-core@4.0.5",
"UID": "87820237ac7759cc"
},
"Version": "4.0.5",
"Licenses": [
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.sun.istack:istack-commons-runtime:4.1.2::684c6b99",
"jakarta.activation:jakarta.activation-api:2.1.3::d620ae3b",
"jakarta.xml.bind:jakarta.xml.bind-api:4.0.2::ff6b5be5",
"org.eclipse.angus:angus-activation:2.0.2::e2e7585b",
"org.glassfish.jaxb:txw2:4.0.5::e868f41c"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.glassfish.jaxb:jaxb-jxc:4.0.5::77b010d8",
"Name": "org.glassfish.jaxb:jaxb-jxc",
"Identifier": {
"PURL": "pkg:maven/org.glassfish.jaxb/jaxb-jxc@4.0.5",
"UID": "d3ff458cce4288a"
},
"Version": "4.0.5",
"Licenses": [
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.glassfish.jaxb:jaxb-runtime:4.0.5::953067bb",
"org.glassfish.jaxb:jaxb-xjc:4.0.5::d8d59b22"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.glassfish.jaxb:jaxb-runtime:4.0.5::953067bb",
"Name": "org.glassfish.jaxb:jaxb-runtime",
"Identifier": {
"PURL": "pkg:maven/org.glassfish.jaxb/jaxb-runtime@4.0.5",
"UID": "d66a11a5610fafe6"
},
"Version": "4.0.5",
"Licenses": [
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.glassfish.jaxb:jaxb-core:4.0.5::cc94282f"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.glassfish.jaxb:jaxb-xjc:4.0.5::d8d59b22",
"Name": "org.glassfish.jaxb:jaxb-xjc",
"Identifier": {
"PURL": "pkg:maven/org.glassfish.jaxb/jaxb-xjc@4.0.5",
"UID": "9caec92cf8d239ef"
},
"Version": "4.0.5",
"Licenses": [
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.sun.xml.dtd-parser:dtd-parser:1.5.1::e28c65fd",
"org.glassfish.jaxb:codemodel:4.0.5::28cb2f32",
"org.glassfish.jaxb:jaxb-core:4.0.5::cc94282f",
"org.glassfish.jaxb:xsom:4.0.5::7404a0e8"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.glassfish.jaxb:txw2:4.0.5::e868f41c",
"Name": "org.glassfish.jaxb:txw2",
"Identifier": {
"PURL": "pkg:maven/org.glassfish.jaxb/txw2@4.0.5",
"UID": "dbde3121d8954582"
},
"Version": "4.0.5",
"Licenses": [
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.glassfish.jaxb:xsom:4.0.5::7404a0e8",
"Name": "org.glassfish.jaxb:xsom",
"Identifier": {
"PURL": "pkg:maven/org.glassfish.jaxb/xsom@4.0.5",
"UID": "3e4a7660e356ab96"
},
"Version": "4.0.5",
"Licenses": [
"BSD-3-Clause"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.gmetrics:GMetrics-Groovy4:2.1.0::bdf1c574",
"Name": "org.gmetrics:GMetrics-Groovy4",
"Identifier": {
"PURL": "pkg:maven/org.gmetrics/GMetrics-Groovy4@2.1.0",
"UID": "d953d408bc9c0173"
},
"Version": "2.1.0",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.hibernate.common:hibernate-commons-annotations:6.0.6.Final::35e5139f",
"Name": "org.hibernate.common:hibernate-commons-annotations",
"Identifier": {
"PURL": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@6.0.6.Final",
"UID": "6eda68222a718993"
},
"Version": "6.0.6.Final",
"Licenses": [
"LGPL-2.1-or-later"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.hibernate.orm:hibernate-core:6.5.3.Final::91f8ca3e",
"Name": "org.hibernate.orm:hibernate-core",
"Identifier": {
"PURL": "pkg:maven/org.hibernate.orm/hibernate-core@6.5.3.Final",
"UID": "b0e89617a37b7db1"
},
"Version": "6.5.3.Final",
"Licenses": [
"LGPL-2.1-or-later"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.fasterxml:classmate:1.7.0::e548c67a",
"io.smallrye:jandex:3.1.2::3829792d",
"jakarta.inject:jakarta.inject-api:2.0.1::3171caf8",
"jakarta.persistence:jakarta.persistence-api:3.1.0::bb112ae3",
"jakarta.transaction:jakarta.transaction-api:2.0.1::57a386ea",
"jakarta.xml.bind:jakarta.xml.bind-api:4.0.2::ff6b5be5",
"net.bytebuddy:byte-buddy:1.14.19::b65f99a3",
"org.antlr:antlr4-runtime:4.13.0::faab9f67",
"org.glassfish.jaxb:jaxb-runtime:4.0.5::953067bb",
"org.hibernate.common:hibernate-commons-annotations:6.0.6.Final::35e5139f",
"org.jboss.logging:jboss-logging:3.5.3.Final::cdcc7529"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.jboss.logging:jboss-logging:3.5.3.Final::cdcc7529",
"Name": "org.jboss.logging:jboss-logging",
"Identifier": {
"PURL": "pkg:maven/org.jboss.logging/jboss-logging@3.5.3.Final",
"UID": "85808322368c8b12"
},
"Version": "3.5.3.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.jboss.resteasy:resteasy-client:6.2.7.Final::60083a80",
"Name": "org.jboss.resteasy:resteasy-client",
"Identifier": {
"PURL": "pkg:maven/org.jboss.resteasy/resteasy-client@6.2.7.Final",
"UID": "f719ff4017fc02e0"
},
"Version": "6.2.7.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"commons-codec:commons-codec:1.16.1::fbefeae7",
"jakarta.ws.rs:jakarta.ws.rs-api:3.1.0::35e0df68",
"org.jboss.logging:jboss-logging:3.5.3.Final::cdcc7529",
"org.jboss.resteasy:resteasy-client-api:6.2.7.Final::166df5ec",
"org.jboss.resteasy:resteasy-core-spi:6.2.7.Final::b3daa884",
"org.jboss.resteasy:resteasy-core:6.2.7.Final::87e3e483",
"org.reactivestreams:reactive-streams:1.0.4::895ad079"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.jboss.resteasy:resteasy-client-api:6.2.7.Final::166df5ec",
"Name": "org.jboss.resteasy:resteasy-client-api",
"Identifier": {
"PURL": "pkg:maven/org.jboss.resteasy/resteasy-client-api@6.2.7.Final",
"UID": "b7616876604c9fb7"
},
"Version": "6.2.7.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"jakarta.ws.rs:jakarta.ws.rs-api:3.1.0::35e0df68",
"org.jboss.logging:jboss-logging:3.5.3.Final::cdcc7529",
"org.jboss.resteasy:resteasy-core-spi:6.2.7.Final::b3daa884"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.jboss.resteasy:resteasy-core:6.2.7.Final::87e3e483",
"Name": "org.jboss.resteasy:resteasy-core",
"Identifier": {
"PURL": "pkg:maven/org.jboss.resteasy/resteasy-core@6.2.7.Final",
"UID": "190cd4e72c45fd8b"
},
"Version": "6.2.7.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"jakarta.activation:jakarta.activation-api:2.1.3::d620ae3b",
"jakarta.annotation:jakarta.annotation-api:2.1.1::78d77cec",
"jakarta.servlet:jakarta.servlet-api:6.0.0::b24849b7",
"jakarta.validation:jakarta.validation-api:3.0.2::dee863a2",
"jakarta.ws.rs:jakarta.ws.rs-api:3.1.0::35e0df68",
"jakarta.xml.bind:jakarta.xml.bind-api:4.0.2::ff6b5be5",
"org.eclipse.angus:angus-activation:2.0.2::e2e7585b",
"org.jboss.logging:jboss-logging:3.5.3.Final::cdcc7529",
"org.jboss.resteasy:resteasy-core-spi:6.2.7.Final::b3daa884",
"org.reactivestreams:reactive-streams:1.0.4::895ad079"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.jboss.resteasy:resteasy-core-spi:6.2.7.Final::b3daa884",
"Name": "org.jboss.resteasy:resteasy-core-spi",
"Identifier": {
"PURL": "pkg:maven/org.jboss.resteasy/resteasy-core-spi@6.2.7.Final",
"UID": "b4314cfb0226d56"
},
"Version": "6.2.7.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"jakarta.annotation:jakarta.annotation-api:2.1.1::78d77cec",
"jakarta.validation:jakarta.validation-api:3.0.2::dee863a2",
"jakarta.ws.rs:jakarta.ws.rs-api:3.1.0::35e0df68",
"jakarta.xml.bind:jakarta.xml.bind-api:4.0.2::ff6b5be5",
"org.jboss.logging:jboss-logging:3.5.3.Final::cdcc7529",
"org.reactivestreams:reactive-streams:1.0.4::895ad079"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.jboss.resteasy:resteasy-jackson2-provider:6.2.7.Final::cc16e549",
"Name": "org.jboss.resteasy:resteasy-jackson2-provider",
"Identifier": {
"PURL": "pkg:maven/org.jboss.resteasy/resteasy-jackson2-provider@6.2.7.Final",
"UID": "be7b2fb4d087fa79"
},
"Version": "6.2.7.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.fasterxml.jackson.core:jackson-annotations:2.18.0::35397b1c",
"com.fasterxml.jackson.core:jackson-core:2.18.0::1358b2b6",
"com.fasterxml.jackson.core:jackson-databind:2.18.0::8d1de767",
"com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-base:2.17.3::8bf5218f",
"com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-json-provider:2.17.3::8eb07707",
"com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations:2.17.3::6f0ba4d1",
"jakarta.servlet:jakarta.servlet-api:6.0.0::b24849b7",
"org.jboss.logging:jboss-logging:3.5.3.Final::cdcc7529"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.jboss.resteasy:resteasy-jaxb-provider:6.2.7.Final::3fb278b2",
"Name": "org.jboss.resteasy:resteasy-jaxb-provider",
"Identifier": {
"PURL": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@6.2.7.Final",
"UID": "147d8732fe4e53ef"
},
"Version": "6.2.7.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.sun.istack:istack-commons-runtime:4.1.2::684c6b99",
"jakarta.xml.bind:jakarta.xml.bind-api:4.0.2::ff6b5be5",
"org.glassfish.jaxb:codemodel:4.0.5::28cb2f32",
"org.glassfish.jaxb:jaxb-core:4.0.5::cc94282f",
"org.glassfish.jaxb:jaxb-jxc:4.0.5::77b010d8",
"org.glassfish.jaxb:jaxb-runtime:4.0.5::953067bb",
"org.glassfish.jaxb:jaxb-xjc:4.0.5::d8d59b22",
"org.glassfish.jaxb:txw2:4.0.5::e868f41c",
"org.glassfish.jaxb:xsom:4.0.5::7404a0e8",
"org.jboss.logging:jboss-logging:3.5.3.Final::cdcc7529"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.jboss.resteasy:resteasy-multipart-provider:6.2.7.Final::340b3aac",
"Name": "org.jboss.resteasy:resteasy-multipart-provider",
"Identifier": {
"PURL": "pkg:maven/org.jboss.resteasy/resteasy-multipart-provider@6.2.7.Final",
"UID": "7e219235f26339d2"
},
"Version": "6.2.7.Final",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"commons-io:commons-io:2.20.0::7ecb520a",
"jakarta.mail:jakarta.mail-api:2.1.3::76b82dc3",
"org.eclipse.angus:angus-mail:2.0.3::9610f6cb",
"org.jboss.logging:jboss-logging:3.5.3.Final::cdcc7529",
"org.jboss.resteasy:resteasy-core-spi:6.2.7.Final::b3daa884",
"org.jboss.resteasy:resteasy-core:6.2.7.Final::87e3e483",
"org.jboss.resteasy:resteasy-jaxb-provider:6.2.7.Final::3fb278b2"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.jboss:jandex::6d118cea",
"Name": "org.jboss:jandex",
"Identifier": {
"PURL": "pkg:maven/org.jboss/jandex",
"UID": "763cba780348ae67"
},
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.jetbrains:annotations:13.0::d26ab00c",
"Name": "org.jetbrains:annotations",
"Identifier": {
"PURL": "pkg:maven/org.jetbrains/annotations@13.0",
"UID": "907ad6b473f916f"
},
"Version": "13.0",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.keycloak:keycloak-common:25.0.6::c6e31eed",
"Name": "org.keycloak:keycloak-common",
"Identifier": {
"PURL": "pkg:maven/org.keycloak/keycloak-common@25.0.6",
"UID": "999fe1f30a8df6ce"
},
"Version": "25.0.6",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.keycloak:keycloak-core:25.0.6::f1be11d0",
"Name": "org.keycloak:keycloak-core",
"Identifier": {
"PURL": "pkg:maven/org.keycloak/keycloak-core@25.0.6",
"UID": "b8b62d3aedad8a78"
},
"Version": "25.0.6",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.reactivestreams:reactive-streams:1.0.4::895ad079",
"Name": "org.reactivestreams:reactive-streams",
"Identifier": {
"PURL": "pkg:maven/org.reactivestreams/reactive-streams@1.0.4",
"UID": "155528fca27d7b05"
},
"Version": "1.0.4",
"Licenses": [
"MIT-0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.slf4j:jul-to-slf4j:2.0.17::66a480e2",
"Name": "org.slf4j:jul-to-slf4j",
"Identifier": {
"PURL": "pkg:maven/org.slf4j/jul-to-slf4j@2.0.17",
"UID": "fbf1d690149d772c"
},
"Version": "2.0.17",
"Licenses": [
"MIT"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.slf4j:slf4j-api:2.0.17::b5c66eae"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.slf4j:slf4j-api:2.0.17::b5c66eae",
"Name": "org.slf4j:slf4j-api",
"Identifier": {
"PURL": "pkg:maven/org.slf4j/slf4j-api@2.0.17",
"UID": "f8085c3d799116b8"
},
"Version": "2.0.17",
"Licenses": [
"MIT"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.springdoc:springdoc-openapi-starter-common:2.2.0::dd01450f",
"Name": "org.springdoc:springdoc-openapi-starter-common",
"Identifier": {
"PURL": "pkg:maven/org.springdoc/springdoc-openapi-starter-common@2.2.0",
"UID": "140faaf471688dff"
},
"Version": "2.2.0",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.swagger.core.v3:swagger-core-jakarta:2.2.15::d3e39944",
"org.springframework.boot:spring-boot-autoconfigure:3.3.11::3f5212b9"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springdoc:springdoc-openapi-starter-webmvc-api:2.2.0::3d452163",
"Name": "org.springdoc:springdoc-openapi-starter-webmvc-api",
"Identifier": {
"PURL": "pkg:maven/org.springdoc/springdoc-openapi-starter-webmvc-api@2.2.0",
"UID": "14d55a7ea79ed7ee"
},
"Version": "2.2.0",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.springdoc:springdoc-openapi-starter-common:2.2.0::dd01450f",
"org.springframework:spring-webmvc:6.1.19::f566cf50"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot:3.3.11::2b96788e",
"Name": "org.springframework.boot:spring-boot",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot@3.3.11",
"UID": "783d382f94eec523"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.springframework:spring-context:6.1.19::e7635dab",
"org.springframework:spring-core:6.1.19::b2880312"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-autoconfigure:3.3.11::3f5212b9",
"Name": "org.springframework.boot:spring-boot-autoconfigure",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-autoconfigure@3.3.11",
"UID": "3bb3ec57cb719d57"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.springframework.boot:spring-boot:3.3.11::2b96788e"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-starter:3.3.11::6350e454",
"Name": "org.springframework.boot:spring-boot-starter",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-starter@3.3.11",
"UID": "ddd6fdc7fd1fde2f"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"jakarta.annotation:jakarta.annotation-api:2.1.1::78d77cec",
"org.springframework.boot:spring-boot-autoconfigure:3.3.11::3f5212b9",
"org.springframework.boot:spring-boot-starter-logging:3.3.11::bd91b810",
"org.springframework.boot:spring-boot:3.3.11::2b96788e",
"org.springframework:spring-core:6.1.19::b2880312",
"org.yaml:snakeyaml:2.2::924ed0fa"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-starter-aop:3.3.11::2ec345ea",
"Name": "org.springframework.boot:spring-boot-starter-aop",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-starter-aop@3.3.11",
"UID": "ea1239715f70ebb"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.aspectj:aspectjweaver:1.9.24::d6c75cb8",
"org.springframework.boot:spring-boot-starter:3.3.11::6350e454",
"org.springframework:spring-aop:6.1.19::b76c0204"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-starter-jdbc:3.3.11::1b44b319",
"Name": "org.springframework.boot:spring-boot-starter-jdbc",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-starter-jdbc@3.3.11",
"UID": "bfc70d17889d3df7"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.zaxxer:HikariCP:5.1.0::a9a0d6b5",
"org.springframework.boot:spring-boot-starter:3.3.11::6350e454",
"org.springframework:spring-jdbc:6.1.19::8a0ac3d0"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-starter-json:3.3.11::26975429",
"Name": "org.springframework.boot:spring-boot-starter-json",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-starter-json@3.3.11",
"UID": "c5d91b8b9c9f1bd8"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"com.fasterxml.jackson.core:jackson-databind:2.18.0::8d1de767",
"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.17.3::2384875f",
"com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.0::edac1c1f",
"com.fasterxml.jackson.module:jackson-module-parameter-names:2.17.3::fa2479a4",
"org.springframework.boot:spring-boot-starter:3.3.11::6350e454",
"org.springframework:spring-web:6.1.19::a7e654bb"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-starter-logging:3.3.11::bd91b810",
"Name": "org.springframework.boot:spring-boot-starter-logging",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-starter-logging@3.3.11",
"UID": "c138fd10d961424"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"ch.qos.logback:logback-classic:1.5.18::102ed9ea",
"org.apache.logging.log4j:log4j-to-slf4j:2.23.1::8c439945",
"org.slf4j:jul-to-slf4j:2.0.17::66a480e2"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-starter-reactor-netty:3.3.11::2277d4c9",
"Name": "org.springframework.boot:spring-boot-starter-reactor-netty",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-starter-reactor-netty@3.3.11",
"UID": "79c24b6ffd61508d"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.projectreactor.netty:reactor-netty-http:1.1.29::b9128aa6"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.boot:spring-boot-starter-tomcat:3.3.11::e8f23e0c",
"Name": "org.springframework.boot:spring-boot-starter-tomcat",
"Identifier": {
"PURL": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@3.3.11",
"UID": "c44a78ea7c4ed169"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"jakarta.annotation:jakarta.annotation-api:2.1.1::78d77cec",
"org.apache.tomcat.embed:tomcat-embed-core:10.1.40::86a92702",
"org.apache.tomcat.embed:tomcat-embed-el:10.1.40::1da84bef",
"org.apache.tomcat.embed:tomcat-embed-websocket:10.1.40::2ca4c79f"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.data:spring-data-commons:3.3.11::37ff38f5",
"Name": "org.springframework.data:spring-data-commons",
"Identifier": {
"PURL": "pkg:maven/org.springframework.data/spring-data-commons@3.3.11",
"UID": "5a8ede05d4c5bd3d"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.slf4j:slf4j-api:2.0.17::b5c66eae",
"org.springframework:spring-beans:6.1.19::1264d9b1",
"org.springframework:spring-core:6.1.19::b2880312"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.data:spring-data-jdbc:3.3.11::a09ec229",
"Name": "org.springframework.data:spring-data-jdbc",
"Identifier": {
"PURL": "pkg:maven/org.springframework.data/spring-data-jdbc@3.3.11",
"UID": "2be5cfe3e8db053d"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.slf4j:slf4j-api:2.0.17::b5c66eae",
"org.springframework.data:spring-data-commons:3.3.11::37ff38f5",
"org.springframework.data:spring-data-relational:3.3.11::a8302449",
"org.springframework:spring-beans:6.1.19::1264d9b1",
"org.springframework:spring-context:6.1.19::e7635dab",
"org.springframework:spring-core:6.1.19::b2880312",
"org.springframework:spring-jdbc:6.1.19::8a0ac3d0",
"org.springframework:spring-tx:6.1.19::925e2f39"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.data:spring-data-jpa:3.3.11::6565e856",
"Name": "org.springframework.data:spring-data-jpa",
"Identifier": {
"PURL": "pkg:maven/org.springframework.data/spring-data-jpa@3.3.11",
"UID": "1b36071775d47dc6"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"jakarta.annotation:jakarta.annotation-api:2.1.1::78d77cec",
"org.antlr:antlr4-runtime:4.13.0::faab9f67",
"org.slf4j:slf4j-api:2.0.17::b5c66eae",
"org.springframework.data:spring-data-commons:3.3.11::37ff38f5",
"org.springframework:spring-aop:6.1.19::b76c0204",
"org.springframework:spring-beans:6.1.19::1264d9b1",
"org.springframework:spring-context:6.1.19::e7635dab",
"org.springframework:spring-core:6.1.19::b2880312",
"org.springframework:spring-orm:6.1.19::897b269d",
"org.springframework:spring-tx:6.1.19::925e2f39"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.data:spring-data-keyvalue:3.3.11::183cfd25",
"Name": "org.springframework.data:spring-data-keyvalue",
"Identifier": {
"PURL": "pkg:maven/org.springframework.data/spring-data-keyvalue@3.3.11",
"UID": "996c1bb3a158b55a"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.slf4j:slf4j-api:2.0.17::b5c66eae",
"org.springframework.data:spring-data-commons:3.3.11::37ff38f5",
"org.springframework:spring-context:6.1.19::e7635dab",
"org.springframework:spring-tx:6.1.19::925e2f39"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.data:spring-data-redis:3.3.11::9f45f88c",
"Name": "org.springframework.data:spring-data-redis",
"Identifier": {
"PURL": "pkg:maven/org.springframework.data/spring-data-redis@3.3.11",
"UID": "c1f1ebf409b44533"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.slf4j:slf4j-api:2.0.17::b5c66eae",
"org.springframework.data:spring-data-keyvalue:3.3.11::183cfd25",
"org.springframework:spring-aop:6.1.19::b76c0204",
"org.springframework:spring-context-support:6.1.19::e5d8341b",
"org.springframework:spring-oxm:6.1.19::5e3a2183",
"org.springframework:spring-tx:6.1.19::925e2f39"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework.data:spring-data-relational:3.3.11::a8302449",
"Name": "org.springframework.data:spring-data-relational",
"Identifier": {
"PURL": "pkg:maven/org.springframework.data/spring-data-relational@3.3.11",
"UID": "9cedd898c6634b24"
},
"Version": "3.3.11",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.slf4j:slf4j-api:2.0.17::b5c66eae",
"org.springframework.data:spring-data-commons:3.3.11::37ff38f5",
"org.springframework:spring-beans:6.1.19::1264d9b1",
"org.springframework:spring-context:6.1.19::e7635dab",
"org.springframework:spring-core:6.1.19::b2880312",
"org.springframework:spring-tx:6.1.19::925e2f39"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-aop:6.1.19::b76c0204",
"Name": "org.springframework:spring-aop",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-aop@6.1.19",
"UID": "536d17c5ae3f1cc6"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.springframework:spring-beans:6.1.19::1264d9b1",
"org.springframework:spring-core:6.1.19::b2880312"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-aspects:6.1.19::22659178",
"Name": "org.springframework:spring-aspects",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-aspects@6.1.19",
"UID": "119656f273d7c151"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.aspectj:aspectjweaver:1.9.24::d6c75cb8"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-beans:6.1.19::1264d9b1",
"Name": "org.springframework:spring-beans",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-beans@6.1.19",
"UID": "74fe10fa4e68ecf"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.springframework:spring-core:6.1.19::b2880312"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-context:6.1.19::e7635dab",
"Name": "org.springframework:spring-context",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-context@6.1.19",
"UID": "ad1201a197083d44"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.micrometer:micrometer-observation:1.13.13::15d75e2f",
"org.springframework:spring-aop:6.1.19::b76c0204",
"org.springframework:spring-beans:6.1.19::1264d9b1",
"org.springframework:spring-core:6.1.19::b2880312",
"org.springframework:spring-expression:6.1.19::34b561b8"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-context-support:6.1.19::e5d8341b",
"Name": "org.springframework:spring-context-support",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-context-support@6.1.19",
"UID": "ae32faa66abe8a25"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.springframework:spring-beans:6.1.19::1264d9b1",
"org.springframework:spring-context:6.1.19::e7635dab",
"org.springframework:spring-core:6.1.19::b2880312"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-core:6.1.19::b2880312",
"Name": "org.springframework:spring-core",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-core@6.1.19",
"UID": "73864b2e8aa55ef5"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.springframework:spring-jcl:6.1.19::48597d05"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-expression:6.1.19::34b561b8",
"Name": "org.springframework:spring-expression",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-expression@6.1.19",
"UID": "d08eec183ec05f55"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.springframework:spring-core:6.1.19::b2880312"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-jcl:6.1.19::48597d05",
"Name": "org.springframework:spring-jcl",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-jcl@6.1.19",
"UID": "c8ee83e76aef08d6"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-jdbc:6.1.19::8a0ac3d0",
"Name": "org.springframework:spring-jdbc",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-jdbc@6.1.19",
"UID": "979d30ebce426fd8"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.springframework:spring-beans:6.1.19::1264d9b1",
"org.springframework:spring-core:6.1.19::b2880312",
"org.springframework:spring-tx:6.1.19::925e2f39"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-messaging:6.1.19::97719704",
"Name": "org.springframework:spring-messaging",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-messaging@6.1.19",
"UID": "6271a2bc143a9b53"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.springframework:spring-beans:6.1.19::1264d9b1",
"org.springframework:spring-core:6.1.19::b2880312"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-orm:6.1.19::897b269d",
"Name": "org.springframework:spring-orm",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-orm@6.1.19",
"UID": "9306b27ef5b36aa7"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.springframework:spring-beans:6.1.19::1264d9b1",
"org.springframework:spring-core:6.1.19::b2880312",
"org.springframework:spring-jdbc:6.1.19::8a0ac3d0",
"org.springframework:spring-tx:6.1.19::925e2f39"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-oxm:6.1.19::5e3a2183",
"Name": "org.springframework:spring-oxm",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-oxm@6.1.19",
"UID": "72a6fc37ddb6b16c"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"jakarta.xml.bind:jakarta.xml.bind-api:4.0.2::ff6b5be5",
"org.springframework:spring-beans:6.1.19::1264d9b1",
"org.springframework:spring-core:6.1.19::b2880312"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-tx:6.1.19::925e2f39",
"Name": "org.springframework:spring-tx",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-tx@6.1.19",
"UID": "9d481bb31cb341bb"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.springframework:spring-beans:6.1.19::1264d9b1",
"org.springframework:spring-core:6.1.19::b2880312"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-web:6.1.19::a7e654bb",
"Name": "org.springframework:spring-web",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-web@6.1.19",
"UID": "9f2bec8b903b88c0"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.micrometer:micrometer-observation:1.13.13::15d75e2f",
"org.springframework:spring-beans:6.1.19::1264d9b1",
"org.springframework:spring-core:6.1.19::b2880312"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-webflux:6.1.19::7ead476c",
"Name": "org.springframework:spring-webflux",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-webflux@6.1.19",
"UID": "e50d10fb12eae738"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"io.projectreactor:reactor-core:3.6.16::ba07cef5",
"org.springframework:spring-beans:6.1.19::1264d9b1",
"org.springframework:spring-core:6.1.19::b2880312",
"org.springframework:spring-web:6.1.19::a7e654bb"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-webmvc:6.1.19::f566cf50",
"Name": "org.springframework:spring-webmvc",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-webmvc@6.1.19",
"UID": "b54bdcbf3e94bada"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.springframework:spring-aop:6.1.19::b76c0204",
"org.springframework:spring-beans:6.1.19::1264d9b1",
"org.springframework:spring-context:6.1.19::e7635dab",
"org.springframework:spring-core:6.1.19::b2880312",
"org.springframework:spring-expression:6.1.19::34b561b8",
"org.springframework:spring-web:6.1.19::a7e654bb"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.springframework:spring-websocket:6.1.19::af043b03",
"Name": "org.springframework:spring-websocket",
"Identifier": {
"PURL": "pkg:maven/org.springframework/spring-websocket@6.1.19",
"UID": "4de1e8600bbb71a1"
},
"Version": "6.1.19",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"org.springframework:spring-context:6.1.19::e7635dab",
"org.springframework:spring-core:6.1.19::b2880312",
"org.springframework:spring-web:6.1.19::a7e654bb"
],
"AnalyzedBy": "pom"
},
{
"ID": "org.webjars:swagger-ui:5.2.0::7ae134a6",
"Name": "org.webjars:swagger-ui",
"Identifier": {
"PURL": "pkg:maven/org.webjars/swagger-ui@5.2.0",
"UID": "15cbef28a5704df6"
},
"Version": "5.2.0",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
},
{
"ID": "org.yaml:snakeyaml:2.2::924ed0fa",
"Name": "org.yaml:snakeyaml",
"Identifier": {
"PURL": "pkg:maven/org.yaml/snakeyaml@2.2",
"UID": "f8236cdfba1bd3bb"
},
"Version": "2.2",
"Licenses": [
"Apache-2.0"
],
"Indirect": true,
"Relationship": "indirect",
"AnalyzedBy": "pom"
}
],
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2025-11226",
"VendorIDs": [
"GHSA-25qh-j22f-pwp8"
],
"PkgID": "ch.qos.logback:logback-core:1.5.18::f585bff2",
"PkgName": "ch.qos.logback:logback-core",
"PkgIdentifier": {
"PURL": "pkg:maven/ch.qos.logback/logback-core@1.5.18",
"UID": "a1220eea57bd5e5c"
},
"InstalledVersion": "1.5.18",
"FixedVersion": "1.5.19, 1.3.16",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11226",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:335a1c5db2b4ea791f6b0f224452595299e8c85799d9662122126860015b7d5c",
"Title": "ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core",
"Description": "ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.\n\n\n\nA successful attack requires the presence of Janino library and Spring Framework to be present on the user's class path. In addition, the attacker must\u00a0 have write access to a \nconfiguration file. Alternatively, the attacker could inject a malicious \nenvironment variable pointing to a malicious configuration file. In both \ncases, the attack requires existing privilege.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-20"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L",
"V40Score": 5.9
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L",
"V3Score": 6.4
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-11226",
"https://github.com/qos-ch/logback",
"https://github.com/qos-ch/logback/commit/61f6a2544f36b3016e0efd434ee21f19269f1df7",
"https://github.com/qos-ch/logback/issues/974",
"https://github.com/qos-ch/logback/releases/tag/v_1.5.19",
"https://logback.qos.ch/news.html#1.3.16",
"https://logback.qos.ch/news.html#1.5.19",
"https://nvd.nist.gov/vuln/detail/CVE-2025-11226",
"https://www.cve.org/CVERecord?id=CVE-2025-11226"
],
"PublishedDate": "2025-10-01T08:15:31.25Z",
"LastModifiedDate": "2025-10-31T15:15:41.197Z"
},
{
"VulnerabilityID": "CVE-2025-58057",
"VendorIDs": [
"GHSA-3p8m-j85q-pgmj"
],
"PkgID": "io.netty:netty-codec:4.1.119.Final::1211ef73",
"PkgName": "io.netty:netty-codec",
"PkgIdentifier": {
"PURL": "pkg:maven/io.netty/netty-codec@4.1.119.Final",
"UID": "4455707ba939e9ce"
},
"InstalledVersion": "4.1.119.Final",
"FixedVersion": "4.1.125.Final",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58057",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:d2202f50a14931623114d7ded4a52f1dfce0f385414d6664e03e471f3ec9c0ef",
"Title": "netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack",
"Description": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted input, BrotliDecoder and certain other decompression decoders will allocate a large number of reachable byte buffers, which can lead to denial of service. BrotliDecoder.decompress has no limit in how often it calls pull, decompressing data 64K bytes at a time. The buffers are saved in the output list, and remain reachable until OOM is hit. This is fixed in versions 4.1.125.Final of netty-codec and 4.2.5.Final of netty-codec-compression.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-409"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"V40Score": 6.9
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-58057",
"https://github.com/netty/netty",
"https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d",
"https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d (netty-4.2.5.Final)",
"https://github.com/netty/netty/security/advisories/GHSA-3p8m-j85q-pgmj",
"https://nvd.nist.gov/vuln/detail/CVE-2025-58057",
"https://ubuntu.com/security/notices/USN-7918-1",
"https://www.cve.org/CVERecord?id=CVE-2025-58057"
],
"PublishedDate": "2025-09-04T10:42:32.18Z",
"LastModifiedDate": "2025-09-08T16:45:55.143Z"
},
{
"VulnerabilityID": "CVE-2025-67735",
"VendorIDs": [
"GHSA-84h7-rjj3-6jx4"
],
"PkgID": "io.netty:netty-codec-http:4.1.119.Final::27595423",
"PkgName": "io.netty:netty-codec-http",
"PkgIdentifier": {
"PURL": "pkg:maven/io.netty/netty-codec-http@4.1.119.Final",
"UID": "6ec529c9ff4aa6ce"
},
"InstalledVersion": "4.1.119.Final",
"FixedVersion": "4.2.8.Final, 4.1.129.Final",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-67735",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:1821e4fbdee45275c04666cbb85646e11ebcbb75f7ea44a0c2bc7cdf55659820",
"Title": "netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection",
"Description": "Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is used without proper sanitization of the URI. Any application / framework using `HttpRequestEncoder` can be subject to be abused to perform request smuggling using CRLF injection. Versions 4.1.129.Final and 4.2.8.Final fix the issue.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-93"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"V3Score": 6.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-67735",
"https://github.com/netty/netty",
"https://github.com/netty/netty/commit/77e81f1e5944d98b3acf887d3aa443b252752e94",
"https://github.com/netty/netty/security/advisories/GHSA-84h7-rjj3-6jx4",
"https://nvd.nist.gov/vuln/detail/CVE-2025-67735",
"https://www.cve.org/CVERecord?id=CVE-2025-67735"
],
"PublishedDate": "2025-12-16T01:15:52.367Z",
"LastModifiedDate": "2026-01-02T18:50:23.313Z"
},
{
"VulnerabilityID": "CVE-2025-55163",
"VendorIDs": [
"GHSA-prj3-ccx8-p6x4"
],
"PkgID": "io.netty:netty-codec-http2:4.1.119.Final::b847f33d",
"PkgName": "io.netty:netty-codec-http2",
"PkgIdentifier": {
"PURL": "pkg:maven/io.netty/netty-codec-http2@4.1.119.Final",
"UID": "f9f834663d81f1df"
},
"InstalledVersion": "4.1.119.Final",
"FixedVersion": "4.2.4.Final, 4.1.124.Final",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-55163",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:a7297224191c030b3309a31183ec7d2a002b31d852820de95e44e9e170e6f542",
"Title": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability",
"Description": "Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.",
"Severity": "HIGH",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"ghsa": 3,
"nvd": 3,
"redhat": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"V3Score": 7.5,
"V40Score": 8.2
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"http://www.openwall.com/lists/oss-security/2025/08/16/1",
"https://access.redhat.com/security/cve/CVE-2025-55163",
"https://github.com/grpc/grpc-java/commit/6462ef9a11980e168c21d90bbc7245c728fd1a7a",
"https://github.com/netty/netty",
"https://github.com/netty/netty/commit/be53dc3c9acd9af2e20d0c3c07cd77115a594cf1",
"https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4",
"https://kb.cert.org/vuls/id/767506",
"https://nvd.nist.gov/vuln/detail/CVE-2025-55163",
"https://www.cve.org/CVERecord?id=CVE-2025-55163",
"https://www.kb.cert.org/vuls/id/767506"
],
"PublishedDate": "2025-08-13T15:15:39.39Z",
"LastModifiedDate": "2025-11-04T22:16:30.293Z"
},
{
"VulnerabilityID": "CVE-2025-22227",
"VendorIDs": [
"GHSA-4q2v-9p7v-3v22"
],
"PkgID": "io.projectreactor.netty:reactor-netty-http:1.1.29::b9128aa6",
"PkgName": "io.projectreactor.netty:reactor-netty-http",
"PkgIdentifier": {
"PURL": "pkg:maven/io.projectreactor.netty/reactor-netty-http@1.1.29",
"UID": "6a5f4ac0c89b201"
},
"InstalledVersion": "1.1.29",
"FixedVersion": "1.3.0-M5, 1.2.8",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22227",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:5a49f540f584bf08b2a666e26c4eed2a4b50761c6383390a4c784aa8a2a2ebef",
"Title": "io.projectreactor.netty/reactor-netty: Reactor Netty Credential Leak via Redirects",
"Description": "In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"V3Score": 6.1
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"V3Score": 6.1
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-22227",
"https://github.com/reactor/reactor-netty",
"https://github.com/reactor/reactor-netty/commit/522892307ea89bf24fe634e8bfea35728c9bf411",
"https://nvd.nist.gov/vuln/detail/CVE-2025-22227",
"https://spring.io/security/cve-2025-22227",
"https://www.cve.org/CVERecord?id=CVE-2025-22227"
],
"PublishedDate": "2025-07-16T10:15:27.787Z",
"LastModifiedDate": "2025-07-16T15:15:25.057Z"
},
{
"VulnerabilityID": "CVE-2025-48988",
"VendorIDs": [
"GHSA-h3gc-qfqq-6h8f"
],
"PkgID": "org.apache.tomcat.embed:tomcat-embed-core:10.1.40::86a92702",
"PkgName": "org.apache.tomcat.embed:tomcat-embed-core",
"PkgIdentifier": {
"PURL": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40",
"UID": "6e48675bd5e94087"
},
"InstalledVersion": "10.1.40",
"FixedVersion": "11.0.8, 10.1.42, 9.0.106",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-48988",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:44ce28c9693703875492813037ff8f28ea3ed441503cbcc4b22013e62043b06d",
"Title": "tomcat: Apache Tomcat DoS in multipart upload",
"Description": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"Severity": "HIGH",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"alma": 3,
"amazon": 2,
"bitnami": 3,
"ghsa": 3,
"oracle-oval": 3,
"photon": 3,
"redhat": 2,
"rocky": 3,
"ubuntu": 2
},
"CVSS": {
"bitnami": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"V3Score": 7.5,
"V40Score": 8.7
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"http://www.openwall.com/lists/oss-security/2025/06/16/1",
"https://access.redhat.com/errata/RHSA-2025:14178",
"https://access.redhat.com/security/cve/CVE-2025-48988",
"https://bugzilla.redhat.com/2373015",
"https://bugzilla.redhat.com/2373018",
"https://bugzilla.redhat.com/2373020",
"https://bugzilla.redhat.com/2373309",
"https://bugzilla.redhat.com/2379374",
"https://bugzilla.redhat.com/2379382",
"https://bugzilla.redhat.com/2379386",
"https://bugzilla.redhat.com/show_bug.cgi?id=2373015",
"https://bugzilla.redhat.com/show_bug.cgi?id=2373018",
"https://bugzilla.redhat.com/show_bug.cgi?id=2373020",
"https://bugzilla.redhat.com/show_bug.cgi?id=2373309",
"https://bugzilla.redhat.com/show_bug.cgi?id=2379374",
"https://bugzilla.redhat.com/show_bug.cgi?id=2379382",
"https://bugzilla.redhat.com/show_bug.cgi?id=2379386",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48976",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48989",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506",
"https://errata.almalinux.org/10/ALSA-2025-14178.html",
"https://errata.rockylinux.org/RLSA-2025:14181",
"https://github.com/apache/tomcat",
"https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e",
"https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e (11.0.8)",
"https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6",
"https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6 (10.1.42)",
"https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910",
"https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910 (9.0.106)",
"https://linux.oracle.com/cve/CVE-2025-48988.html",
"https://linux.oracle.com/errata/ELSA-2025-14181.html",
"https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18",
"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html",
"https://nvd.nist.gov/vuln/detail/CVE-2025-48988",
"https://tomcat.apache.org/security-10.html",
"https://tomcat.apache.org/security-11.html",
"https://tomcat.apache.org/security-9.html",
"https://www.cve.org/CVERecord?id=CVE-2025-48988"
],
"PublishedDate": "2025-06-16T15:15:24.563Z",
"LastModifiedDate": "2025-11-03T20:19:07.89Z"
},
{
"VulnerabilityID": "CVE-2025-48989",
"VendorIDs": [
"GHSA-gqp3-2cvr-x8m3"
],
"PkgID": "org.apache.tomcat.embed:tomcat-embed-core:10.1.40::86a92702",
"PkgName": "org.apache.tomcat.embed:tomcat-embed-core",
"PkgIdentifier": {
"PURL": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40",
"UID": "6e48675bd5e94087"
},
"InstalledVersion": "10.1.40",
"FixedVersion": "11.0.10, 10.1.44, 9.0.108",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-48989",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:f822da2c3e1bfc35fc0496c5fb93ba3bb8e6558286bb4d56d4f98a57e0e338bb",
"Title": "tomcat: http/2 \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"Description": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.",
"Severity": "HIGH",
"CweIDs": [
"CWE-404"
],
"VendorSeverity": {
"alma": 3,
"amazon": 3,
"bitnami": 3,
"ghsa": 3,
"oracle-oval": 3,
"redhat": 3,
"rocky": 3,
"ubuntu": 2
},
"CVSS": {
"bitnami": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"http://www.openwall.com/lists/oss-security/2025/08/13/2",
"https://access.redhat.com/errata/RHSA-2025:14178",
"https://access.redhat.com/security/cve/CVE-2025-48989",
"https://bugzilla.redhat.com/2373015",
"https://bugzilla.redhat.com/2373018",
"https://bugzilla.redhat.com/2373020",
"https://bugzilla.redhat.com/2373309",
"https://bugzilla.redhat.com/2379374",
"https://bugzilla.redhat.com/2379382",
"https://bugzilla.redhat.com/2379386",
"https://bugzilla.redhat.com/show_bug.cgi?id=2373015",
"https://bugzilla.redhat.com/show_bug.cgi?id=2373018",
"https://bugzilla.redhat.com/show_bug.cgi?id=2373020",
"https://bugzilla.redhat.com/show_bug.cgi?id=2373309",
"https://bugzilla.redhat.com/show_bug.cgi?id=2379374",
"https://bugzilla.redhat.com/show_bug.cgi?id=2379382",
"https://bugzilla.redhat.com/show_bug.cgi?id=2379386",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48976",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48989",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506",
"https://errata.almalinux.org/10/ALSA-2025-14178.html",
"https://errata.rockylinux.org/RLSA-2025:14181",
"https://github.com/apache/tomcat",
"https://github.com/apache/tomcat/commit/73c04a10395774bda71a0b37802cf983662ce255",
"https://github.com/apache/tomcat/commit/73c04a10395774bda71a0b37802cf983662ce255 (10.1.44)",
"https://github.com/apache/tomcat/commit/f362c8eb3b8ec5b7f312f7f5610731c0fb299a06",
"https://github.com/apache/tomcat/commit/f362c8eb3b8ec5b7f312f7f5610731c0fb299a06 (11.0.10)",
"https://github.com/apache/tomcat/commit/f36b8a4eea4ce8a0bc035079e1d259d29f5eb7bf",
"https://github.com/apache/tomcat/commit/f36b8a4eea4ce8a0bc035079e1d259d29f5eb7bf (9.0.108)",
"https://kb.cert.org/vuls/id/767506",
"https://linux.oracle.com/cve/CVE-2025-48989.html",
"https://linux.oracle.com/errata/ELSA-2025-14181.html",
"https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf",
"https://nvd.nist.gov/vuln/detail/CVE-2025-48989",
"https://tomcat.apache.org/security-10.html",
"https://tomcat.apache.org/security-11.html",
"https://tomcat.apache.org/security-9.html",
"https://www.cve.org/CVERecord?id=CVE-2025-48989",
"https://www.kb.cert.org/vuls/id/767506"
],
"PublishedDate": "2025-08-13T13:15:34.153Z",
"LastModifiedDate": "2025-11-04T22:16:17.987Z"
},
{
"VulnerabilityID": "CVE-2025-55752",
"VendorIDs": [
"GHSA-wmwf-9ccg-fff5"
],
"PkgID": "org.apache.tomcat.embed:tomcat-embed-core:10.1.40::86a92702",
"PkgName": "org.apache.tomcat.embed:tomcat-embed-core",
"PkgIdentifier": {
"PURL": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40",
"UID": "6e48675bd5e94087"
},
"InstalledVersion": "10.1.40",
"FixedVersion": "11.0.11, 10.1.45, 9.0.109",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-55752",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:e0a7c84cbe580f419e290a157ef4199797e14ccc3e2a40b6501a726576bf8fd7",
"Title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"Description": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"Severity": "HIGH",
"CweIDs": [
"CWE-23"
],
"VendorSeverity": {
"alma": 3,
"amazon": 3,
"bitnami": 3,
"ghsa": 3,
"oracle-oval": 3,
"redhat": 3,
"rocky": 3
},
"CVSS": {
"bitnami": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.5
},
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"V3Score": 7.5,
"V40Score": 7.7
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.5
}
},
"References": [
"http://www.openwall.com/lists/oss-security/2025/10/27/4",
"https://access.redhat.com/errata/RHSA-2025:23052",
"https://access.redhat.com/security/cve/CVE-2025-55752",
"https://bugzilla.redhat.com/2362782",
"https://bugzilla.redhat.com/2406591",
"https://bugzilla.redhat.com/show_bug.cgi?id=2362782",
"https://bugzilla.redhat.com/show_bug.cgi?id=2406591",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31651",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752",
"https://errata.almalinux.org/10/ALSA-2025-23052.html",
"https://errata.rockylinux.org/RLSA-2025:23049",
"https://github.com/apache/tomcat",
"https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06",
"https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df",
"https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"https://linux.oracle.com/cve/CVE-2025-55752.html",
"https://linux.oracle.com/errata/ELSA-2025-23052.html",
"https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45",
"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11",
"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109",
"https://www.cve.org/CVERecord?id=CVE-2025-55752",
"https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability",
"https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability"
],
"PublishedDate": "2025-10-27T18:15:42.283Z",
"LastModifiedDate": "2025-11-14T17:44:41.047Z"
},
{
"VulnerabilityID": "CVE-2025-49124",
"VendorIDs": [
"GHSA-42wg-hm62-jcwg"
],
"PkgID": "org.apache.tomcat.embed:tomcat-embed-core:10.1.40::86a92702",
"PkgName": "org.apache.tomcat.embed:tomcat-embed-core",
"PkgIdentifier": {
"PURL": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40",
"UID": "6e48675bd5e94087"
},
"InstalledVersion": "10.1.40",
"FixedVersion": "11.0.8, 10.1.42, 9.0.106",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49124",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:20f1ca84c32a61eaa885a07848e10ea114d4cf6b80099407cba87a50505e3584",
"Title": "Apache Tomcat installer for Windows has an untrusted search path vulnerability",
"Description": "Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100 and 7.0.95 through 7.0.109.\u00a0Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-426"
],
"VendorSeverity": {
"bitnami": 3,
"ghsa": 2,
"photon": 3
},
"CVSS": {
"bitnami": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 8.4
},
"ghsa": {
"V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"V40Score": 4.8
}
},
"References": [
"http://www.openwall.com/lists/oss-security/2025/06/16/3",
"https://github.com/apache/tomcat",
"https://github.com/apache/tomcat/commit/28726cc2e63bed68771f5eb0f65a78dc7080571823",
"https://github.com/apache/tomcat/commit/c56456cda8151c9504dfb7985700824559d769a7",
"https://github.com/apache/tomcat/commit/e0e07812224d327a321babb554f5a5758d30cc49",
"https://lists.apache.org/thread/lnow7tt2j6hb9kcpkggx32ht6o90vqzv",
"https://nvd.nist.gov/vuln/detail/CVE-2025-49124",
"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.42",
"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.8",
"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.106"
],
"PublishedDate": "2025-06-16T15:15:24.707Z",
"LastModifiedDate": "2025-10-29T12:15:36.863Z"
},
{
"VulnerabilityID": "CVE-2025-49125",
"VendorIDs": [
"GHSA-wc4r-xq3c-5cf3"
],
"PkgID": "org.apache.tomcat.embed:tomcat-embed-core:10.1.40::86a92702",
"PkgName": "org.apache.tomcat.embed:tomcat-embed-core",
"PkgIdentifier": {
"PURL": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40",
"UID": "6e48675bd5e94087"
},
"InstalledVersion": "10.1.40",
"FixedVersion": "11.0.8, 10.1.42, 9.0.106",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49125",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:be3fe84de08b2364f823a648274987db993d701e66af99ed6519606a2f5edb1c",
"Title": "tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources",
"Description": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.\u00a0 When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-288"
],
"VendorSeverity": {
"alma": 3,
"amazon": 3,
"bitnami": 3,
"ghsa": 2,
"oracle-oval": 3,
"photon": 3,
"redhat": 1,
"rocky": 3,
"ubuntu": 2
},
"CVSS": {
"bitnami": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 7.5
},
"ghsa": {
"V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"V40Score": 6.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"V3Score": 3.7
}
},
"References": [
"http://www.openwall.com/lists/oss-security/2025/06/16/2",
"https://access.redhat.com/errata/RHSA-2025:14178",
"https://access.redhat.com/security/cve/CVE-2025-49125",
"https://bugzilla.redhat.com/2373015",
"https://bugzilla.redhat.com/2373018",
"https://bugzilla.redhat.com/2373020",
"https://bugzilla.redhat.com/2373309",
"https://bugzilla.redhat.com/2379374",
"https://bugzilla.redhat.com/2379382",
"https://bugzilla.redhat.com/2379386",
"https://bugzilla.redhat.com/show_bug.cgi?id=2373015",
"https://bugzilla.redhat.com/show_bug.cgi?id=2373018",
"https://bugzilla.redhat.com/show_bug.cgi?id=2373020",
"https://bugzilla.redhat.com/show_bug.cgi?id=2373309",
"https://bugzilla.redhat.com/show_bug.cgi?id=2379374",
"https://bugzilla.redhat.com/show_bug.cgi?id=2379382",
"https://bugzilla.redhat.com/show_bug.cgi?id=2379386",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48976",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48989",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506",
"https://errata.almalinux.org/10/ALSA-2025-14178.html",
"https://errata.rockylinux.org/RLSA-2025:14181",
"https://github.com/apache/tomcat",
"https://github.com/apache/tomcat/commit/7617b9c247bc77ed0444dd69adcd8aa48777886c",
"https://github.com/apache/tomcat/commit/7617b9c247bc77ed0444dd69adcd8aa48777886c (10.1.42)",
"https://github.com/apache/tomcat/commit/9418e3ff9f1f4c006b4661311ae9376c52d162b9",
"https://github.com/apache/tomcat/commit/9418e3ff9f1f4c006b4661311ae9376c52d162b9 (9.0.106)",
"https://github.com/apache/tomcat/commit/d94bd36fb7eb32e790dae0339bc249069649a637",
"https://github.com/apache/tomcat/commit/d94bd36fb7eb32e790dae0339bc249069649a637 (11.0.8)",
"https://linux.oracle.com/cve/CVE-2025-49125.html",
"https://linux.oracle.com/errata/ELSA-2025-14181.html",
"https://lists.apache.org/thread/m66cytbfrty9k7dc4cg6tl1czhsnbywk",
"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html",
"https://nvd.nist.gov/vuln/detail/CVE-2025-49125",
"https://tomcat.apache.org/security-10.html",
"https://tomcat.apache.org/security-11.html",
"https://tomcat.apache.org/security-9.html",
"https://www.cve.org/CVERecord?id=CVE-2025-49125"
],
"PublishedDate": "2025-06-16T15:15:24.85Z",
"LastModifiedDate": "2025-11-03T20:19:08.213Z"
},
{
"VulnerabilityID": "CVE-2025-66614",
"VendorIDs": [
"GHSA-fpj8-gq4v-p354"
],
"PkgID": "org.apache.tomcat.embed:tomcat-embed-core:10.1.40::86a92702",
"PkgName": "org.apache.tomcat.embed:tomcat-embed-core",
"PkgIdentifier": {
"PURL": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40",
"UID": "6e48675bd5e94087"
},
"InstalledVersion": "10.1.40",
"FixedVersion": "11.0.14, 10.1.49, 9.0.112",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-66614",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:7daee2eabd2dd0df9d493c3b1c360f98cc30bcf0f71e1319d112e4193b414005",
"Title": "tomcat: Client certificate verification bypass due to virtual host mapping",
"Description": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-20"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"V40Score": 6.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-66614",
"https://github.com/apache/tomcat",
"https://github.com/apache/tomcat/commit/152c14885d45f5e0a8b59bd9f93c289cfe20ce30",
"https://github.com/apache/tomcat/commit/258a591b61f8cf5c22109e21e5a2a38b63454fd2",
"https://github.com/apache/tomcat/commit/5053fa82a1b2b52756810601227984a8b71888a4",
"https://github.com/apache/tomcat/commit/9276b5e783c8cd5b3fe2bb716306b65004bdd940",
"https://github.com/apache/tomcat/commit/972f9a5e2a07674d92610c478aac1b205d60724e",
"https://github.com/apache/tomcat/commit/a4aa74232e826028cd2f7ba0445caf8a8b52c509",
"https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7",
"https://nvd.nist.gov/vuln/detail/CVE-2025-66614",
"https://tomcat.apache.org/security-10.html",
"https://tomcat.apache.org/security-11.html",
"https://tomcat.apache.org/security-9.html",
"https://www.cve.org/CVERecord?id=CVE-2025-66614"
],
"PublishedDate": "2026-02-17T19:21:55.31Z",
"LastModifiedDate": "2026-02-18T17:51:53.51Z"
},
{
"VulnerabilityID": "CVE-2024-10039",
"VendorIDs": [
"GHSA-93ww-43rr-79v3"
],
"PkgID": "org.keycloak:keycloak-core:25.0.6::f1be11d0",
"PkgName": "org.keycloak:keycloak-core",
"PkgIdentifier": {
"PURL": "pkg:maven/org.keycloak/keycloak-core@25.0.6",
"UID": "b8b62d3aedad8a78"
},
"InstalledVersion": "25.0.6",
"FixedVersion": "26.0.6",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-10039",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:3b47d23bde02780ee9595fe3173450a4df5f4c1ad8900357aedccbf80b249ab1",
"Title": "keycloak-core: mTLS passthrough",
"Description": "A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication mechanism.",
"Severity": "HIGH",
"VendorSeverity": {
"ghsa": 3,
"redhat": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"V3Score": 7.1
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"V3Score": 7.1
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-10039",
"https://github.com/keycloak/keycloak",
"https://github.com/keycloak/keycloak/issues/35217",
"https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3",
"https://nvd.nist.gov/vuln/detail/CVE-2024-10039",
"https://www.cve.org/CVERecord?id=CVE-2024-10039"
]
},
{
"VulnerabilityID": "CVE-2025-41249",
"VendorIDs": [
"GHSA-jmp9-x22r-554x"
],
"PkgID": "org.springframework:spring-core:6.1.19::b2880312",
"PkgName": "org.springframework:spring-core",
"PkgIdentifier": {
"PURL": "pkg:maven/org.springframework/spring-core@6.1.19",
"UID": "73864b2e8aa55ef5"
},
"InstalledVersion": "6.1.19",
"FixedVersion": "6.2.11",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-41249",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:16b4bf829644b359d31d2ec1bf4ecd1875a6b5ccdd183190887e774d391015fe",
"Title": "org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability",
"Description": "The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions.\n\nYour application may be affected by this if you are using Spring Security's @EnableMethodSecurity\u00a0feature.\n\nYou are not affected by this if you are not using @EnableMethodSecurity\u00a0or if you do not use security annotations on methods in generic superclasses or generic interfaces.\n\nThis CVE is published in conjunction with CVE-2025-41248 https://spring.io/security/cve-2025-41248 .",
"Severity": "HIGH",
"CweIDs": [
"CWE-285"
],
"VendorSeverity": {
"ghsa": 3,
"redhat": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-41249",
"https://github.com/spring-projects/spring-framework",
"https://github.com/spring-projects/spring-framework/commit/6d710d482a6785b069e35022e81758953afc21ff",
"https://github.com/spring-projects/spring-framework/issues/35342",
"https://github.com/spring-projects/spring-framework/releases/tag/v6.2.11",
"https://nvd.nist.gov/vuln/detail/CVE-2025-41249",
"https://spring.io/security/cve-2025-41249",
"https://www.cve.org/CVERecord?id=CVE-2025-41249"
],
"PublishedDate": "2025-09-16T11:15:30.887Z",
"LastModifiedDate": "2025-09-16T20:15:35.127Z"
},
{
"VulnerabilityID": "CVE-2025-41234",
"VendorIDs": [
"GHSA-6r3c-xf4w-jxjm"
],
"PkgID": "org.springframework:spring-web:6.1.19::a7e654bb",
"PkgName": "org.springframework:spring-web",
"PkgIdentifier": {
"PURL": "pkg:maven/org.springframework/spring-web@6.1.19",
"UID": "9f2bec8b903b88c0"
},
"InstalledVersion": "6.1.19",
"FixedVersion": "6.2.8, 6.1.21",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-41234",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:1b2670219888e487dc5edc2d3b11b67731be767ab370f24d1065774ba08bfe03",
"Title": "springframework: Reflected download attack in Spring Framework with non-ASCII headers",
"Description": "Description\n\nIn Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a \u201cContent-Disposition\u201d header with a non-ASCII charset, where the filename attribute is derived from user-supplied input.\n\nSpecifically, an application is vulnerable when all the following are true:\n\n * The header is prepared with org.springframework.http.ContentDisposition.\n * The filename is set via ContentDisposition.Builder#filename(String, Charset).\n * The value for the filename is derived from user-supplied input.\n * The application does not sanitize the user-supplied input.\n * The downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details).\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not set a \u201cContent-Disposition\u201d response header.\n * The header is not prepared with org.springframework.http.ContentDisposition.\n * The filename is set via one of: * ContentDisposition.Builder#filename(String), or\n * ContentDisposition.Builder#filename(String, ASCII)\n\n\n\n * The filename is not derived from user-supplied input.\n * The filename is derived from user-supplied input but sanitized by the application.\n * The attacker cannot inject malicious content in the downloaded content of the response.\n\n\nAffected Spring Products and VersionsSpring Framework:\n\n * 6.2.0 - 6.2.7\n * 6.1.0 - 6.1.20\n * 6.0.5 - 6.0.28\n * Older, unsupported versions are not affected\n\n\nMitigationUsers of affected versions should upgrade to the corresponding fixed version.\n\nAffected version(s)Fix versionAvailability6.2.x6.2.8OSS6.1.x6.1.21OSS6.0.x6.0.29 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary.\n\n\nCWE-113 in `Content-Disposition` handling in VMware Spring Framework versions 6.0.5 to 6.2.7 allows remote attackers to launch Reflected File Download (RFD) attacks via unsanitized user input in `ContentDisposition.Builder#filename(String, Charset)` with non-ASCII charsets.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-113"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"V3Score": 6.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-41234",
"https://github.com/spring-projects/spring-framework",
"https://github.com/spring-projects/spring-framework/commit/f0e7b42704e6b33958f242d91bd690d6ef7ada9c",
"https://github.com/spring-projects/spring-framework/commit/fd68ea6fcbf94fc1d38bfefd3692fe094652ab3d",
"https://github.com/spring-projects/spring-framework/issues/35034",
"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N&version=3.1",
"https://nvd.nist.gov/vuln/detail/CVE-2025-41234",
"https://spring.io/security/cve-2025-41234",
"https://www.cve.org/CVERecord?id=CVE-2025-41234"
],
"PublishedDate": "2025-06-12T22:15:21.09Z",
"LastModifiedDate": "2025-06-16T12:32:18.84Z"
},
{
"VulnerabilityID": "CVE-2025-41242",
"VendorIDs": [
"GHSA-r936-gwx5-v52f"
],
"PkgID": "org.springframework:spring-webmvc:6.1.19::f566cf50",
"PkgName": "org.springframework:spring-webmvc",
"PkgIdentifier": {
"PURL": "pkg:maven/org.springframework/spring-webmvc@6.1.19",
"UID": "b54bdcbf3e94bada"
},
"InstalledVersion": "6.1.19",
"FixedVersion": "6.2.10",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-41242",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:fd62dcbec3b5cac4d6201653f205be8610ee8bdd56db601c5aa0966678a6f379",
"Title": "org.springframework/spring-webmvc: Spring Framework MVC path traversal vulnerability",
"Description": "Spring Framework MVC applications can be vulnerable to a \u201cPath Traversal Vulnerability\u201d when deployed on a non-compliant Servlet container.\n\nAn application can be vulnerable when all the following are true:\n\n * the application is deployed as a WAR or with an embedded Servlet container\n * the Servlet container does not reject suspicious sequences https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization \n * the application serves static resources https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title \u00a0with Spring resource handling\n\n\nWe have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-22"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.9
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.9
}
},
"References": [
"http://spring.io/security/cve-2025-41242",
"https://access.redhat.com/security/cve/CVE-2025-41242",
"https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title",
"https://github.com/spring-projects/spring-framework",
"https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization",
"https://nvd.nist.gov/vuln/detail/CVE-2025-41242",
"https://www.cve.org/CVERecord?id=CVE-2025-41242"
],
"PublishedDate": "2025-08-18T09:15:28.637Z",
"LastModifiedDate": "2025-08-25T19:15:29.667Z"
},
{
"VulnerabilityID": "CVE-2025-41254",
"VendorIDs": [
"GHSA-7fch-4f2f-jcgm"
],
"PkgID": "org.springframework:spring-websocket:6.1.19::af043b03",
"PkgName": "org.springframework:spring-websocket",
"PkgIdentifier": {
"PURL": "pkg:maven/org.springframework/spring-websocket@6.1.19",
"UID": "4de1e8600bbb71a1"
},
"InstalledVersion": "6.1.19",
"FixedVersion": "6.2.12",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-41254",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory Maven",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
},
"Fingerprint": "sha256:d103568331f2819ddd9418d147add0497f6f8c235aa96d4563c61d16510f47d2",
"Title": "org.springframework/spring-core: Spring Framework STOMP CSRF Vulnerability",
"Description": "STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages.\n\nAffected Spring Products and VersionsSpring Framework:\n\n * 6.2.0 - 6.2.11\n * 6.1.0 - 6.1.23\n * 6.0.x - 6.0.29\n * 5.3.0 - 5.3.45\n * Older, unsupported versions are also affected.\n\n\nMitigationUsers of affected versions should upgrade to the corresponding fixed version.\n\nAffected version(s)Fix versionAvailability6.2.x6.2.12OSS6.1.x6.1.24 Commercial https://enterprise.spring.io/ 6.0.xN/A Out of support https://spring.io/projects/spring-framework#support 5.3.x5.3.46 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary.\n\nCreditThis vulnerability was discovered and responsibly reported by Jannis Kaiser.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-352"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"V3Score": 4.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"V3Score": 4.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-41254",
"https://github.com/spring-projects/spring-framework",
"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N&version=3.1",
"https://nvd.nist.gov/vuln/detail/CVE-2025-41254",
"https://spring.io/security/cve/2025-41254",
"https://www.cve.org/CVERecord?id=CVE-2025-41254"
],
"PublishedDate": "2025-10-16T15:15:33.417Z",
"LastModifiedDate": "2025-10-16T15:28:59.61Z"
}
]
},
{
"Target": "Dockerfile",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 23,
"Failures": 1
},
"Misconfigurations": [
{
"Type": "Dockerfile Security Check",
"ID": "DS-0002",
"Title": "Image user should not be 'root'",
"Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
"Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
"Namespace": "builtin.dockerfile.DS002",
"Query": "data.builtin.dockerfile.DS002.deny",
"Resolution": "Add 'USER <non root user name>' line to the Dockerfile",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0002",
"References": [
"https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
"https://avd.aquasec.com/misconfig/ds-0002"
],
"Status": "FAIL",
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general"
}
}
]
},
{
"Target": ".env",
"Class": "secret",
"Secrets": [
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 16,
"EndLine": 16,
"Code": {
"Lines": [
{
"Number": 14,
"Content": "MYSQL_PASSWORD=root",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": "MYSQL_PASSWORD=root",
"FirstCause": false,
"LastCause": false
},
{
"Number": 15,
"Content": "MYSQL_URL=mysql://192.168.0.90:3306",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": "MYSQL_URL=mysql://192.168.0.90:3306",
"FirstCause": false,
"LastCause": false
},
{
"Number": 16,
"Content": "# S3_ACCESS_ID=********************",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "# S3_ACCESS_ID=********************",
"FirstCause": true,
"LastCause": true
},
{
"Number": 17,
"Content": "# S3_ACCESS_SECRET_KEY=sa/M2BUfvomc+rqUm9sjbRhjdY8nMT9dHlLT4rkN",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": "# S3_ACCESS_SECRET_KEY=sa/M2BUfvomc+rqUm9sjbRhjdY8nMT9dHlLT4rkN",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": "# S3_ACCESS_ID=********************",
"Offset": 579
}
]
},
{
"Target": "security-reports/gitleaks-report.json",
"Class": "secret",
"Secrets": [
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 93,
"EndLine": 93,
"Code": {
"Lines": [
{
"Number": 91,
"Content": " \"StartColumn\": 17,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"StartColumn\": 17,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 92,
"Content": " \"EndColumn\": 36,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 36,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 93,
"Content": " \"Match\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 94,
"Content": " \"Secret\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Match\": \"********************\",",
"Offset": 4017
},
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 94,
"EndLine": 94,
"Code": {
"Lines": [
{
"Number": 92,
"Content": " \"EndColumn\": 36,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 36,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 93,
"Content": " \"Match\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": false,
"LastCause": false
},
{
"Number": 94,
"Content": " \"Secret\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 95,
"Content": " \"File\": \".env\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"File\": \".env\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Secret\": \"********************\",",
"Offset": 4053
},
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 198,
"EndLine": 198,
"Code": {
"Lines": [
{
"Number": 196,
"Content": " \"StartColumn\": 15,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"StartColumn\": 15,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 197,
"Content": " \"EndColumn\": 34,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 34,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 198,
"Content": " \"Match\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 199,
"Content": " \"Secret\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Match\": \"********************\",",
"Offset": 8337
},
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 199,
"EndLine": 199,
"Code": {
"Lines": [
{
"Number": 197,
"Content": " \"EndColumn\": 34,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 34,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 198,
"Content": " \"Match\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": false,
"LastCause": false
},
{
"Number": 199,
"Content": " \"Secret\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 200,
"Content": " \"File\": \".env\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"File\": \".env\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Secret\": \"********************\",",
"Offset": 8373
}
]
}
]
}