| Key | Value |
|---|---|
| Signature | unsigned |
| Tool |
Vendor: OWASP Foundation Name: CycloneDX Maven plugin Version: 2.7.9 |
| Component |
bom-ref: pkg:maven/org.apache.pulsar/pulsar@3.1.0-SNAPSHOT?type=pom Type: library Name: pulsar purl: pkg:maven/org.apache.pulsar/pulsar@3.1.0-SNAPSHOT?type=pom |
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might ...
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, wh...
A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby in...
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a ...
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar ut...
Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being pass...
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EA...
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum P...
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path ...
jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less....
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless...
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2...
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to...
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client mi...
snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. Th...
| # | Description | Score | Score Progress |
|---|---|---|---|
| 1 | provided sbom is in a supported sbom format of spdx,cyclonedx | 10.0 |
|
| 2 | provided sbom should be in supported spec version for spec:1.4 and versions: 1.0,1.1,1.2,1.3,1.4 | 10.0 |
|
| 3 | provided sbom should be in supported file format for spec: json and version: json,xml | 10.0 |
|
| 4 | provided sbom is parsable | 10.0 |
|
| # | Description | Score | Score Progress |
|---|---|---|---|
| 1 | 0/1032 have supplier names | 0.0 |
|
| 2 | 1032/1032 have names | 10.0 |
|
| 3 | 1032/1032 have versions | 10.0 |
|
| 4 | 1032/1032 have unique ID's | 10.0 |
|
| 5 | doc has 4003 relationships | 10.0 |
|
| 6 | doc has 1 authors | 10.0 |
|
| 7 | doc has creation timestamp | 0.0 |
|
| # | Description | Score | Score Progress |
|---|---|---|---|
| 1 | Doc Fields:true Pkg Fields:true | 10.0 |
|
| 2 | 980/1032 have licenses | 9.5 |
|
| 3 | 892/1032 have checksums | 8.6 |
|
| # | Description | Score | Score Progress |
|---|---|---|---|
| 1 | 980/1032 components with valid license | 9.5 |
|
| 2 | 1032/1032 components have primary purpose specified | 10.0 |
|
| 3 | 32/1032 components have deprecated licenses | 9.7 |
|
| 4 | 0/1032 components have restricted licenses | 10.0 |
|
| 5 | 1032/1032 components have any lookup id | 10.0 |
|
| 6 | 0/1032 components have multiple lookup id | 0.0 |
|
| 7 | 1/1 tools have creator and version | 10.0 |
|
| # | Description | Score | Score Progress |
|---|---|---|---|
| 1 | doc has a sharable license free 0 :: of 0 | 0.0 |
|