| Key | Value |
|---|---|
| Timestamp | 2023-09-06T12:49:53+00:00 |
| Signature | unsigned |
| Tool |
Vendor: aquasecurity Name: trivy Version: 0.45.0 |
| Component |
bom-ref: 63d1f6b4-abd7-4a33-aaaa-8a9d3eb1c6f8 Type: application Name: . Properties:
|
The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process...
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConf...
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar ut...
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and async...
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum P...
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow...
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. N...
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to exec...
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EA...
A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby in...
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLan...
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of inval...
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless...
When logs are written to a widely-writable directory (the default), an unprivileged attacker may pre...
Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential d...
| # | Description | Score | Score Progress |
|---|---|---|---|
| 1 | provided sbom is in a supported sbom format of spdx,cyclonedx | 10.0 |
|
| 2 | provided sbom should be in supported spec version for spec:1.5 and versions: 1.0,1.1,1.2,1.3,1.4,1.5,1.6 | 10.0 |
|
| 3 | provided sbom should be in supported file format for spec: json and version: json,xml | 10.0 |
|
| 4 | provided sbom is parsable | 10.0 |
|
| # | Description | Score | Score Progress |
|---|---|---|---|
| 1 | 0/1210 have supplier names | 0.0 |
|
| 2 | 1210/1210 have names | 10.0 |
|
| 3 | 1073/1210 have versions | 8.9 |
|
| 4 | 1210/1210 have unique ID's | 10.0 |
|
| 5 | doc has 136 dependencies | 10.0 |
|
| 6 | doc has 1 authors | 10.0 |
|
| 7 | doc has creation timestamp 2023-09-06T12:49:53+00:00 | 10.0 |
|
| # | Description | Score | Score Progress |
|---|---|---|---|
| 1 | Doc Fields:true Pkg Fields:true | 10.0 |
|
| 2 | 923/1210 have licenses | 7.6 |
|
| 3 | 0/1210 have checksums | 0.0 |
|
| # | Description | Score | Score Progress |
|---|---|---|---|
| 1 | 191/1210 components with valid license | 1.5 |
|
| 2 | 1210/1210 components have primary purpose specified | 10.0 |
|
| 3 | 1/1210 components have deprecated licenses | 10.0 |
|
| 4 | 0/1210 components have restricted licenses | 10.0 |
|
| 5 | 1073/1210 components have any lookup id | 8.9 |
|
| 6 | 0/1210 components have multiple lookup id | 0.0 |
|
| 7 | 1/1 tools have creator and version | 10.0 |
|
| 8 | primary component found | 10.0 |
|
| # | Description | Score | Score Progress |
|---|---|---|---|
| 1 | doc has a sharable license free 0 :: of 0 | 0.0 |
|