Versions Compared

Old Version 2

changes.mady.by.user Ofir Sonsino

Saved on

compared with

New Version Current

changes.mady.by.user Ofir Sonsino

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The information related to Repository and Group are extracted from the CLM report.

RepositoryGroupImpact AnalysisAction
vid

angular.min.js

angular.js

False Positive

VID UI templates are static, and not user-generated in any way.

Its source is in ONAP Portal SDK

False positive

Request exception

vidbouncycastle

No fix is available for this vulnerability;

Its source is in ONAP Portal SDK

Request exception


vidcom.fasterxml.jackson.core

False positive

VID doesn't use createBeanDeserializer() function in the BeanDeserializerFactory class

False positive

vid
com.thoughtworks.xstream
commons-beanutils

No fix is available for this vulnerability;

Its source is in ONAP Portal SDK

Request exception


vid
commons-beanutils
moment

No fix is available for this vulnerability;

Its source is in ONAP Portal SDK

Request exception

vid
commons-fileupload
org.apache.httpcomponents

Its source is in ONAP Portal SDK

Request exception

vid
commons-httpclient
org.codehaus.jackson

False positive

VID doesn't use the problematic

line: readRawLine of HttpParser

function createBeanDeserializer in the BeanDeserializerFactory class

No fix is available for this vulnerability

False positive

vid
javax.servletNo fix is available for this vulnerability (since 1.2);
xercesIts source is in ONAP Portal SDK

Request exception

vid
moment

No fix is available for this vulnerability;

org.hibernateIts source is in ONAP Portal SDK

Request exception

vidorg.
apache
eclipse.
httpcomponents
jetty

False positive

VID

uses this library just for selenium tests automation, meaning no production code affected.

doesn't use the check function in Password.java file

False positive
vidcom.google.guavaIts source
also
is in ONAP Portal SDK
False positiveNo fix is available for this vulnerability;
Request exception
vid
org.apache.luceneNo fix is available for this vulnerability;
commons-codec Its source is in ONAP Portal SDKRequest exception
vid
org.bouncycastle
dom4jIts source is in ONAP Portal SDKRequest exception
vid
org.codehaus.jackson

False positive

VID doesn't use the problematic function createBeanDeserializer in the BeanDeserializerFactory class

No fix is available for this vulnerability

False positive

 jquery

Under investigation

Jira
serverONAP JIRA
serverId425b2b0a-557c-3c0c-b515-579789cceedb
keyVID-309


vidorg.apache.wicket
vidxalan
Its source is in ONAP Portal SDKRequest exception
vid
xerces
org.springframework Its source is in ONAP Portal SDKRequest exception
vidorg.
hibernate
springframework Its source is in ONAP Portal SDKRequest exception
vidorg.
beanshell
springframework Its source is in ONAP Portal SDKRequest exception
vid
commons-collections
org.springframework Its source is in ONAP Portal SDKRequest exception
vid
org
 org.
apache
owasp.
poi
esapi Its source is in ONAP Portal SDKRequest exception
vidorg.
apache
owasp.
poi
antisamyIts source is in ONAP Portal SDKRequest exception
vidorg.eclipse.jetty

False positive

VID doesn't use the check function in Password.java file

False positive

Under investigation

Jira
serverONAP JIRA
serverId425b2b0a-557c-3c0c-b515-579789cceedb
keyVID-309