This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.
|aaf/authz||AAF has removed all Security Issues of any kind from the AAF tool repo.|
cadi-shiro Adapter is only for Shiro. The Adapter only is used within Shiro, and thus, the security question is about whether to use Shiro or not, which is not a CADI problem.
If ONAP Shiro Users move to Shiro 1.4.0, we might be able to update.
This lib is only used by Shiro, and inclusion of Shiro is the only reason it is flagged. Solution is the same. as org.apache.shiro
It doesn't look like upgrading to Shiro 1.4.0 will help this version of common-beanutils