Skip to end of metadata
Go to start of metadata

This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.


RepositoryGroupImpact AnalysisAction
aaf/authz
AAF has removed all Security Issues of any kind from the AAF tool repo.


aaf/cadiorg.apache.shiro

False Positive

cadi-shiro Adapter is only for Shiro. The Adapter only is used within Shiro, and thus, the security question is about whether to use Shiro or not, which is not a CADI problem.

Not applicable

If ONAP Shiro Users move to Shiro 1.4.0, we might be able to update.

aaf/cadicommons.beanutils

False Positive

This lib is only used by Shiro, and inclusion of Shiro is the only reason it is flagged. Solution is the same. as org.apache.shiro

Not applicable

It doesn't look like upgrading to Shiro 1.4.0 will help this version of common-beanutils