Skip to end of metadata
Go to start of metadata

This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.


RepositoryCodeGroupImpact AnalysisAction
musicCVE-2017-7525org.codehaus.jacksonFalse Positive. This is a dependency by the core library for our RESTful service(jersey-json) and our cassandra-unit library. We do not use Jackson directly and do not use createBeanDeserializer() function which has the vulnerability. We were unable to find any reference to this Vulnerability from jersey-json or cassandra-unit.

MUSIC-48 - Getting issue details... STATUS


musicCVE-2018-7489com.fasterxml.jackson.core

False Positive. This is a dependency of Swagger Jersey Jaxrs library. We do not use Jackson directly and do not use createBeanDeserializer() function which has the vulnerability. To our knowledge we cannot find any reference of swagger jersey using this.

MUSIC-49 - Getting issue details... STATUS

musicSONATYPE-2018-0469

org.apache.zookeeper : zookeeper : 3.4.11

This has been removed in the Dublin release
musicSONATYPE-2017-0356io.nettyThis has been removed in the Dublin release