Skip to end of metadata
Go to start of metadata

This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.

RepositoryGroupImpact AnalysisAction

False positive

Jackson: can be an issue if we leave on default typing

    •  In vnfsdk we do not use default typing. We use strict parsing and validation of deserialized data.
    •  There is no unknown source data  from which marketplace reads the application data (xml/json).

No Action

vnfsdk-refrepobootstrapThere is no non-vulnerable version of bootstrap package.Request exception
vnfsdk-validationcom.fasterxml.jackson.coreFalse positive.  We do not use default typing in action
vnfsdk-functestcom.fasterxml.jackson.coreFalse positive.  We do not use default typing in action
vnfsdk-functestcom.github.roskart.dropwizard-jaxwsFalse positive. The code comes in through a 3rd party dependency, but isn't used in action
vnfsdk-functestcom.h2databaseFalse positive. Only used in unit testing. There is no way for this to be used during deployment.No Action.