This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.
| Repository | Group | Impact Analysis | Action |
|---|---|---|---|
| vnfsdk-refrepo | com.fasterxml.jackson.core | False positive Jackson: can be an issue if we leave on default typing
| No Action |
| vnfsdk-refrepo | bootstrap | There is no non-vulnerable version of bootstrap package. | Request exception |
| vnfsdk-validation | com.fasterxml.jackson.core | False positive. We do not use default typing in vnfsdk-validation. | no action |
| vnfsdk-functest | com.fasterxml.jackson.core | False positive. We do not use default typing in vnfsdk-functest. | no action |
| vnfsdk-functest | com.github.roskart.dropwizard-jaxws | False positive. The code comes in through a 3rd party dependency, but isn't used in VNFSDK. | no action |
| vnfsdk-functest | com.h2database | False positive. Only used in unit testing. There is no way for this to be used during deployment. | No Action. |