This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.


RepositoryGroupImpact AnalysisAction
policy/drools-pdpcom.fasterxml.jackson.core

False Positive - we are not using the Jackson code in the manner that exposes the vulnerability. In addition, the code for this is disabled.

https://gerrit.onap.org/r/gitweb?p=policy/drools-pdp.git;a=blob;f=policy-management/src/main/java/org/onap/policy/drools/protocol/coders/ProtocolCoderToolset.java;h=7ee8b08a3f42c30254afa1764905e267823d8d90;hb=refs/heads/master

https://gerrit.onap.org/r/gitweb?p=policy/drools-pdp.git;a=blob;f=feature-pooling-dmaap/src/main/java/org/onap/policy/drools/pooling/Serializer.java;h=63aefb7a2c3ad63da25ab1de8341395188279645;hb=refs/heads/master

Request exception or false positive


policy/drools-applicationscom.fasterxml.jackson.core

False Positive - flagged due to inclusion of policy/drools-pdp

Request exception or false positive

policy/engine

com.sword-group.bizdock.lib

Flagged due to inclusion of ONAP Portal SDK
policy/engineorg.apache.tomcat The declared and effective license are Apache 2.0, the CLM is incorrectly reporting a problem.False Positive
policy/enginecom.fasterxml.jackson.core

False positive

The code is not using jackson in the manner described in the vulnerability.

There are too many lines to list here.

Request exception
policy/engineorg.springframeworkFlagged due to inclusion of ONAP Portal SDK

Request exception

policy/engine

angular.js

angular.min.js


Flagged due to inclusion of ONAP Portal SDK

Request exception

policy/engine

moment


moment

Flagged due to inclusion of ONAP Portal SDK

Request exception

policy/enginecommons-beanutilsFlagged due to inclusion of ONAP Portal SDKRequest exception