Skip to end of metadata
Go to start of metadata
RepositoryGroupArtifactVersionProblem CodeImpact AnalysisAction
musicorg.codehaus.jacksonjackson-mapper-asl1.9.2CVE-2017-7525This is a dependency by the core library for our RESTful service(jersey-json) and our cassandra-unit library. We do not use Jackson directly and do not use createBeanDeserializer() function which has the vulnerability. We were unable to find any reference to this Vulnerability from jersey-json or cassandra-unit.

MUSIC-48 - Getting issue details... STATUS


musiccom.fasterxml.jackson.corejackson-databind2.9.4CVE-2018-7489

This is a dependency of Swagger Jersey Jaxrs library. We do not use Jackson directly and do not use createBeanDeserializer() function which has the vulnerability. To our knowledge we cannot find any reference of swagger jersey using this.

MUSIC-49 - Getting issue details... STATUS

musicorg.apache.zookeeperzookeeper3.4.11SONATYPE-2018-0469This is no longer a problem in the latest version of MUSIC. This shows up in the music jar which is still being used by Portal based on an older version. We have raised an issue with the team asking them to move to the latest version.

MUSIC-362 - Getting issue details... STATUS

musiccom.google.guavaguava19.0CVE-2018-10237This is no longer a problem in the latest version of MUSIC. This shows up in the music jar which is still being used by Portal based on an older version. We have raised an issue with the team asking them to move to the latest version.

MUSIC-362 - Getting issue details... STATUS

musicio.nettynetty-handler4.0.56.FinalSONATYPE-2017-0356This is no longer a problem in the latest version of MUSIC. This shows up in the music jar which is still being used by Portal based on an older version. We have raised an issue with the team asking them to move to the latest version.

MUSIC-362 - Getting issue details... STATUS