This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.
Repository | Group | Impact Analysis | Action |
---|---|---|---|
logging-analytics pomba-aai-context-builder pomba-context-aggregator pomba-network-discovery-context-builder pomba-sdc-context-builder | com.fasterxml.jackson.core | ||
logging-analytics | com.fasterxml.jackson.core | ||
pomba-audit-common | com.fasterxml.jackson.core | false positive - we don't use this part of the library will fix in dublin - as no version of jackson is safe | |
logging-analytics | org.glassfish.hk2.external | false positive - we don't use this part of the library will fix in dublin Also implementing library is a non-deployed demo library - with no use in any deployed docker image right now | |
handelbars | |||
stipsan/uikit (swagger) | |||
pomba-sdnc-context-builder | logback-classic | DMaaP usage related Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca Note: SDNC-ContextBuilder is not deployed as part of Casablanca - OOM has not branched as of 20181128 - so we can see there is no pod for SDNC-CB - it will appear in the dublin branch via master - therefore the SV reports can be ignored for now as they are in dublin scope (there is an issue where CLM jobs are run against master instead of branches) onap onap-pomba-pomba-aaictxbuilder-67ccd944f-zc2k2 2/2 Running 0 4h onap onap-pomba-pomba-contextaggregator-678d4587cd-gwkgh 1/1 Running 0 4h onap onap-pomba-pomba-data-router-6c8cf96c8d-hfq4x 1/1 Running 0 4h onap onap-pomba-pomba-elasticsearch-7b8bc5f864-z682m 1/1 Running 0 4h onap onap-pomba-pomba-kibana-64f8788bbd-9vtr9 1/1 Running 0 4h onap onap-pomba-pomba-networkdiscovery-5bd8f8b96d-wqk8j 2/2 Running 0 4h onap onap-pomba-pomba-networkdiscoveryctxbuilder-5bf84c9f6d-dpzsw 2/2 Running 0 4h onap onap-pomba-pomba-sdcctxbuilder-5b688d6fd5-f4gbt 1/1 Running 0 4h onap onap-pomba-pomba-search-data-5b4d8f7dc6-f9v69 2/2 Running 0 4h onap onap-pomba-pomba-servicedecomposition-9885f8f88-ps8kd 2/2 Running 0 4h onap onap-pomba-pomba-validation-service-54598588fc-wf8lx 1/1 Running 0 4h | |
pomba-sdnc-context-builder | struts-core | DMaaP usage related Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca | |
pomba-sdnc-context-builder | struts-taglib | DMaaP usage related Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca
| |
pomba-sdnc-context-builder | org.codehaus.plexus | DMaaP usage related Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca Dependency org.codehaus.plexus:plexus-utils:jar:3.0.22 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT | |
pomba-sdnc-context-builder | dom4j | DMaaP usage related Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca Dependency dom4j:dom4j:jar:1.6.1 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT | |
pomba-sdnc-context-builder | commons-beanutils | DMaaP usage related Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca Dependency commons-beanutils:commons-beanutils:jar:1.9.3 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT | |
pomba-sdnc-context-builder | org.apache.ant | DMaaP usage related Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca Dependency org.apache.ant:ant:jar:1.8.4 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT | |
pomba-sdnc-context-builder | org.jsoup | DMaaP usage related Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca Dependency org.jsoup:jsoup:jar:1.7.2 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT |