This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.
| Repository | Group | Impact Analysis | Action |
|---|---|---|---|
multicloud/framework | com.fasterxml.jackson.core | False positive the lib is part of the sdcTosca parser which is used as a library. the parser only runs on predefined objects and will not attempt to run on an object that was not validated. the parser is protected by the application using it and the information supplied is coming from the using application. There is no non vulnerable version of this component. | N/A |
| multicloud/framework | com.fasterxml.jackson.datatype | False Positive - we are not using any DurationDeserializer or InstantDeserializer. | N/A |
| multicloud/framework | commons-codec | False Positive Its not direct dependency and is caused via 3rd party lib dependency. And it does not harm anyway to CLI. | N/A |